Lesson 15 Total Cost of Ownership What

Lesson 15 Total Cost of Ownership

What Drives TCO? • Networks Grow in Size and Complexity • Scope of Operations Increases • Skilled IT labor grows scarce • New applications require new solutions

What Drives TCO in Security? • Vendors produce in-secure applications • Vulnerabilities proliferate • Business processes depend on applications • System availability drives profit

Components to Consider • Initial Cost of Product (25% of life cycle) • Vendor Support Services • Deployment Services • Time for Staff to Install and Configure • Training Cost • Post Deployment Support

How to Reduce TCO? • Simplify Infrastructure (KISS) • Upgrade Infrastructure When Timing is Right • Minimize Labor Intensive Activities • Consider Remote Management • Know Your Assessment Parameters

Option 1 Option 2 Option 3 Acceptable Risk HIGH T C O Budget Line Ideal Soln LOW HIGH Security Risk LOW

Evaluating the Options • Option 1 – FIREWALL At Gateway Only • Option 2 – DMZ Firewall Architecture – Anti Virus Software on all DMZ machines • Option 3 – DMZ, AV S/W on DMZ Machines – VPN Access to all DMZ Machines – AV S/W and Firewalls on all Clients

Evaluating Architectures • • Option 1 - Screening Router Option 2 - Dual Homed Host Option 3 - Bastion Host Option 4 – Screened subnet (DMZ) Which one cost more relative to risk?

Option 1: Screening Router Internet Screening Router

Option 2: Dual-homed Host Dual-homed host Architecture Internet Dual-homed host

Option 3: Bastion Host Screened host Architecture Internet X Bastion Host Screening Router

Option 4: Screened Subnet Screened subnet Architecture—aka DMZ Internet FIREWALL Exterior Router Perimeter Network Interior Router Internal Network

Assumptions • • Cost of Router: $3000 Cost of Firewall: $5000 Cost of Security Administrator--$75 K/year Managed Security Service Provider(MSSP)-$24 K/year

Things to Consider • Which Option Would You Choose? • Is cost the only driver? • Could You Determine TCO for the different architectures? • Given a Set of Devices Could You Compute TCO?

Difficulties with ROI • Investment decisions based on ability to demonstrate positive ROI • ROI traditionally difficult to quantify for network security devices • Difficult to calculate risk accurately due to subjectivity involved with quantification • Business-relevant statistics regarding security incidents not always available for consideration in analyzing risk

Option Cost—In-house • Manpower cost constant: $75 K • Option 1 - Screening Router: $78 K – HW Cost: $3 K (cost of 1 router) • Option 2 - Dual Homed Host: $80 K – HW Cost: $5 K (FW cost) • Option 3 - Bastion Host: $83 K – HW cost: $8000 (router + FW) • Option 4 – Screened subnet (DMZ): $86 K – HW cost: $11000 (2 routers + FW)

Option Cost—MSSP • Manpower cost constant: $24 K • Option 1 - Screening Router: $27 K – HW Cost: $3 K (cost of 1 router) • Option 2 - Dual Homed Host: $29 k – HW Cost: $5 K (FW cost) • Option 3 - Bastion Host: $32 K – HW cost: $8000 (router + FW) • Option 4 – Screened subnet (DMZ): $35 K – HW cost: $11000 (2 routers + FW)

Summary • • • What Drives TCO? Reducing TCO Option Analysis Assumptions and Considerations Difficulties with ROI