The Digital Identity Forum has an interesting blog on companies pricing out Identity Management. Seems to me, with all the electronic ink spilled over various breeches and data thefts lately, I simply cannot imagine a company not taking Identity and Access Management seriously today, much like the company I used to work for in New York City that got very serious about our building's physical security after 9/11. What was once an anyone-who-walked-in-could-get-access-to-the-elevator policy quickly became a magnetic ID/everyone sign-in/announce all visitors policy -- and the same sea change should be going on with computer access.
For business planning purporses, how much should an Identity and Access Management system cost? One way to calculate is to look at the price of stolen identities: as of the end of October (I wonder how much these prices fluctuate, and is there some sort of Identity trading floor where someone shouts out, "The price of a Jerry just hit $9.50"), an email password cost as little as $1, and the details of a credit card as much as $350.
But businesses aren't exaclty going to caculate how many credit cards they might hold, multiply that by anywhere near $350 to come up with their number. A much better method is the cost of a data breach. Gartner puts the price of a data breach at $300 dollars per account, and that number accounts for investigations, fines and lawsuits. On the other side of the equation, good AIM security should cost around $16 dollars an account over the first year, with that number declining over time.
So it is true what Gartner says, that implementing security is always cheaper than a data breach. I'm sure I'll have a lot more to report in terms of price, and apocalyptic warnings about not protecting your data, when I'm at Gartner's Identity and Access Management show next week in L.A. Look for me to blog live from the event!
Leave a comment