IDC study: Customers cite 407% ROI with Chronicle Security Operations

How effective is security technology at keeping your organization safe? While quantifying the investment return on security technology can be tricky, understanding the ROI of security products is crucial information for organizations to make informed decisions about resource allocation, strategy adjustments, and to get buy-in from financial approvers.

With this in mind, Google Cloud commissioned IDC to conduct an in-depth analysis on the business value of Google Chronicle Security Operations. Based on interviews with customers from around the world, IDC determined that Google Cloud’s SecOps platform delivers ROI of 407% over three years, with a payback period under 7 months. IDC’s research found that this value is derived from several key factors:

• Improved threat identification and resolution capabilities, which can reduce the likelihood of a major security incident by 60%
• Helped security operations teams become 42% more efficient by providing high-quality insights about threats and allowing them to spend less time on monitoring activities
• Captured an average of $13.5 million more per organization per year as a result of moving with greater speed and confidence to address business opportunities and customer needs
• Enabled ingestion of 283% more data and 85% more data logs per organization by separating data volumes from incremental costs

Google Cloud continues to make strides in our mission to help organizations transform and modernize cybersecurity. Recently, we launched our unified security operations platform, which combined Google’s scale and speed with our market-leading threat intelligence, and the general availability of Duet AI in security operations. Each update helps us provide outcomes that reduce risk for customers while increasing productivity and delivering great ROI.

In the words of the CISO of a multi-billion dollar automotive company that was interviewed by IDC for this study, “Our cybersecurity teams deal with issues faster with Google Chronicle Security Operations, but they also identify more issues. The real question is, ‘how much safer do I feel as a CISO with Google Chronicle Security Operations versus my old platform?’ and I would say 100 times safer.”

Here’s how IDC conducted its analysis.

Scale without limits

In a dynamic cybersecurity landscape, the volume and complexity of data that SecOps teams need to analyze and manage is continuously growing. To keep pace, SecOps platforms need to offer the infrastructure to ingest all of an organization’s security data without compromising performance, and do it at a reasonable cost. Unfortunately, many SecOps teams face significant challenges in achieving this scalability due to prohibitive data ingestion costs, leading to critical blind spots in their security environment. These blind spots can result in missed threats, slower incident response times, and increased vulnerability to cyber attacks.

According to IDC, Google Chronicle Security Operations stands out against customers’ incumbent solutions when it comes to scalability, citing ingestion of almost four times (283%) more data. For example, a North American IT manufacturer is now doing 10 times the amount of work with Google Chronicle Security Operations than they could with their previous solution — and at a fraction of the cost. A North American bank also credits Google Chronicle Security Operations’ scalability as the reason they were able to reduce their mean time to respond (MTTR) from eight hours to five hours.

Detect more with less effort

Attackers are constantly evolving their tactics, making it crucial for defenders to have access to timely and relevant threat intelligence so they can be proactive in addressing novel threats. To truly stay ahead of threats, SecOps platforms need to take threat intelligence one step further by automatically operationalizing new intel and offering out-of-the-box detections. Eliminating the need for complex and toilsome processes such as custom engineering empowers SecOps teams to streamline the detection process and prioritize the most relevant risks.

A CISO at an European insurance agency explained that Google Chronicle Security Operations’ detection capabilities and intelligence has moved them into a “pre-attack-based defensive posture,” and has saved their team significant effort in the process. The CISO said, “We used to have lots of people feeding and watering the SIEM platform, but all of that’s pretty much done for us as part of what we get out of the box. So we have more people who are trying to work out how to get more business value out of our security platforms.”

Leveling up productivity

In the never-ending battle against attackers, defenders require tools that can help them better understand threats, reduce toil, and enhance expertise. The key for SecOps teams to achieve this is by using SecOps tools with artificial intelligence (AI) and automation capabilities. AI and automation can help alleviate the burden of tedious, manual work and also reduce the risk of human error, leading SecOps teams to be more efficient and accurate.

Within the study, IDC underscores the importance of AI and automation based on the talent shortage most SecOps teams face. With Google Chronicle Security Operations, IDC found that SecOps teams are 42% more efficient and 51% faster to remediate potential threats.

A CISO of a European automotive company attributes their decrease in mean time to detect (MTTD) to moving from human-led to machine-led processes. Furthermore, a CISO at an European insurance company credits machine learning and AI for their SecOps team’s efficiency gains.

Master fast and effective TDIR

The IDC study corroborates Google Chronicle Security Operations’ position as a game-changer for SecOps teams. IDC concluded that the value customers derive from Google Chronicle Security Operations transcends security and leads to “a reputation for securing data, greater fraud protection, and the ability to spend time on developing new products.”

To learn more about how Google Chronicle Security Operations can drive better security and business outcomes for your organization, download the full IDC whitepaper.

^{IDC White Paper, sponsored by Google Cloud, The Business Value of Google Security Operations, #US51386223, January 2024}