What would you say if someone told you there was an economical way to elastically scale security that maintains network performance, leveraging what’s in place, while allowing new security functions to be added over time? All wrapped up in a simple operating model. Sound too good to be true? Not anymore.
As capacity demands on your network increase, you can’t keep trying to solve the trade-off between security capabilities and network performance with fixed function, fully integrated security appliances laid out in a conga line that doesn’t scale. The solution is network security virtualization but we all know that moving to a virtualized infrastructure isn’t always as easy as vendors would have us believe. What’s needed is to make it turnkey so all the necessary network, server, load balancing and orchestration are packaged together, like a hyper converged infrastructure (HCI) for storage. Otherwise you end up spending so much on deployment, management and operations that you’re no better off.
Even better, a turnkey network security virtualization platform that is offered as a service dissociates you from hardware ownership and offers extended TCO savings. In this blog post we’re going to break down the savings you’ll gain. In part two we’ll look at a typical scenario to show how the actual TCO shakes out.
Savings from turnkey network security virtualization
So, what are the cost benefits of deploying virtual appliances to create a virtual NGFW compared to continuing with hardware-based appliances? Let’s take a look at how a turnkey network security virtualization platform can save you money.
Focus your staff on priority items not hardware
You need to have the right staffing profile to maintain and manage your hardware and you need to not only invest in them today but keep training and certifying them on a routine basis. With turnkey network security virtualization, the infrastructure you need to create your on-premise network security is brought in and maintained for you instead of you having to go out and buy it. It’s a form of platform as a service so you don’t need to dedicate any resources to purchase and support hardware.
No need to conduct an RFP for security appliances replacement
Typically, at around year 3, security appliances need replacing. You need to get staff to run an RFP and do due diligence on the latest and greatest in security. This is a huge task. You have to evaluate different appliances and their ability to offer different inspection capabilities and throughput levels for different security profiles. Then select, purchase, install, commission and operate them. With turnkey virtualization, you can focus on selecting the security function you need, at any time, because you have the flexibility that comes with virtual machines versus hardware. And with the platform delivered as a service, your underlying infrastructure is maintained by your service provider who keeps pace with all the best infrastructure technology, so you save the time and effort of refurbishments.
Future-proof your traffic inspection needs
Today, when assessing how much inspection capacity is needed you start with developing a multi-year network model to predict network traffic growth. You plan and make assumptions of what your network will be like in the future. But these estimates rarely have the accuracy or certainty that you can trust so you typically pad out your model and over specify your network traffic inspection needs. You do all this because it would be really bad to find yourself in a position without enough network traffic inspection capacity. You end up erring on the side of caution; better to buy one size up. This means spending money on something you don’t need immediately, or maybe never. With virtualization, you no longer need to be able to predict the future accurately. You will still model your network but you are no longer hand-cuffing yourself to that model for years to come because virtualization gives you built in elasticity. You create virtual machines and pay for growth when you need it and for the specific amount that you need. It scales with your traffic growth and changes in security requirements.
Eliminate disruptions for upgrades and maintenance
We all know that managing hardware involves upgrades and maintenance. Usually, some amount of network redundancy can help but it doesn’t eliminate the need for network disruptions (and the people to do the work). Virtualization lets you move work from one machine to another to free up a portion of the platform for upgrades. This runs in the background and your network security posture is completely unaffected. Just like classic cloud-based services like Netflix never leave a customer without service, turnkey network security virtualization accomplishes the same.
Minimize investment in virtualization skills and DevOps
To create a virtualization solution of your own, you need a team of engineers to specify and source the appropriate servers. They need to be OpenStack experts who can code up an integration of the servers with management of the virtual licenses. And they need to blend those scarce skills with an understanding of networking so that traffic is properly steered in and out of the correct virtual machines, while being managed by the security policy manager. This platform will likely involve products from different vendors, so you have to factor in professional services and support, not to mention procurement and testing. Moving to a turnkey platform eliminates the need for DevOps, professional services and lengthy integration efforts. It also dramatically reduces project risk and speeds time to deployment. The savings quickly add up.
These are just some of the key operational costs which you can eliminate or minimize with a turnkey virtualization approach. When you opt for a network security virtualization platform as a service you eliminate a high upfront cash outlay, only buy what you need, and benefit from predictable cash flow with a monthly subscription model. In this blog post we’ve discussed some key areas for savings. While those are compelling, there is nothing more important than direct cost savings. In our next blog post we’ll dive into a real-life scenario to show you how the math adds up.
Find out more about the significant cost savings you can realize from a virtual NGFW built on a turnkey network security virtualization platform, in our Corsa white paper, TCO of Virtualizing Network Security.