The Financial Case for Cloud Security

When cloud first emerged as a new operational model for IT, its low total cost of ownership (TCO) was a topline selling point. Yet today, when considering moving security into the cloud, many worry that it will drive up costs, or at the very least demand an upfront investment that will be hard to justify in the mid-term.

The reality is that cloud-native Security Service Edge (SSE) capabilities deliver a strong return of investment (ROI) with a low TCO. Being able to rationalise this makes it easier to secure budget for a security transformation project. So here are six ways in which the economic case stacks up in favour of cloud security:

1. Reduced costs through the use of shared cloud infrastructure and payment for only what is needed. Scalability on demand, without the need to re-architect 

This is your classic cloud economic model. You aren’t having to fund any over-capacity or place bets on organisational growth or retraction. You need not be phased by hard-to-predict M&A or retrenchments, and you can flex to changing working models such as remote or hybrid without trying to engineer working policies to extract value out of historic purchasing decisions. When your security is in the cloud you can add and re-route your workforce without worrying about agility and the value from existing infrastructure.

2. Speed to deployment and the avoidance of physical supply issues and costs

We have all become familiar with disruption in the past two years, but many IT and security teams can vividly remember what it was like in the first half of 2020. Teams needed to make swift changes to infrastructures to support a complete relocation of employees, and at the point they were needed, hardware suppliers—grappling with the same disruption—were struggling to manufacture and dispatch the necessary appliances. We have largely picked ourselves up from the initial impact of the pandemic, but new threats now loom over global manufacturing and supply chains, guaranteeing instability and high prices. Cloud security deploys at the touch of a button and has no requirement and reliance on expensive shipping and customs delays.

3. Reduction in bandwidth and other networking costs

The act of routing traffic back to the data centre for security policies to be applied became highly illogical as soon as the workforce became dispersed and the bulk of the traffic became destined for cloud apps rather than data centre apps. If your users are remote or are sitting in a branch office and working with productivity apps such as Microsoft 365, the traffic flow to and from the data centre now has only one purpose, applying security controls, and probably painfully impacts user experience and productivity. Many organisations have traditionally invested in expensive MPLS lines to connect their offices, however, this is a cost that is dramatically reduced when traffic is steered direct-to-net via a Security Service Edge.

In fact, an ESG report recently concluded that Netskope’s cloud security delivered a 51% reduction in costs for appliances, bandwidth, and staffing… which leads us to point four…

4. Reduction in day-to-day management man-hours, enabling time to be re-deployed on strategic projects to drive topline growth

If you are operating appliance-based web gateways, alongside appliance-based firewalls, and appliance-based VPNs, you are investing significantly more man-hours into the management of network rules and security policies (as well as hardware upgrades and software upgrades and a monthly patch cycle) than you need to be. An integrated SSE cloud security approach means that not only does your team not need to spend evenings and weekends on upgrades, but you can devise unified security policies that can be applied consistently across your security estate. This results in your team focused on the most important of items, managing alerts and events, and tuning your security controls to be most effective.

5. Power usage cost reduction

There is another cloud-wide benefit, often overlooked, that is a by-product that is not just focused on the security benefits. With a move to cloud, there will be a reduction of racks of network and security appliances, all running in high-availability clusters, operating in the data centre. There is a significant cost reduction to be made here with the use of shared infrastructure along with passing the power usage costs over to the cloud security provider whilst aligning this to their green environmental agenda to operate their services as efficiently as possible.

6. Breach risk reduction 

The ESG report mentioned earlier found an 85% decrease in security risk and exposure after using Netskope and this can have a direct cost implication in the form of reduced breach costs and fines. It also hits in other ways, and you can read more about them in our paper on “Evaluating Data Loss Impact.”

You don’t have to look hard to find IT and security leaders who have found savings from moving security into the cloud. Indeed research at the end of 2021 discovered that 79% of European organisations had already done so. Take a look at Netskope’s reviews on TechValidate or Gartner Peer Insights and you will find comments like these:

“Netskope has reduced my security TCO by 30% while increasing my ability to protect our assets.” CISO, Multinational Healthcare

And read our paper on the Economic Advantages of Network and Security Transformation for more insights.