Highly distributed organizations — those with many sites or a large percentage of remote workers — often look for secure access service edge (SASE) architecture mainly because of its ability to authenticate and authorize users who connect to and through their platform. However, SASE is a transformative technology, centralizing multiple networking and security capabilities into a unified solution with a single interface and data lake. Selecting the right solution provider can be a high-risk, high-reward decision.
Prisma SASE converges network security, SD-WAN, and autonomous digital experience management (ADEM) in the cloud. This provides security for all applications used by an organization, regardless of the location of the user.
Palo Alto Networks commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Prisma SASE.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Prisma SASE on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives with experience using Prisma SASE. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is a distributed enterprise with 50,000 employees, of whom 33% are remote or hybrid, and $7 billion in annual revenue.
Prior to using Prisma SASE, organizations typically worked with inconsistent and incomplete security, poor user experience due to how traffic was backhauled to data centers, and poor scalability as organizations increasingly adopted hybrid work and cloud. Additionally, managing access service at their organizations meant having to install different point solutions to secure their environments. The organizations lacked modern security technology as security and IT teams tried to keep up with evolving business needs. Digital transformation initiatives pushed more data, applications, and processes to the cloud while other core business functions remained on-premises. Yet this piecemeal approach left interviewees’ organizations with many different vendors in their security stacks, making it challenging for security operations (SecOps) teams to integrate technologies, benefit from analytics, apply consistent policies, and deliver a consistent experience to end users.
Return on investment (ROI)
0%
Net present value (NPV)
After the investment in Prisma SASE, the interviewees shared that they were able to consolidate much of their time spent on certain management activities as well as their vendor spend, creating operational efficiencies. They were able to boost end-user productivity, specifically their remote workers and employees who were not present at their physical office sites. They also noted that Prisma SASE in collaboration with other Palo Alto Networks solutions installed in their environment significantly reduced the likelihood of a data breach event.
Key Findings
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
- Gained 75% efficiency in SASE management and policy changes as well as in responding to security incidents, and 80% time savings related to scaling and setting up new sites. Whereas previously, the composite organization would deploy multiple teams related to the management of its SASE solution, by using Prisma SASE, it realizes time savings and efficiencies across multiple activities for both its SecOps and network operations (NetOps) teams. Over three years, this efficiency gain is worth $2.2 million to the composite organization.
For , this benefit could be worth over three years.
- Improved end-user productivity with better system availability and less intrusion to their network, totaling $12.2 million in business value over three years. The composite organization also realizes end-user productivity, especially those who are working remotely or outside their physical office site, gains by having less disruption caused by their security activities, and just overall better system availability of their environment. This is a product of better integration and compatibility of the different Palo Alto Networks solutions, as well as overall performance. Over three years, this improvement to end user productivity is worth close to $12.2 million to the composite organization.
For , this benefit could be worth over three years.
- Decreased likelihood of a data breach by 50% after three years. By replacing multiple disconnected security solutions with a single integrated solution, Prisma SASE better fills previous security gaps that exist at the composite organization. As a result, it decreases the likelihood of a significant data breach. Over three years, this reduced risk from a data breach is worth close to $3 million to the composite organization.
For , this benefit could be worth over three years.
- Avoided and rationalized security and networking infrastructure, saving $846,000 over three years. Using Prisma SASE also allows the composite organization to consolidate its security tech stack vendor spending. Over three years, this cost savings from vendor consolidation totals $846,000 to the composite organization.
For , this benefit could be worth over three years.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
- Improved visibility in the security environment. Prisma SASE allows the composite organization to better monitor traffic and actually know what is happening on its network.
- Better employee experience. Employees at the composite organization, either part of the security organization or general end users, also appreciate the ease and comfort of using Prisma SASE, as well as the confidence that they are well protected from potential attacks and threats. In addition to the productivity boost quantified above, this can also potentially impact their attachment to the organization and the brand of the company from the perspective of both internal and external stakeholders.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
- Installation and deployment costs totaling $436,000 over three years. Time and labor are required to deploy and install the Palo Alto Networks solution throughout the composite organization. Deployment of Prisma SASE relative to other Palo Alto Networks solutions (i.e., NGFW and CDSS) is assumed to need 20% of the implementing staffs’ time.
For , this cost could be over three years.
- Training costs and ongoing management time investment totaling $63,000 over three years. Palo Alto Networks requires less training than legacy solutions, and interviewees reported that the provided trainings were more effective and efficient, allowing employees to get up to speed faster and expand their skill sets. Once trained, the team spends some time maintaining and managing the system on an ongoing basis.
For , this cost could be over three years.
- Palo Alto Networks’ Prisma SASE annual licensing costs totaling $8.3 million over three years. The cost for Prisma SASE includes payment for Prisma Access, Prisma SD-WAN hardware appliance, and the subscription, all of which are impacted by the number of branches where it is installed.
For , this cost could be over three years.
The representative interviews and financial analysis found that a composite organization experiences benefits of $18.34M over three years versus costs of $8.85M, adding up to a net present value (NPV) of $9.49M and an ROI of 107%.
could experience benefits of over three years versus costs of , adding up to an NPV of and an ROI of 0%.
Key Statistics
-
ROI
0%
-
Benefits PV
-
NPV
-
Payback
Benefits (Three-Year)
Security and IT operations efficiency End user productivity gain Data breach risk reduction Security infrastructure cost reduction and avoidanceTEI Framework And Methodology
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment Prisma SASE.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Prisma SASE can have on an organization.
Forrester Consulting conducted an online survey of 351 cybersecurity leaders at global enterprises in the US, the UK, Canada, Germany, and Australia. Survey participants included managers, directors, VPs, and C-level executives who are responsible for cybersecurity decision-making, operations, and reporting. Questions provided to the participants sought to evaluate leaders’ cybersecurity strategies and any breaches that have occurred within their organizations. Respondents opted into the survey via a third-party research panel, which fielded the survey on behalf of Forrester in November 2020.
-
Due Diligence
Interviewed Palo Alto Networks stakeholders and Forrester analysts to gather data relative to Prisma SASE.
-
Interviews
Interviewed four representatives at organizations using Prisma SASE to obtain data with respect to costs, benefits, and risks.
-
Composite Organization
Designed a composite organization based on characteristics of the interviewees’ organizations.
-
Financial Model Framework
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
-
Case Study
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Disclosures and Disclaimers
Readers should be aware of the following:
This study is commissioned by Palo Alto Networks and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Prisma SASE. For the interactive functionality using Configure Data/Custom Data, the intent is for the questions to solicit inputs specific to a prospect's business. Forrester believes that this analysis is representative of what companies may achieve with Prisma SASE based on the inputs provided and any assumptions made. Forrester does not endorse Palo Alto Networks or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, Palo Alto Networks and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The interactive tool is provided ‘AS IS,’ and Forrester and Palo Alto Networks make no warranties of any kind.
Palo Alto Networks reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Palo Alto Networks provided the customer names for the interviews but did not participate in the interviews.
Consulting Team:
Adi Sarosa
Isabel Carey
Drivers leading to the Prisma SASE investment
Interviews
| Role | Industry | Revenue | Total Employees |
|---|---|---|---|
| Principal architect | Healthcare | $30 billion | 15,000 |
| Director of security architecture and engineering | Manufacturing | $17 billion | 160,000 |
| SVP of IT | Financial services | $3 billion | 3,000 |
| Senior director | Hospitality | $20 billion | 380,000 |
Key Challenges
Prior to using Prisma SASE, the interviewees told Forrester they typically worked in an environment with inconsistent and incomplete security. They often had to backhaul their network traffic to their data centers for security policy enforcement, which resulted in negative end-user experience. Additionally, scaling into new sites or providing security to hybrid and remote workers was incredibly challenging.
The interviewees noted how their organizations struggled with common challenges, including:
- The need to update security for a modern work environment. Interviewees shared that the combining factors of growth of remote and hybrid work, adoption of cloud technologies, and cybersecurity attacks becoming increasingly more sophisticated caused them to realize security gaps in their current environment. Finding a more modern and comprehensive security system for their work environment was paramount. The principal architect in healthcare shared, “We hardly have anyone working in office full time, so we rely pretty heavily on Palo Alto networks’ Prisma SASE solutions.”
- Inconsistency in user experience with impact on productivity. Interviewees also noted that with their previous environment, they realized a lot of disruption, either caused by cybersecurity threats or by a security measure responding to a potential threat that ended up being invasive to the overall system. As a result, a lot of business and end users would see their work disrupted for periods of time, which could get frustrating very fast. The SVP of IT at a financial services company said: “For a user, using their laptop at home vs. the office the next day are two totally different experiences, [with] different technologies on the back end. This can cause disruption in their workflow such as needing to raise tickets or asking our operations team to investigate what’s happening. If there’s a policy mismatch or a vendor not supporting something the user is trying to do, there is a lot of the productivity cost from that standpoint.”
- Challenges in scaling their existing security environment. Finally, interviewees noted how their existing security system was unable to match their business growth. The senior director in hospitality said: “Our organization has grown so much. Having individually managed routers has become a nightmare to manage. Particularly when wanting to make changes to policy — historically, we have to touch every single router in the environment.”
Investment Objectives
The interviewees’ organizations searched for a solution that:
-
Could make their security environment more operationally efficient. Interviewees shared wanting a solution that could either save time, money, or ideally both, which meant more resources that could potentially be repurposed for more strategic work. The principal architect in healthcare shared: “One of the reasons we went with Prisma SASE was that the configuration is 100% in the cloud. We no longer had to rely on data centers or hardware that we cared for.”
The senior director in the hospitality industry added: “Centralized management and integration with other solutions was the main [factor] in our decision-making process [of choosing Palo Alto Networks].”
- Had reliability and comprehensiveness in performance. Interviewees also highlighted performance of the solution as another key factor in their decision-making. The director at a manufacturing company shared: “We chose Palo Alto Networks because they are the best of breed in terms of technology around firewalling. We wanted to bring a good quality of experience for the end user, while keeping security at the max.”
Composite Organization
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the four interviewees, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The composite organization is a distributed enterprise with 50,000 employees and $7 billion in annual revenue. 33% of its workforce work remotely or hybrid. It has 400 sites including its headquarters, data center, cloud, branch offices, and retail and manufacturing locations. On average, the composite’s security team responds to 1,200 incidents a week, or 62,400 in the first year, with each incident taking an average of 2 hours to resolve.
Description of .
has 0 employees with 0% working remotely and 0 sites or branches.
Deployment characteristics. The organization uses Palo Alto Networks Prisma SASE to connect remote networks at its retail locations and branch offices, as well as its remote and hybrid workers. The organization leverages end-of-life cycles and invests time to test the deployment, extending the timeline but also ensuring a smooth transition away from its legacy solution. The network security team are involved in deployment.
For the model, adopts Prisma SASE to connect its 0 remote sites or branches as well as its 0% remote workforce and leverages its end-of-life cycles of its legacy infrastructure. The 0 members of the network security team are involved in deployment.
Quantified benefit data as applied to the composite
Total Benefits
| Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|
| Atr | Security and IT operations efficiency | $0 | $0 | $0 | $0 | $0 |
| Btr | End user productivity gain | $0 | $0 | $0 | $0 | $0 |
| Ctr | Data breach risk reduction | $0 | $0 | $0 | $0 | $0 |
| Dtr | Security infrastructure cost reduction and avoidance | $0 | $0 | $0 | $0 | $0 |
| Total benefits (risk-adjusted) | $0 | $0 | $0 | $0 | $0 |
Security And IT Operations Efficiency
Evidence and data. Interviewees noted that by moving to Prisma SASE, they were able to ease the load from members of the SecOps and NetOps team. This is a result of the managed service aspect of the solution, as well as various automation of activities that can be implemented in the process.
- The principal architect in healthcare noted: “Previously we would have multiple teams involved in SecOps. There was a software layer, a hardware layer, and an application layer. Today, those three formations have been removed. We only have application SME people. So we can rely on one or two people vs. five to 10.”
- Highlighting the ease of scaling, the same interviewee told Forrester: “Scaling is a lot easier. The same policies apply. Scaling is done automatically. Without PANW, we would have to add additional gateways ourselves. We would have to increase back-end systems that deal with databases and all the back-office processing that comes with that.”
- The director in manufacturing shared: “In terms of making policy changes, we went from four business days to less than 1 hour. We make around 120 changes per day (80% of time).”
- The same director also specifically noted the value their organization received from using ADEM, noting: “My networking team use ADEM for each time they receive a ticket from the help desk or the service desk around network latency. They use ADEM to understand where the problem is.”
- The senior director at a hospitality company said: “With SD-WAN, setting up is a single push. That’s minutes or hours vs. weeks of multiple people’s time. Previously, it was easily five or six people working through changes like that over a two-week period. We do two to three change cycles per quarter.”
Modeling and assumptions. For the purpose of the composite organization, Forrester assumes:
- The organization has 20 employees who are part of the SecOps organization and 12 employees who are part of the NetOps organization.
- The average SecOps employee spends 80% of their time (relative to their other work) managing tools and making policy changes. They spend another 10% of their time responding to security incidents.
- The efficiency gain for the SecOps team for their work due to using the Prisma SASE solution is 75% time savings.
- The average NetOps employee spends 25% of their time (relative to their other work) on scaling and setting up new sites.
- The efficiency gain for the NetOps team for their work due to using Prisma SASE is 80% of their time in Year 1. This grows to 85% in Year 2 and 90% in Year 3.
- The average annual fully burdened salary of a SecOps employee is $121,500, while a NetOps employee’s is $135,000.
- A 50% productivity recapture rate is introduced, assuming that not all time saved will be reintroduced as additional productivity by the employee.
Risks. The exact benefit an organization receives in this regard may depend on:
- The size and skill set of an organization’s security management team.
- The capabilities and systems that are in place before deploying Prisma SASE.
- The complexity of the security environment.
- The number of security incidents that require manual intervention before implementing Prisma SASE.
- The other tools and solutions implemented to support the work of the SecOps and IT ops team.
- The average salary of the SecOps and NetOps teams.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.3 million.
For with 0 SecOps FTEs and 0 NetOps FTEs, this benefit may have a three-year, risk-adjusted total PV of .
Security And IT Operations Efficiency
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| A1 | Size of SecOps organization (FTEs) | 0 | 0 | 0 | ||
| A2 | Percentage of time managing tools and making policy changes | 0% | 0% | 0% | ||
| A3 | Percentage of efficiency gain due to Prisma SASE | Interviews | 0% | 0% | 0% | |
| A4 | Subtotal: Total time savings in managing tool and making policy changes (in FTEs) | A1*A2*A3 (rounded) | 0 | 0 | 0 | |
| A5 | Percentage of time responding to security incidents | 0% | 0% | 0% | ||
| A6 | Percentage of efficiency gain due to Prisma SASE | Interviews | 0% | 0% | 0% | |
| A7 | Subtotal: Total time savings in responding to security incidents (FTEs) | A1*A5*A6 (rounded) | 0 | 0 | 0 | |
| A8 | Average fully burdened annual salary of SecOps employee | TEI standard | $0 | $0 | $0 | |
| A9 | Subtotal: Total value of SecOps organization efficiency gain | (A4+A7)*A8 | $0 | $0 | $0 | |
| A10 | Size of NetOps organization (FTEs) | 0 | 0 | 0 | ||
| A11 | Percentage of time spent to scaling and setting up new sites | 0% | 0% | 0% | ||
| A12 | Percentage of efficiency gain due to Prisma SASE | Interviews | 0% | 0% | 0% | |
| A13 | Average fully burdened annual salary of NetOps employee | TEI standard | $0 | $0 | $0 | |
| A14 | Subtotal: Total value of NetOps organization efficiency gain | A10*A11* A12*A13 | $0 | $0 | $0 | |
| A15 | Productivity recapture | 0% | 0% | 0% | ||
| At | Security and IT operations efficiency | TEI standard | $0 | $0 | $0 | |
| Risk adjustment | ↓10% | |||||
| Atr | Security and IT operations efficiency (risk-adjusted) | $0 | $0 | $0 | ||
| Three-year total: $0 | Three-year present value: $0 | |||||
End-User Productivity Gain
Evidence and data. Interviewees noted that prior to using Prisma SASE, their previous security environment would sometime disrupt work done by business and end users. Sometimes this could be through investigation procedures that were too disruptive. Other times, security gaps that existed in the legacy environment resulted in cybersecurity attacks that could significantly disrupt employee productivity, especially those that work remotely.
- The SVP of IT in financial services told Forrester: “I’m 100% remote or hybrid, and there’s still that percentage where they are at home. So having the same infrastructure to support that is still critical today, working three days in the office and two days at home. Those two days, everything needs to work seamlessly between when they float between: If they take a laptop, then they float from at home vs. when they float to the office and it uses on the back end different infrastructure then the office-use hardware firewall.”
- The principal architect in healthcare added: “If [our employees] get attacked, they are unable to perform their work. We had an outage on a weekend because [our previous vendor] did an upgrade that wasn’t completely tested. It removed our ability to connect to our network. Nobody could do anything for 8 hours.”
Modeling and assumptions. For the purpose of the composite organization, Forrester assumes:
- There are 50,000 employees.
- Thirty-three percent of all employees work in a remote or hybrid situation.
- Fifty percent of all employees work directly with cloud products, which are assumed to be most affected by Palo Alto Networks’ solutions.
- During any system downtime, 20% of the employees working directly with cloud products are assumed to have their productivity impacted by the downtime event.
- Using Palo Alto Networks’ solutions, 8% of the lost time and productivity due to system downtime is recouped.
- The average fully burdened annual salary of an end user is assumed to be $87,750.
- The composite organization recaptures 50% of the efficiency gains for productive work.
Risks. The exact benefit an organization receives in this regard may depend on:
- The size of the organization and the percentage of end users whose productivity may be impacted by security solution downtime.
- The complexity of the IT environment, which can impact the amount and significance of downtime experienced due to investigations and device reimaging.
- The geography and industry where the implementing organization operates, which can impact the average fully burdened salary for end users.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $12.2 million.
For with 0% of 0 total employees working remotely, this benefit may have a three-year, risk-adjusted total PV of .
End-User Productivity Gain
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| B1 | Total employees | 0 | 0 | 0 | ||
| B2 | Percentage of remote/hybrid workers | 0% | 0% | 0% | ||
| B3 | Percentage of work done in the cloud | 0% | 0% | 0% | ||
| B4 | Percentage of end users impacted by system downtime | 0% | 0% | 0% | ||
| B5 | Percentage of time recapture due to better availability/less downtime | Interviews | 0% | 0% | 0% | |
| B6 | Average fully burdened annual salary for a business user | TEI standard | $0 | $0 | $0 | |
| B7 | Productivity recapture | TEI standard | 0% | 0% | 0% | |
| Bt | End-user productivity gain | B1*B2*B3*B4 * B5*B6*B7 | $0 | $0 | $0 | |
| Risk adjustment | ↓15% | |||||
| Btr | End-user productivity gain (risk-adjusted) | $0 | $0 | $0 | ||
| Three-year total: $0 | Three-year present value: $0 | |||||
Data Breach Risk Reduction
Evidence and data. The reduced complexity of the security environment also means reduced security risk. Whereas in their previous environment, the different point solutions didn’t integrate well or talk to each other, creating potential security gaps that could lead to an increased risk of data breach, using Prisma SASE significantly reduced that risk. This was even more substantial among organizations with remote and/or hybrid workers.
- The principal architect in healthcare told Forrester: “Being able to offer services in a secure manner by having what we consider full visibility into user activities”
- The director in manufacturing noted: “Having the security perimeter be around the user instead of a closed location reduces the risk”
- The SVP of IT at a financial services company shared: “One of the value is security posture and the ability to identify what traffic is going out. Being able to easily monitor internet traffic and see what is happening on the network”
Modeling and assumptions. For the purpose of the composite organization, Forrester assumes:
- According to Forrester data, the composite organization can expect to experience an average of 3.2 breaches per year when relying on point solutions.2
-
Forrester models the cost of a breach by employee count at organizations. For the composite, this is $53 per employee, not counting the loss of worker productivity.3 The costs include:
- Fines to regulatory bodies.
- Customer reimbursement/lawsuits.
- Incident response and remediation.
- Lost revenues.
- Brand equity rebuild costs.
- Cost of customer reacquisition.
- With Prisma SASE, organizations can expect to reduce the likelihood of a data breach by up to 50% after three years.
- An attribution to Prisma SASE equals the percentage of remote employees at the organization, which is 33%.
Risks. The exact benefit an organization receives in this regard may depend on:
- The impact that Palo Alto Networks has on the organization’s overall security posture compared to its previous solution.
- The percentage of employees impacted by a breach and the duration of associated downtime.
- The average salary for business users.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $3 million.
For with 0 total employees, this benefit may have a three-year, risk-adjusted total PV of .
Data Breach Risk Reduction
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| C1 | Average data breaches per year | Forrester Research | 0 | 0 | 0 | |
| C2 | Total employees | B1 | 0 | 0 | 0 | |
| C3 | Average potential cost of data breach per employee, excluding internal user downtime | Forrester Research | $0 | $0 | $0 | |
| C4 | Reduced likelihood of a breach | Interviews | 0% | 0% | 0% | |
| C5 | Attribution to Prisma SASE | B2 | 0% | 0% | 0% | |
| Ct | Data breach risk reduction | C1*C2*C3 * C4*C5 | $0 | $0 | $0 | |
| Risk adjustment | ↓15% | |||||
| Ctr | Data breach risk reduction (risk-adjusted) | $0 | $0 | $0 | ||
| Three-year total: $0 | Three-year present value: $0 | |||||
Security Infrastructure Cost Reduction And Avoidance
Evidence and data. Interviewees noted that the different solutions and functionalities that they receive as a result of their investment in Prisma SASE meant being able to reduce or retire a percentage of their annual security and networking tech spend.
- The principal architect in healthcare explained all the different solutions from their organization’s legacy environment that they were able to retire related to their Prisma SASE investment, telling Forrester: “We had a specific product for remote access. Then, we had what we call our H-security, or the secure gateway. That’s the security for remote users. And then data loss prevention (DLP) was a separate system. These were three distinct things, separate solutions, that required different expertise, different teams. Now, it’s all blended.”
- The director in manufacturing added: “I was able to retire my web proxy vendor, among others. That saving was in the millions of dollars on an annual basis.”
Modeling and assumptions. For the purpose of the composite organization, Forrester assumes:
- The annual security tech spending of the organization is $8 million.
- The vendor consolidation enabled by using Palo Alto Networks’ Prisma SASE represents 5% of the annual security tech spend.
Risks. The exact benefit an organization receives in this regard may depend on:
- The annual cost associated with each technology being replaced.
- The speed at which an organization can replace these technologies due to license agreements/terms and network configurations.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $846,000.
For , this benefit may have a three-year, risk-adjusted total PV of .
Security Infrastructure Cost Reduction And Avoidance
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| D1 | Annual security tech stack spend related to remote and distributed workforce | $0 | $0 | $0 | ||
| D2 | Percentage of savings from vendor consolidation related to Prisma SASE and SD-WAN | Interviews | 0% | 0% | 0% | |
| Dt | Security infrastructure cost reduction and avoidance | D1*D2 | $0 | $0 | $0 | |
| Risk adjustment | ↓15% | |||||
| Dtr | Security infrastructure cost reduction and avoidance (risk-adjusted) | $0 | $0 | $0 | ||
| Three-year total: $0 | Three-year present value: $0 | |||||
Unquantified Benefits
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
-
Increased visibility for security environment. Interviewees noted that one of Prisma SASE’s most valuable benefits is the enhanced visibility they now have on the condition, performance, and usage of different parts of the security organization. The principal architect in healthcare shared, “We’re able to easily monitor traffic and see what is actually happening on the network.”
The SVP of IT in financial services added: “The attractive thing about Palo Alto Networks was the interface and visibility. The reporting was the best for us in terms of UI. It instantly performed better than our purpose-built reporting software that we had struggled to maintain.”
- Better employee experience, both in using the different solutions and from the more robust, less intrusive security environment. The interviewees noted that the combination of all the above benefits created a better employee experience at their organizations. The director in manufacturing noted: “Palo Alto Networks came and worked perfectly. We had great feedback from people in terms of quality of experience.”
Flexibility
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Prisma SASE and later realize additional uses and business opportunities, including:
- The long-term, virtuous impact of having a complete security solution in the environment. In the long run, having an efficient and comprehensive security environment can have longstanding impact on a company’s performance, its brand, and how it copes with new and emerging threats. The director of security architecture and engineering at a manufacturing company elaborated: “Having Palo Alto Networks prepares you for the rest of the path, which is to integrate more things, such as remote networks, branch offices, CASB, etc. The next generation of tools and features that Palo Alto Networks will introduce allows us to simplify even more the way we do security designs and firewall policies.”
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).
Quantified cost data as applied to the composite
Total Costs
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Etr | Internal time investment for installation and deployment | $0 | $0 | $0 | $0 | $0 | $0 |
| Ftr | Internal time investment for user training and ongoing management | $0 | $0 | $0 | $0 | $0 | $0 |
| Gtr | Prisma SASE costs | $0 | $0 | $0 | $0 | $0 | $0 |
| Total costs (risk-adjusted) | $0 | $0 | $0 | $0 | $0 | $0 |
Internal Time Investment For Installation And Deployment
Evidence and data. Interviewees noted that deploying Prisma SASE was an involved process, requiring collaboration from different teams at their organizations (IT, SecOps, and NetOps) with the Palo Alto Networks team.
- The principal architect at a healthcare organization shared their setup process, telling Forrester: “After evaluating different vendors and choosing Palo Alto Networks, we set up the entire solution in one year. We had multiple teams participate from IT security, compliance, and network. We also involved the desktop support team for the deployment of agent. So in total, about 10 to 20 people dedicated about 50% of their time [to the implementation].”
- The director in manufacturing added: “We had someone from my networking team as well as the IT team. The first couple days, this was 50% of their time because most of the work was done by the Palo Alto Networks people. As soon as the tenant on the cloud was ready to use, the work became 100% of my team’s time.”
- For Prisma SD-WAN deployment, the senior director at a hospitality company shared: “We had a number of people focused on deployment full time. If done efficiently, this work can be completed with 16 to 18 people actively working on the project. The majority of them are network people, with some engineers.”
Modeling and assumptions. For the purpose of the composite organization, Forrester assumes:
- For the entire Palo Alto Networks deployment, 10 network operations employees spend a total of nine months upgrading firewalls and aligning policies in the initial period, and they spend almost five months fine-tuning in Year 1. The organization leverages end-of-life cycles and invests time to test the deployment, extending the timeline but also ensuring a smooth transition away from its legacy solution.
- The involved employees initially spend 80% of their time on deployment, which gradually reduces in the subsequent years.
- The average fully loaded annual salary for a network operations employee is $135,000.
- Since organizations typically deploy Prisma SASE in conjunction with other Palo Alto Networks solutions, the model assumes that the composite takes 20% of the total installation and deployment time for Prisma SASE.
Risks. The exact cost an organization incurs in this regard may depend on:
- The skill set of the involved internal employees.
- The complexity of the legacy environment.
- The annual salary of the involved internal employees.
Results. To account for these risks, Forrester adjusted this cost upward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $436,000.
For , these costs may have a three-year, risk-adjusted total PV of .
Internal Time Investment For Installation And Deployment
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|---|
| E1 | Network team working on PANW installation | 0 | 0 | 0 | 0 | ||
| E2 | Time spent per network team member | Interview | 0% | 0% | 0% | 0% | |
| E3 | Annual salary: NetOps employee | TEI standard | $0 | $0 | $0 | $0 | |
| E4 | Percentage attribution to Prisma SASE | Interviews | 0% | 0% | 0% | 0% | |
| Et | Internal time investment for installation and deployment | E1*E2*E3*E4 | $0 | $0 | $0 | $0 | |
| Risk adjustment | ↑15% | ||||||
| Etr | Internal time investment for installation and deployment (risk-adjusted) | $0 | $0 | $0 | $0 | ||
| Three-year total: $0 | Three-year present value: $0 | ||||||
Internal Time Investment For User Training And Ongoing Management
Evidence and data. Once set up, interviewees noted varying degrees of what ongoing management would look like for Prisma SASE. For some, it was an easy platform to monitor, while others spent additional time and investment to ensure that they fully maximize what the solution has to offer for their organizations.
- The principal architect noted: “We have one or two people manning the tool to respond to policy change requests and monitor alerts. A lot of it is security application layer work.”
- The director at a manufacturing company added, “For ongoing management of Prisma SASE, I would estimate [that it involves] 10% of my team’s time. It’s really easy to operate.”
- For Prisma SD-WAN, the senior director at a hospitality company told Forrester: “We do periodic meetings with the Palo Alto Networks team to understand how their platform evolves. We exchange lessons and challenges if they exist. We have a team focused on maintaining the platform as well as another team focused on optimizing the platform.”
Modeling and assumptions. For the purpose of the composite organization, Forrester assumes:
- A total of 20 hours of training is required for employees new to Palo Alto Networks. In subsequent years, 8 hours of training is required to share any new features, updates, and enhancements.
- The average fully loaded hourly salary across IT is $54 per hour.
- Once training is completed, ongoing management is assumed to involve the 10 people trained yearly. They spend 10% of their time managing Prisma SASE.
- Since organizations manage NGFW and CDSS together, the model assumes that 20% of the total time spent for ongoing management is for Prisma SASE.
Risks. The exact cost an organization incurs in this regard may depend on:
- The IT organization’s size and experience level with Palo Alto Networks solutions.
- The average salary of IT employees
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $63,000.
For , these costs may have a three-year, risk-adjusted total PV of .
Internal Time Investment For User Training And Ongoing Management
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|---|
| F1 | FTEs receiving training for ongoing management | 0 | 0 | 0 | 0 | ||
| F2 | Hours per training session | Interviews | 0 | 0 | 0 | 0 | |
| F3 | Average fully hourly salary per IT org employee (including SecOps, NetOps, and IT operations) | TEI standard | $0 | $0 | $0 | $0 | |
| F4 | Internal time investment for user training | F1*F2*F3 | $0 | $0 | $0 | $0 | |
| F5 | Percentage of time spent for ongoing management | Interviews | 0% | 0% | 0% | 0% | |
| F6 | Value of internal time investment for ongoing management | F1*F3*2080 hours*F5 | $0 | $0 | $0 | $0 | |
| F7 | Attribution to Prisma SASE | Interviews | 0% | 0% | 0% | 0% | |
| Ft | Internal time investment for user training and ongoing management | (F4+F6)*F7 | $0 | $0 | $0 | $0 | |
| Risk adjustment | ↑10% | ||||||
| Ftr | Internal time investment for user training and ongoing management (risk-adjusted) | $0 | $0 | $0 | $0 | ||
| Three-year total: $0 | Three-year present value: $0 | ||||||
Prisma SASE Costs
Evidence and data. The interviewees purchased hardware upfront and were able to amortize the subscription costs over the three-year contract term, providing predictable annual costs.
Modeling and assumptions. . For the purpose of the composite organization, Forrester assumes:
- Annual costs include both the hardware that needs to be purchased and the subscription fees for the solution.
- Subscription contracts are amortized over the three-year term.
- Pricing may vary. Contact Palo Alto Networks for additional details.
Risks. The exact cost an organization incurs in this regard may depend on:
- The number of users and sites where the solution will be implemented.
- Specific add-ons that should be implemented to further strengthen performance.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $8.3 million.
For , Prisma SASE costs may have a three-year, risk-adjusted total PV of . Please note that this is based on a high-level estimation and does not represent a quote. For more details, please contact Palo Alto Networks.
Prisma SASE Costs
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|---|
| G1 | Annual cost for Prisma SASE | $0 | $0 | $0 | $0 | ||
| Gt | Prisma SASE costs | G1 | $0 | $0 | $0 | $0 | |
| Risk adjustment | ↑5% | ||||||
| Gtr | Prisma SASE costs (risk-adjusted) | $0 | $0 | $0 | $0 | ||
| Three-year total: $0 | Three-year present value: $0 | ||||||
Consolidated Three-Year Risk-Adjusted Metrics
Cash Flow Chart (Risk-Adjusted)
Total costs Total benefits Cumulative net benefits-
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
Cash Flow Analysis (Risk-Adjusted Estimates)
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | $0 | $0 | $0 | $0 | $0 | $0 |
| Total benefits | $0 | $0 | $0 | $0 | $0 | $0 |
| Net benefits | $0 | $0 | $0 | $0 | $0 | $0 |
| ROI | 0% | |||||
| Payback period |
Appendix A: Total Economic Impact
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
Total Economic Impact Approach
-
Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
-
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
-
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
-
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
Appendix B: Supplemental
Related Forrester Research
“The Future Of Cybersecurity And Privacy,” Forrester Research, Inc., August 3, 2023.
“Top Cybersecurity Threats In 2023,” Forrester Research, Inc., April 17, 2023.
“Introducing The Zero Trust Edge Architecture For Security And Network Services,” Forrester Research, Inc., August 2, 2023.
Appendix C: endnotes
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
2 Source: Forrester Consulting Cost Of A Cybersecurity Breach Survey, Q1 2021.
3 Ibid.
PDF
