Converting physical firewalls to virtual ones brings several advantages to large networks, from speed and simplicity to savings. These savings are not trivial: we’ve found that the Total Cost of Ownership (TCO) is four to five times lower with automated firewall virtualization, along with a 24x faster time to deployment when compared to DIY virtualization. However, there are other advantages too, from a lower number of security incidents to a decreased likelihood of a data breach. Not to mention the ease of use, scalability, simplicity and flexibility of a software-defined approach. It sounds too good to be true, but studies from other security vendors like Palo Alto Networks confirm what we’re claiming: that automated firewall virtualization will save you money and deliver significant benefits.
A Quick TCO Calculation
When it comes to justifying their budget, IT leaders need to know the Capital Expenditure (CAPEX) and Operating Expenditure (OPEX) of competing options. They also have to consider the entry cost. If you choose a hardware-based firewall route, you have to ensure you buy enough physical firewall capacity up front, and the threat protection capability you need for the next three years, as well as the appropriate license and support for that time period.
Let’s say a firm needs 50 physical firewalls over 3 years. This will cost $3,000,000 CAPEX up-front and take over a year from conducting the RFP process to deploying the firewalls. Whereas, a turnkey platform for automated firewall virtualization would have a total cost of $810,000 OPEX over 3 years and you can be up and running in 30 days or less. That’s five times lower TCO and significantly faster time to deployment (as much as 24x). You can see our full TCO Calculation here.
These numbers alone are compelling. Whether you’re a very large enterprise with huge traffic inspection needs, an enterprise with insane growth and exploding data usage, or an enterprise who knows exactly what inspection capacity you need, it’s worth taking notice.
Other ‘Hidden’ Cost Savings of Firewall Virtualization
As if that wasn’t enough, there’s a long list of other efficiencies gained with virtualization which translate into additional financial savings, even if they don’t show up on an invoice.
- Reduction in engineering time: when you opt for ‘platform as a service’ the infrastructure you need to create your on-premise network security is brought in and maintained for you instead of you having to create and maintain it. This means you can minimize your investment in virtualization skills and DevOps.
- Quicker purchasing process: there’s no need to conduct an RFP for security appliances replacement, which typically occur every three years. You’d normally need to evaluate, select, purchase, install, commission and operate new hardware. However, when you have a software-defined platform, you can just add new capacity rather than purchasing a new physical product.
- Right-sized capacity: you no longer need to spend money upfront on inspection capacity you think you’ll need but may never end up using. When you rely on hardware, you err on the side of caution—”better to buy one size up” is the thinking.
- Eliminate disruptions for upgrades and maintenance: virtualization lets you move work from one machine to another to free up a portion of the platform for upgrades, again saving time and engineering resource.
Palo Alto Networks Confirms the Savings of Virtual Firewalls
Now, we’re not alone in making these claims. A Forrester study commissioned by Palo Alto Networks in September 2021 looked into the Total Economic Impact of virtual firewalls. As companies took on larger digital transformation projects and moved toward virtualizing across the enterprises, they found legacy firewalls lacked the flexibility they required. They had underperforming legacy point solutions, decentralized security platforms and capabilities and a mandate to migrate to the cloud. All of this pointed to virtual firewalls. The bonus was, in adopting virtualization they saved money, and much more.
Palo Alto Networks found that a typical organization investing in VM-series virtual firewalls experienced benefits of $3.43 million over three years versus costs of $1.6 million, adding up to a net present value (NPV) of $1.83 million. That’s an ROI of 115% over a six-month payback period.
Firms also benefitted from a reduction in the time required to deploy firewalls of 90% and improved network and security team efficiencies of 80%, saving $1.3 million over three years. Another cost saving came from the fact that enterprises were also able to reduce their time to achieve proper security posture by 30%, saving $436,800 over three years.
These ‘real’ cost savings are just the beginning of the story. Enterprises also experienced improvements in time, efficiency, and performance. At the end of the day, these translate into saved dollars. Firms in the study noted:
- Reduced costs associated with DevOps/infrastructure management
- Reduced costs from software licenses and hardware management
- Reduction in the total cost of security stacks, thanks to eliminating point solutions and avoiding overprovisioning
- Reduced number of security incidents requiring manual investigation
- Reduced incidents and improved end-user efficiency
- Being able to use existing skills to avoid training and recruitment
Added Savings with Automated Virtualization
So, the verdict is in: virtual firewalls represent significant cost savings in terms of entry costs, TCO, and hidden costs like time and resource efficiencies. But, we can’t ignore the reality that moving to a virtualized environment can be a challenge. Enterprises can face many stumbling blocks when making the shift from physical to virtual firewalls. Depending on the scope, these issues can quickly wipe out the cost savings. However, a turnkey platform that automatically migrates physical firewalls to virtual ones can not only resolve many of these challenges but quickly make those numbers even more compelling again.
A turnkey platform which automates virtualization delivers financial efficiencies and improves ROI thanks to:
- Push-button scaling: increasing your inspection capacity is quick and easy.
- Turnkey deployment: there’s no need to create templates, manage scripts or create technical debt because it’s all done for you.
- Single dashboard: managing hundreds of VMs is done in a holistic manner via a single dashboard which allows the network team to move on to other security matters instead of having to chase and debug virtual instances of their network firewalls. This takes care of infrastructure hygiene, so the network security team is running virtual firewalls on stable white box hardware.
- Support: support is 24/7 for the virtualization platform so the DevOps team isn’t on the hook to support their templates and scripts and all the virtual firewalls.
Security teams can’t keep trying to solve the trade-off between security capabilities and network performance with fixed hardware. The solution is network firewall virtualization, but we all know this shift can demand significant resources in terms of DevOps. However, when that migration is automated for you by a turnkey network security virtualization platform, you can quickly and easily make the most of the cost and technical advantages of virtualization. It’s this crucial combination of automation and virtualization which makes these benefits accessible to enterprises.