How to: Build a Business Case for DDoS

September 8, 2015 JP Blaho

business case

The academic calendar is back into full swing. Summer vacations are now just fond memories (even the horrifying ones), and we all take a collective turn towards autumn in the northern hemisphere. Here in Boston, we turn the page, and do an immediate immersion into September without as much as a look back on summer fun. As a result, parents must readjust to a different morning calendar which involves packing school lunches, dropping kids off at school, and ensuring that they leave work in time to pick up said children from football practice, band rehearsal, etc. Because of this adjustment, our work commutes are nightmares. Our throughways have become parking lots as everyone experiments with new departure times and travel routes. It is not a pleasant experience for the next few weeks. This interruption reminds me greatly of distributed denial of service (DDoS) attacks, and the effect it has on network operations.

Just like a traffic jam, a DDoS attack can create significant interruptions to the daily routine. Some of the most extensive highway infrastructures are stressed during rush hour. Just like IT infrastructures, building larger throughways is not a cost effective solution. Instead we must look at the problem first. For DDoS attacks, it is not about capacity consumption. It is about the security threat that comes with such an attack. If it was just about network degradation or interruption, most organizations could absorb these types of attacks, and accept it as the cost of doing business. The fact is DDoS attacks are far more dangerous to businesses than perceived. This ignored fact is a serious component to the larger problem that must be addressed. Now is the right time to address the risk of DDoS attacks while also changing the perception that a DDoS attack has on management.

In the business world, September represents a shift for most management to transition away from current year budgets and revenue, and to start planning the next calendar year budget. Some organizations do not follow the calendar year with their fiscal year, but a majority does in fact follow a January-to-December fiscal year. As such, fall planning is born. Even if your company does not go through fall planning, this topic and exercise still applies (just at a different time of the year).

During fall planning, each business department puts their needs and wishes together in order to propose their plan of action for the next year. It is an exercise that goes through much scrutiny, and must align with the company’s broader strategy. This exercise is not for the faint of heart, and it is painful even for the teams that are assured to get funding.

A DDoS solution may not sound like a project that should be considered for proposal during the budgeting period, but like all security solutions, there are cost and configuration considerations that must be realized, and the best way to secure a solution in your IT or cybersecurity strategy is to carve funding for this specific business need. Let us help you build this business case.

Here are four steps each team should take when building a business case for a DDoS solution (although the general concept of these steps could be applied to most business cases):

  1. Communicate clearly in a manner that lets them understand the need for such a solution. Ensure that they each comprehend the impact DDoS has on the business and to each of their respective business functions. The language of business does have some nuances that must be acknowledged;
  2. Illustrate the business implications for both moving forward with a strategy and choosing not to pursue a DDoS solution. Make sure that these examples are easily justified and have a high risk of coming true (use real examples where necessary);
  3. Present your DDoS proposal in a way that offers real value to the business. Integrate the solution into the corporate strategy. Show that such a solution will accelerate other projects that are underway, or projects that are slated for the next fiscal year;
  4. Describe how the organization is addressing DDoS attacks today. Provide an honest look into the countermeasures currently being used today.

In the coming weeks, we will be providing you with a detailed look into each of these four steps of building the business case for DDoS. We will be sharing content that will help you understand your current maturity level for detecting and mitigating DDoS attacks, as well as offer templates that you can use to present the business case to your executive team. I encourage you to stick with me on this series regardless of how your business calendar works.

The post How to: Build a Business Case for DDoS appeared first on Arbor Insights - Our People, Products and Perspective.


Previous Article
Comment on Threats never take a vacation by How to: Build a Business Case for DDoS - Arbor Insights
Comment on Threats never take a vacation by How to: Build a Business Case for DDoS - Arbor Insights

[…] academic calendar is back into full swing. Summer vacations are now just fond memories (even the horrif...

Next Article
Look to the Network (for Security Innovation)
Look to the Network (for Security Innovation)

I get awfully tired of proclamations like “Firewalls are Dead” or “IDS is...