In a previous blog I wrote about the impact on IT Operations of transitioning from a traditional, hub-and-spoke, equipment-based network infrastructure, to more modern, distributed secure access solutions. In this piece, I will expand upon the cost savings and return on investment (ROI) you can expect to see from such a transition.
Just to recap, Security Service Edge (SSE) is a combination of multiple cloud-driven security technologies (such as Secure Web Gateway, Cloud Access Service Broker, Zero Trust Network Access, Firewall as a Service, etc.) that moves security away from hardware firewalls located at physical sites and redistributes it to function between endpoints and cloud services accessible from anywhere. SSE makes your end-user security policy and enforcement consistent, visible, and effective whether a user is in the office, at home, or roaming. Zooming out, Secure Access Service Edge (SASE) combines the security benefits of SSE with the connectivity improvements of WAN Edge technologies (such as SD-WAN, dynamic routing, WAN optimization, etc.) to further improve user experience and productivity, all while reducing reliance on expensive dedicated internet circuits and hardware. 78% of organizations support a mix of in-office and remote users (2023 Secure Service Edge Adoption Report; Cyber Security Insiders, Axis) and 53% of organizations have workloads running in the cloud (2022 Flexera State of the Cloud), so the consistency in security, accessibility, and experience that SSE/SASE provide across all data sources and users is key for the modern business.
In addition to the end user experience improvements that secure access solutions provide, these technologies also drive ROI and cost savings for the businesses adopting them in several ways. Forrester, in Total Economic Impact studies done on a number of SASE provider solutions has found over 200% ROI in many cases, with expected payback time of investment often at under six months. The first major point of cost savings for secure access solutions is in the reduction of management overhead and implementation time.
By reducing the number of associated technologies and tools involved in a company’s security and networking operations, the cost of managing said technologies is also reduced. The best in breed providers of SSE/SASE technologies offer combined solutions that cover most, or all, of the suite of services pictured above, condensed down into a small number of interconnected technologies that make management and visibility easier. By combining endpoint security, access policy, firewall protections, and more into a single platform stack, the number of places that config needs to be applied, and the number of places that troubleshooting needs to be done when issues arise, drops, and both IT management and user experience elevate. Simplifying management also streamlines the process for implementation and acquisition, allowing for the quick and efficient addition of new users and business segments. Utilizing a cloud-based security stack also automatically introduces redundancy, removing the need for configuration of secondary backup systems. Getting rid of the need for hardware redundant systems translates directly into the next major benefit for secure access solutions: reducing the need for physical appliances and devices at the edge of the network.
In a hub-and-spoke infrastructure model, all traffic flows through a small subset of large-scale firewalls and routing equipment. Each site, be it HQ, branch, large, or small, needs hardware to join the network. Where there’s a need for hardware for access, there’s also a need for backup hardware for high availability. Since all traffic must flow through this hardware to maintain network security, the cost of the hardware can be burdensome. Moving to SSE for end user security reduces or eliminates the need for the hefty security hardware, allowing remote users and branch offices to connect straight to the cloud, and removing the need to support whole-organization VPN throughput via physical devices. Capital expenses for hardware get translated to operational expenses for services, often at a reduced rate, and some hardware functions can be eliminated entirely. When expanding from SSE to the whole SASE suite, hardware cost savings expand to include circuits as well.
SD-WAN and mesh network strategies reduce or remove the need for costly dedicated enterprise quality internet circuits. Less expensive business class circuits can be utilized at physical sites to provide web access while maintaining security via distributed software defined WAN network technology. Moving away from the hub-and-spoke network model also reduces the need to zig-zag between users, firewalls, and destinations to reduce hops and improve connectivity. WAN optimization technology built into SASE can improve connection speed and reliability even further, going well beyond the performance seen on rigid physical hardware and dedicated circuit-based models, to drive an even better user experience across the board. Combining network edge services into a platform stack also makes identifying and fixing connection issues more intuitive, sometimes automating resolution entirely. Of course, most of the benefits discussed so far have been around the hardware and management cost savings of secure access technologies, and what I haven’t covered yet is the most important cost savings of all: the cost of getting breached.
The average cost of a data breach in 2023 is 4.45 million dollars (IBM Cost of a Data Breach Report 2023), which is up 15% since 2023 (was 3.86M). 63% of organizations experienced a data breach in 2021, up 4% from 2020 (Forrester Analytics Business Technographics Security Survey), with that number continuing to increase annually into 2022 and 2023. As of 2023, 62% of surveyed companies reported that they had experienced a breach within the last three years that was at least partially attributed to users working remotely (Work-From-Anywhere Global Study, FortiNet, 2023). With businesses being more likely to experience a cyber security incident than to win a coin flip, and the cost of those incidents climbing constantly, the ROI for implementing a robust defense-in-depth security strategy has never been higher. SSE helps businesses reduce the risk of data breaches and compliance violations by enforcing consistent security policy across all users, devices, and locations. Better security policy compliance and lower business risk can then translate to other cost savings benefits such as easier qualification for cyber insurance, lower cyber insurance rates, and faster compliance audits.
With cost savings to be found from reducing or eliminating the need for expensive hardware, downgrading expensive dedicated internet circuits, optimizing user productivity via better UX, reducing IT management time, reducing the risk of costly data breaches, and more, the switch to SSE and SASE makes sense from a financial standpoint. There’s no better time to start having the conversation on what a transition to SSE/SASE might look like than today.