This article can also be found in the Premium Editorial Download "Information Security magazine: Depth charge: Survey shows big spending on defense in depth."
Download it now to read this article plus other related content.
If the flowers are blooming and I'm panicking, it must be tax season. As you're reading this, I'm probably racing to the local H&R Block to ritually justify deductions for everything from my subscription to Scientific American to my USB memory sticks.
I was thrilled the first time my tax preparer told me I could write off a portion of my home computer, Palm and cell- phone because I used them for business. Bam! In an instant, $1,500 was wiped off my gross income. America, what a country!
My elation is something CFOs and corporate accountants know well, and it's something every security manager should take into consideration when justifying purchasing plans: The depreciation of capital assets, such as security hardware and software, is a tax benefit. Take your gross revenue, subtract the depreciation of assets, as defined by the IRS tax code, and you have your net taxable revenue. Corporate officers and shareholders love this; the more depreciating assets their companies have, the less they pay in federal corporate taxes.
Here's the way it works: You buy something for $90,000. While you'll want to write the whole amount off immediately, that counters the government's desire to extract as much tax revenue from you as possible -- despite what the Bush administration says. So, the government sets a schedule by which you can deduct the depreciated value of the asset over a prescribed period. Assuming that this item depreciates over three years, your company could deduct $30,000 a year from its pretax revenue.
There's a catch. At the end of the depreciation period, the asset is -- in accounting terms -- worthless. So, despite the fact that the state-of-the-art firewall you bought three years ago is still humming away, it's probably lost all of its value on the corporate ledger. Thus, your company can no longer write it off. Many enterprises stretched the lifespan of IT assets during the recession, but they lost their tax benefit as assets fully depreciated.
Here's where Moore's Law works in favor of enterprises. The pace of IT innovation accelerates depreciation. At one time, high-tech durable goods would depreciate over three to five years. Now, according to the Bureau of Economic Analysis, most hardware and software assets lose deductible value in two years. At the same time, innovation and refinement have produced a new, more efficient set of security tools and technologies.
That's all good news for security managers. Spending now on security gives you the opportunity to buy state-of-the-art technology (improved security), reduce TCO through improved management and functionality (business efficiency) and capture new tax deductions. For instance, if you deploy an enterprise-wide self-service password management system that costs $1 million, you could write off $500,000 each year for two years, while reducing your help desk expenses and increasing end-user productivity. Multiply that with other project costs, and you've got some serious savings while improving security.
While it's not a singular argument for justifying security spending, replacing depreciated assets is an added incentive for increasing budgets and contributing to your enterprise's bottom line. This will be good news to the C-suite, as corporate earnings continue to rise.
About the author:
Lawrence M. Walsh is executive editor of Information Security.
This was first published in April 2004