When you consider firewall virtualization you have to ask the question: Does it make better financial sense to stick with physical firewalls, go for do-it-yourself (DIY) virtualization, or invest in an automated platform for firewall virtualization? For a complete picture, you need to look at the total financial investment, including the costs of personnel, training, and tools, which add up to real money. In this blog post we’ll break down the numbers for each of the three scenarios (physical, DIY or automated virtualization) and answer that question.
The Complexity of Virtualization
Creating a system which automatically converts your physical firewalls to virtual equivalents requires many steps and workflows, as we outlined in PART ONE of this blog series. You also have to consider orchestration and management. Each of these steps demands specialist expertise in network engineering, security, systems integration, and DevOps. Once your system is deployed, you’ll have upgrades, maintenance, testing, and validation – all of which can be a drain on your people and financial resources. Let’s look at the numbers.
Three-Year TCO Analysis of Physical vs Virtual Firewalls
Here’s the scenario: You have a network deployment that needs 10 firewalls. If you choose to go the hardware firewall route, you would need to buy 10 physical firewalls with the appropriate license for three years plus three years of support. That’s a cost of $600,000 in upfront CAPEX.
| Physical firewall deployment | Total cost |
|---|---|
| Purchase of 10 firewalls | $600,000 |
| TOTAL OVER 3 YEARS | $600,000 |
The CAPEX calculation for this approach is very familiar and so is the perennial firewall upgrade issue. If your traffic volumes grow, then it’s a matter of spending more money to upgrade these firewalls to bigger ones. But what if you want to consider virtualization and the flexibility it provides.
If you go the virtual firewall route, you need to decide how you want to convert your physical firewalls to virtual ones. Do you want to do-it-yourself and invest in the steps and expertise we outlined in the previous post and are summarized in the table below? Or, do you want to subscribe to an automation platform that does the work for you and then continues to manage and orchestrate your virtual firewalls? Let’s look at the cost of both scenarios.
The steps and workflows needed to converts your physical firewalls to virtual equivalents
If you opt for DIY firewall virtualization, we estimate that would cost $250,000 upfront for equipment, plus $850,000 – $1,250,000 to build the platform. Add to that ongoing support and maintenance at $250,000 to $300,000 per year and you’re looking at a cost of $1.6 to $2.2 million over three years.
| Virtual firewall deployment | Total cost |
|---|---|
| Equipment | $250,000 |
| DIY build | $850,000 – $1,250,000 |
| Support & maintenance | $250,000 – $300,000 per year |
| TOTAL OVER 3 YEARS | $1.6 – $2.2 million |
That is a considerable investment! It appears that switching to a virtualized firewall solution doesn’t add up if you take it on yourself. But what if there is another way?
The TCO of Automated Firewall Virtualization
If you choose a turnkey platform that automates firewall virtualization, the work of converting your physical firewalls to virtual ones is done for you. It’s push-button network security virtualization. All you have to do is sign up for a monthly subscription that is a minimal OPEX expense. The total cost of that is $405,000 over three years.
| Automated firewall virtualization | Total cost |
|---|---|
| Monthly subscription | $135,000 per year |
| TOTAL OVER 3 YEARS | $405,000 |
The numbers speak for themselves. You can save over 32 percent if you automate firewall virtualization with a turnkey platform compared to deploying hardware firewalls. This is nothing compared to the over 295% savings you get from deploying a turnkey platform that automates firewall virtualization instead of trying DIY virtualization. What’s more, you don’t have the upfront CAPEX for hardware. Instead, you can pay as you grow.
Moving from physical to virtual firewalls has numerous advantages but if the TCO doesn’t make sense then why would you do it. Looking at the cost of DIY virtualization – both in dollars and in terms of time and resources – the conclusion may not be obvious. But a turnkey platform for automating your firewall virtualization totally changes that conclusion as it’s a very compelling investment compared to both physical firewalls and DIY virtualization.
And if the numbers aren’t enough to persuade you, consider the ongoing benefits:
- Free up engineering resources thanks to zero-touch provisioning, a user-friendly interface and only one platform to manage.
- Evergreen infrastructure, no outdated appliances and no more firewall refreshes every three years.
- Zero downtime during upgrades because upgrades are continuous
- Scalable capacity so you only pay for what you need, and MSSPs can charge customers for burst capacity.
- Flexibility of offering each MSSP customer their own virtual firewall with the specific security services and subscription they want.
After looking at the numbers and other benefits, it’s clear that now is the time to move to virtual firewalls. If you want to learn more about our turnkey platform for automating firewall virtualization, check out our video series.
If you have any questions or want to discuss your own TCO calculation, please contact us.