It cannot be overstated enough that the two most powerful weapons in a company’s policy arsenal are proper purchasing protections and performance metrics.
Without smart purchasing, businesses tend to waste money on solutions that are inadequate and penalize the company repeatedly until cured. The money needs to be reallocated to purchase the correct solution, and while it is in place, the company fails to gain any advantage from the wrong solution; possibly loses ground.
Proper metrics are what allows a company insight into layers of operational intelligence. Without good metrics that permit comparison with competition and external industry measurements, perceptions can be flawed and gains lost. Worse, improper use of metrics can lead to stagnant areas of insight which undermine the entire purpose.
These two areas are clear marks of maturity in a business and keys to remaining competitive and obtaining market dominance. But they are HARD to do. So we see the almost nowhere. This despite the fact that both areas have been understood and well defined for 50 years!
Now, the interesting thing to us here at Liticode is the ramifications these two key indicators have on information security and litigation costs. Because the cost of a failed security tool purchase are potentially far greater than the cost of the mistake and the fix. If there is an event stemming from the failure in purchasing, it can have catastrophic consequences well in excess of the purchase costs. All stemming from a failed purchasing policy.