Download presentation
Presentation is loading. Please wait.
Published bySyed Ratchford Modified over 9 years ago
1
Lesson 15 Total Cost of Ownership
2
What Drives TCO? Networks Grow in Size and Complexity Scope of Operations Increases Skilled IT labor grows scarce New applications require new solutions
3
What Drives TCO in Security? Vendors produce in-secure applications Vulnerabilities proliferate Business processes depend on applications System availability drives profit
4
Components to Consider Initial Cost of Product (25% of life cycle) Vendor Support Services Deployment Services Time for Staff to Install and Configure Training Cost Post Deployment Support
5
How to Reduce TCO? Simplify Infrastructure (KISS) Upgrade Infrastructure When Timing is Right Minimize Labor Intensive Activities Consider Remote Management Know Your Assessment Parameters
6
Security Risk LOW HIGH LOW HIGH Budget Line Acceptable Risk Option 1 Option 2 Option 3 TCOTCO Ideal Soln
7
Evaluating the Options Option 1 –FIREWALL At Gateway Only Option 2 –DMZ Firewall Architecture –Anti Virus Software on all DMZ machines Option 3 –DMZ, AV S/W on DMZ Machines –VPN Access to all DMZ Machines –AV S/W and Firewalls on all Clients
8
Evaluating Architectures Option 1 - Screening Router Option 2 - Dual Homed Host Option 3 - Bastion Host Option 4 – Screened subnet (DMZ) Which one cost more relative to risk?
9
Option 1: Screening Router Internet Screening Router
10
Option 2: Dual-homed Host Internet Dual-homed host Architecture Dual-homed host
11
Option 3: Bastion Host Internet X Screened host Architecture Bastion Host Screening Router
12
Option 4: Screened Subnet Internet Screened subnet Architecture—aka DMZ Internal Network Perimeter Network Exterior Router Interior Router FIREWALL
13
Assumptions Cost of Router: $3000 Cost of Firewall: $5000 Cost of Security Administrator--$75K/year Managed Security Service Provider(MSSP)-- $24K/year
14
Things to Consider Which Option Would You Choose? Is cost the only driver? Could You Determine TCO for the different architectures? Given a Set of Devices Could You Compute TCO?
15
Difficulties with ROI Investment decisions based on ability to demonstrate positive ROI ROI traditionally difficult to quantify for network security devices Difficult to calculate risk accurately due to subjectivity involved with quantification Business-relevant statistics regarding security incidents not always available for consideration in analyzing risk
16
Option Cost—In-house Manpower cost constant: $75K Option 1 - Screening Router: $78K –HW Cost: $3K (cost of 1 router) Option 2 - Dual Homed Host: $80K –HW Cost: $5K (FW cost) Option 3 - Bastion Host: $83K –HW cost: $8000 (router + FW) Option 4 – Screened subnet (DMZ): $86K –HW cost: $11000 (2 routers + FW)
17
Option Cost—MSSP Manpower cost constant: $24K Option 1 - Screening Router: $27K –HW Cost: $3K (cost of 1 router) Option 2 - Dual Homed Host: $29k –HW Cost: $5K (FW cost) Option 3 - Bastion Host: $32K –HW cost: $8000 (router + FW) Option 4 – Screened subnet (DMZ): $35K –HW cost: $11000 (2 routers + FW)
18
New Paradigm Needed? TJ Maxx Credit Card Theft: $450M –Wonder if they had an ROI? Why not a TCS: Total Cost of Security? –What would one short-term outage cost? –What would one long-term outage cost? –Could we survive losing customer data? –What is it worth not to experience any of this? –Could we make money off our security expenses via marketing, branding
19
Summary What Drives TCO? Reducing TCO Option Analysis Assumptions and Considerations Difficulties with ROI
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.