Computer Security Equipment and Product Financing

Spreading out computer security capital expenditures over time reduces the financial risk of expenditure for any operating period.
Lease interest payments might be tax advantageous for a business, since they are generally tax deductible.
As equipment or products become obsolete, "trade-up" policies can be carried out, keeping your computer security infrastructure up to date (provided this option has been arranged in the initial lease paperwork).

These are among some of the financing agents that SecurityAppraisers® works with:

"Can I get a lease for security software products?"

"Can I get a lease for a support contract?"

A support contract can be covered by a lease so long as it is bundled with a product sale (hardware and/or software) and it constitutes no more than approximately one third of the sale.

If you purchase server based firewall software for ~$2,000, and also purchase a rackmount server with SCSI RAID and multiple CPUs to run the software for ~$3,000, and an annual hardware support contract costs ~$500, that would still leave ~$2,000 that could be budgeted on the lease for firewall support.
If you purchased sophisticated content inspection server software for ~$10,000, and purchased the same hardware as in the previous example, allowing for a ~$500 annual hardware support contract, that would still leave ~$6,000 in mail content inspection support contract costs that could be added to a lease.

"How much should we spend on computer security?"

the potential dollar value impact that the loss of your computer resources would have on your business;
how liberal a computer usage policy a company has (the more freedom users have to 'do what they want', the more difficult and costly a burden it is to maintain security; and some organization's work processes might require such freedom); and
the security 'track record' of software being used by an organization (again, a sacrosanct computer business process might mandate use of an insecure piece of software -or it might not).

Translating these general guidelines into a number can be a daunting task; for most businesses, at least 20% of your overall 'IT' budget should be earmarked for computer security. In some cases, depending on the above criteria, this expenditure could need to run as high as 50%. Deployment of computer security measures in an unplanned, reactive manner (i.e., "waiting to be hacked, then doing something about it while you're under attack") could easily cost a business at least 50-75% of their annual 'IT' budget. These are anecdotal figures, and each business's outlay for unplanned reactive measures will vary.

"Why should I believe that my business is really at risk?"

We welcome you to use a search engine (searching on terms such as "computer break-in", "was hacked", "keystroke logger", etc.) and see the mounting losses caused by computer vandalism occuring daily; or read a SANS newsletter.