Network Security Policy Management is an important need for any enterprise. TCO of NSPM is also important to decide on how to proceed. It may make sense to start with ROI of any NSPM solution. The Return on Investment (ROI) of network security policy management can be significant for organizations. Network security policy management involves implementing and enforcing policies and procedures to ensure the security of a company’s network infrastructure, including firewalls, routers, switches, and other network devices.

Effective network security policy management can lead to several benefits that can provide a positive ROI for the organization. Some of these benefits include:

  • By implementing a comprehensive network security policy, organizations can reduce the risk of security breaches and cyber attacks, which can result in significant financial losses and reputational damage.
  • Efficient management of network security policies can help reduce downtime and improve network performance, leading to increased productivity and reduced operational costs.
  • Implementing and enforcing network security policies can help organizations comply with regulatory requirements, such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS).
  • Automating network security policy management tasks can help reduce IT administration costs and free up resources for other critical tasks.

There are several important achievements that can be supplied by any NSPM. However, as to TCO of the solution itself there may be some differences. These are some of the TCO components that need to be analysed: firewall manager usage, storage disk usage, effort needed to manage the system.

To start with, firewall manager usage is generally a mandatory need for these solutions. So, if you have decided to use a firewall analyser or automation system and do not have any firewall manager already implemented then there will be this manager procurement cost you will be facing. On average in a 10-firewall infrastructure assuming they are belonging to same vendor. The cost would be 10K USD at minimum.

Calculalation of a TCO

As to storage disk usage. Generally, NSPM solutions need to first collect and store all the logs and make the necessary analysis afterwards. So, in a 10-firewall environment assuming 10K EPS log generation capacity the amaount of disk needed will be around 300TB per year. Making it more specific:

Volume of data = Size of 1 syslog message x Number of messages per second x Number of seconds x Number of days x Compression Ratio

Assuming we store the logs for 30 days and use a compression ratio of 5:1, we can calculate the volume of data as:

Volume of data = 1 KB x 10,000 EPS x 1 second x 60 seconds x 60 minutes x 24 hours x 30 days / 5

Volume of data = 25,920,000 MB or 25,920 GB or 25.92 TB

The cost coming from storage disk usage would be around 20K USD per year at minimum.

What about effort usage? If the NSPM solution is not a user-friendly one and require good amount of work to maintain, it may need 0,5 to 1 human effort again for a 10-firewall environment. To maintain this kind of solution you may be needing one more employee if you have not planned it that way.

To sum up, NSPM solutions may have hidden costs in place if you have not planned it that way. During the evaluation phase of any NSPM solution project one must take into account the TCO of NSPM if the solution requires the usage of firewall manager, if the system is storing all the logs and what may be needed effort to maintain that solution.