Mitigating the costs and risks of a data breachThe average cost of a data breach in the US is about $195 per compromised record (Ponemon, 2015), with the average number of records compromised in a data breach in the US roughly 29,000 records. A quick calculation shows that the average cost of a data breach could reach more than $5.6 million dollars. This cost varies by industry, of course. In this example we chose the Ponemon data for calculating impact, although there are other sources available as well. This is but one data point to show how expensive reactive measures such as forensic investigations, consulting services and legal fees can be, not to mention the distraction and lost productivity, after a data breach has occurred. An investment in a solution to proactively provide control and accountability over how enterprise passwords are managed (checked in and out), cycled (to prevent stale passwords from being used), and monitored (usage in real time) will shrink the attack surface from the misuse of privileged credentials used in data breaches and stave off some of those reactive costs. Risk reduction is a hard thing to measure, and you can never eliminate all risk, so you should be looking at reducing the number of attack surfaces instead.
Reducing the costs and inefficiencies of manual processes for password rotationA second way to look at security ROI is in re-directing high-value assets to more productive purposes. The process of managing and cycling privileged passwords across an enterprise is time-consuming. For example, let's say you have 1 admin responsible for managing 100 systems. She has to rotate the passwords on those assets every 30 days according to policy. It would take several person-hours for her to:
- visit each system's management console
- know the administrator password (or find it if it’s not easily accessible)
- change the password
- note the password in some manual mechanism (which by the way isn't compliant with most industry regulations)
- move on to the next system and repeat