For most organizations, determining total cost of ownership (TCO) for cybersecurity is no easy task. In fact, lowering cybersecurity costs while simultaneously reducing risks can be even harder. However, there is a way forward for leaders who are working to optimize their investments—and it’s all about managing risks, resources and time.
One reason cybersecurity TCO is notoriously difficult to calculate is that leaders and organizations tend to be very focused on acquisition cost. Often, the first question raised is, “how much did this cost us to buy?” Yet acquisition cost is only one component of TCO. The operational and executional costs are other, often less understood, elements of the equation. Although some organizations are getting better at understanding the costs behind the operational curtain, it remains a challenge for many others.
A recent study from independent analyst firm Forrester Consulting helps shed some light on the issue of improving cybersecurity TCO. The study highlights challenges we’re seeing from an industry point of view.
The first challenge: How can organizations improve overall cybersecurity posture to be more secure in a world that is changing in ways none of us could have ever imagined? The second challenge: How do organizations do so economically? In essence, how can you improve cybersecurity in a very cost-efficient way and, if possible, reduce TCO in the process? Thankfully, there are a few different ways to address both of these issues.
Managing Risk and Tool Sprawl
Too many vendors, too many solutions and not enough time
It’s not uncommon for today’s enterprises to use anywhere from 50 to 100 different cybersecurity tools and manage multiple vendors at any one time. These tools are often put in place by leaders who believe that solving niche problems with point products will help them be more secure. However, the resulting management and operational tasks involved present an enormous amount of complexity and burden in time and cost. Not only that—it often means your design architecture may have cracks and, as a result, lead to higher risk.
Contrary to popular belief, reducing the number of tools and using a single-architecture, portfolio-based approach is far more beneficial. By doing so, and by avoiding and rationalizing security infrastructure, organizations can attain proper security posture 30% faster compared to using point solutions, saving a huge amount of cost to the business.
Remembering That People Are Precious
Too many alerts, not enough people and not enough time
When a security event occurs, the organization running all those tools calls on a group of very talented people to try and stitch together the plethora of information spread across them. As a result, many hours are spent evaluating the situation, correlating the information and determining what’s at risk. That same group then needs to take action across all these different systems and tools in order to be more secure. You can quickly see how that time and talent intensive approach isn’t ideal for optimizing security or for the TCO of cybersecurity investments.
With the average organization seeing more than 10,000 alerts per day and the majority of those being processed manually, cybersecurity staff need a way to scale with speed and intelligently secure their organization using automation and machine learning.
Through automation, you’re able to reduce time to respond even more, stop threats on the spot, and empower the SOC team to prevent, detect and investigate threats that can’t be stopped in real time. As a result, you’re giving your talented people back precious time to focus on higher value initiatives and responsibilities.
Understanding What’s in an Environment Is Key
Too many devices, too much traffic and not enough time
Simply throwing cybersecurity tools into an environment without actually understanding what’s running in it, and how it’s intended to run, is another issue that can inflate TCO. Discovering and identifying devices that exist in an organization’s environment – IoT devices in particular – is a foundational element for improving cybersecurity.
Once the organization has identified the running devices, it’s possible to determine what a given device is intended to do as well as the type of data traffic and access it should be generating. With that baseline, if there’s a deviation from the expected behavior, there should be some form of alerting.
Going a step further to help improve security, there can be an automated action, based on policy, to define remediation activities that can execute once an abnormal event is discovered.
By discovering and enumerating devices, and then taking an automated approach to policy enforcement and remediation, it’s possible to reduce the people power required to take a battery of actions – starting with monitoring all of the screens, analyzing traffic patterns of individual devices, working out what “normal” looks like, and then continuously monitoring for that normal. Taking this kind of coordinated, automated approach significantly reduces the cost of operations and significantly increases security posture.
An Example of How Retailers Are Lowering Cybersecurity TCO
Every industry can benefit from risk and resource optimization to lower cybersecurity TCO, but one industry in particular that has benefited recently is retail.
As a result of the pandemic, a huge amount of retail outlets are currently going through an accelerated digital transformation. They are being confronted with network and security management costs, carrier costs, and lack of scalability across multiple physical sites. To afford that, they’re actively looking to lower their TCO.
A key part of retailers’ pandemic-driven strategy centers around combining the best security for remote users with the best access. Making use of SD-WAN technologies and services, we’ve seen Palo Alto Networks customers experiencing cost savings from hardware and WAN connectivity totaling $6 million over three years while gaining up to 12% efficiency for branch and retail store workers
It’s a model that other industries can and should learn from in order to become more secure and effective at a lower cost.
Optimizing Cybersecurity TCO Is Achievable
Time to do and secure more, with the right people, at lower cost, in less time
Cybersecurity in general is typically a moving target, with new laws and compliance regulations constantly being passed and proposed to keep up with a world that sees an endless stream of attacks and vulnerabilities.
In this world of constant change, all organizations want to be secure. Every organization, no matter where they are, needs to secure all their applications and data, no matter where that is, 24/7. That’s the problem statement in the simplest form.
To do so, the key question leaders need to answer is how to achieve the secure outcome they require in the technically most capable, agile and flexible way that delivers the optimal TCO.
With visibility into what’s on a network, combined with automation, organizations can manage risks and resources more effectively. Automation also enables scalability for high volumes of alerts and repetitive tasks in addition to speeding up processes. Equally important is the human factor. Automation frees IT staff to work on the important strategic and more satisfying tasks, helping to lower the churn and operational components of TCO for cybersecurity assets.
Secure everything, everywhere – faster than ever – with automation. Time is our most valuable and powerful resource. That’s the path leaders can take to better risk management and lower cybersecurity TCO.
For more expert advisory and insights on the issues shaping cybersecurity today, visit Palo Alto Networks CXO Perspectives.