Selling Cloud Security without Budget

Why do so many security teams never have a budget for security? Is it because they think they have all the tools they need and there are no new security threats evolving this year? Highly unlikely. What amazes me is that corporations always find security budget when something does happen. Usually in the millions of dollars, because we all know it is much more expensive to remediate an issue rather than proactively block it.

So how do you convince your company to invest in cloud security if they don’t have budget for it? It should be a simple matter of mathematics. Let’s take Microsoft Office 365 as a simple example.

The math here is to consider how much infrastructure, man-hours and project planning is required to maintain Microsoft Exchange in-house. Depending on the number of employees, you need to scale compute, storage and network switches. In addition to ever-increasing storage (how many people use email as a file store?), you need to consider backups, and DR/business continuity. Then add man-hours needed for maintenance and version upgrades, and the PMs needed to schedule changes as well as DR testing. When you add these up, it is clearly an easy sell to show the ROI and savings associated with Office 365.

The only thing Microsoft doesn’t really drill deep into is the security around the solution. They’ll provide physical security on access to their servers and maintenance on OS and software versions,

But securing data is still your responsibility. Data security is probably one of the main reasons all Exchange customers have not already moved to Office 365.

So why haven’t security teams taken the lead and been proactively implementing security measures for data moving to or from or at rest in cloud services? These teams have the reputation of always playing catch up. So until the need arises, security is never thought of as an enabler of services. But we can clearly see in this example that security can be an enabler of services and can enable a company to save millions of dollars!

The budget for cloud security is just a small fraction of the overall cost of remaining on applications within a private data center. So go out and fight for those dollars and enable your company to move forward into the cloud!