Taking a rigorous, data-driven analytical approach to creating a business case for endpoint security delivers the added benefit of uncovering glaring weaknesses in an enterprise network. The goal needs to be greater visibility and control of every endpoint as a threat surface and asset. Complicating that challenge is the mercurially changing nature of machine identities, making a 360-degree view of endpoint security elusive to maintain.

Endpoints are the attack surface of choice for cybercriminals and nation-states who often launch Advanced Persistent Threats (APT) simultaneously at a broad base of endpoints. Their goal is to evade detection, move laterally, install ransomware, exfiltrate valuable customer, employee, and company data, identify systems with the most valuable data. A recent study by Tanium found that 55% of security and risk management leaders estimate that 75% or more of endpoint attacks can't be stopped. A recent Cybersecurity Insiders report found that 60% of organizations are aware of fewer than 75% of the devices on their network, and only 58% of organizations say they could identify every vulnerable asset in their organization within 24 hours of a critical exploit. It's taking enterprises an average enterprise 97 days to test and deploy patches to each endpoint

Benchmark endpoint benefits first

CISOs tell VentureBeat that one of the best actions they took early in the process of creating their business cases for endpoint security was to complete an extensive audit of every endpoint they could locate. There's a running debate in IT and cybersecurity teams if all endpoints in the world's largest enterprises are accounted for. In reality, they are not. One leading manufacturer of consumer packaged goods' CISO told VentureBeat that up to 35% of endpoints, especially those with machine identities, aren't known today.

A good business case for endpoint security will close that 35% gap and put guardrails in place to ensure it never gets that large again. Quantifying the benefits works best when IT and cybersecurity teams take an audit mindset and delve into each endpoint, and the process they're relying on today to identify them. Taking this approach often uncovers which endpoints are overloaded with agents, so many that software conflicts render the endpoint just as unprotected as if there were no agents at all. Absolute's recent 2021 Endpoint Risk Report found that there are on average 11.7 security agents or controls on an average endpoint, creating potential software conflicts. The more security controls per endpoint, the more frequent the collisions and decay, leaving them more vulnerable than before. 

Endpoint audits using advanced analytics identify over-configured endpoints and other potential areas that put enterprises at risk of a breach. The shift to the cloud for Endpoint Protection Platforms (EPP) is providing a faster onramp for enterprises looking for endpoint data. Combining anonymized data from their customer base and using Tableau to create a cloud-based real-time dashboard, Absolute's Remote Work and Distance Learning Center provides a broad benchmark of endpoint security health in aggregate today. The dashboard provides insights into device and data security, device health, device type and device usage and collaboration. It's a useful reference site for evaluating how the pandemic continues to impact device usage and endpoint security.   

Benchmarking the following series of benefits is a good starting point for building a business case:

            How much endpoint security will cost 

            These are the costs most often included in an endpoint security business case:

                How to define a business case for endpoint security 

                While the initial goal of creating a business case for investing in endpoint security is to gain funding, the rigor of quantifying the costs and benefits often identifies large gaps in endpoint security coverage and security.

                How insightful and rigorous the use of analytics are to identify endpoint security costs and benefits pay off with a more accurate 360-degree view of endpoints for the first time. The audit that organizations do to gain the data needed for the following Return on Investment (ROI) calculation provides for many the first true, quantified view of just what endpoints are actually active and in use or not. It’s also invaluable for capturing the figure of lost endpoints; something CISOs admit to VentureBeat few companies have a 100% visibility into today. 

                The following is the ROI calculation to define what an enterprise can reasonably expect to achieve on endpoint security investments:

                Endpoint Security ROI = (Endpoint Security Benefits – Endpoint Security Costs) / Endpoint Costs x 100. 

                An insurance and financial services enterprise recently completed an internal audit, and the projected annual benefits of their endpoint security deployment will be $475,000 against a cost of $65,000, yielding a $6.30 net return for every $1 invested. 

                Lessons learned from enterprises who have successfully created an ROI for endpoint security included the following:

                      Endpoint security and its future benefits 

                      Defining a business case for endpoint security needs to quantify as many benefits and costs beforehand as possible if it’s going to succeed. The time savings IT teams can realize alone from automating patch management and self-healing endpoints is significant. Add to that having more effective endpoint discovery and asset management data, and the business case becomes an easier decision for C-level executives and in some cases, the board to support.