The Total Economic Impact™ Of Fastly Application Security Solutions

Cost Savings And Business Benefits Enabled By Fastly Web Application and API Protection

A Forrester Total Economic Impact™ Study Commissioned By Fastly, February 2025

Rapid software delivery is critical for any company doing business online; however, application security hasn’t always modernized at the same pace. An outdated approach of simply locking everything down isn’t going to be effective in an increasingly dynamic environment. Businesses need security solutions that reliably protect their apps and services without disrupting legitimate traffic or frustrating end users.¹ They need friction-free and developer-friendly security solutions that empower them to ship security changes as quickly and easily as their developers ship new application code. Fastly Web Application and API Protection (WAAP) solutions — including Next-Gen Web Application Firewall (WAF), Bot Management, API Security, and DDoS Protection — tackle these challenges head-on, pairing a developer-centric approach with robust security to enhance productivity and mitigate risks. This powerful combination allows companies to trust that their apps and services will work as intended and enhance user experiences while accelerating time to value and driving top-line revenue growth.

Fastly Application Security Solutions delivers highly effective protection while reducing friction and enhancing developer productivity. The company delivers proactive, accurate alerts with instant insights, empowering security professionals to stay ahead of risks and vulnerabilities. Fastly’s secure and resilient global platform seamlessly integrates into existing software delivery workflows and tools, supporting rapid developer innovation without compromising security. This modern application security approach allows Fastly customers to reliably deliver exceptional online experiences to their consumers and end users.

Fastly commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying WAAP solutions.² The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of WAAP on their organizations.

Return on investment (ROI)

235%

Net present value (NPV)

$4.23M

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four decision-makers with experience using Fastly Next-Gen WAF, Bot Management, API Security, and DDoS Protection. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is an omnichannel retailer with 4 million customers, more than 350 million annual site visits, and more than $1 billion in annual revenue.

Interviewees said that prior to using Fastly, their organization faced numerous challenges and limitations with previous WAAP solutions. These limitations resulted in application deployment delays, false positives that blocked legitimate traffic, and an inability to handle traffic spikes. Systems were vulnerable to malicious attacks, causing website downtime and financial losses. Legacy WAF solutions also lacked a unified console to manage apps deployed in any environment, including the network edge, leading to performance bottlenecks and scalability issues as the number of apps and web traffic increased.

After deploying Fastly Application Security Solutions, interviewees experienced a notable increase in customer conversions and attributed this uptick to more accurate detection that filters out malicious site visits and unwanted bots but allows legitimate traffic. Additionally, interviewees reduced operational costs from traffic, overages, and security resources by reducing unwanted site visits, which directly impacted their bottom line. Engineering, operations, and security teams experienced a significant improvement in application development and operational productivity time to value, streamlining processes and enabling their teams to focus on revenue-driving projects. Interviewees found that deploying Fastly could reduce costs and simplify their tech stack by consolidating redundant technologies and eliminating the infrastructure required for their operation — all without compromising security standards.

Improved application development time to value

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

Increased conversions driving $3.6 million in profit gains. Fastly transforms security measures from a cost center to a critical revenue driver by effectively managing and blocking nonorganic traffic. This approach improves site performance and user engagement by mitigating DDoS attacks and excessive bot traffic while enabling new products to seamlessly integrate into its ecosystems. Teams can focus on core business functions without security being a barrier, thereby accelerating business growth. Overall, the composite organization sees an 8% increase in its sales conversion rate over three years.
Increased developer and operational productivity by 25%. Fastly’s ease of use and quick application onboarding streamline processes, increase developer confidence, and speed application deployment for the composite, doubling software development output and driving $700,000 in gains over three years. Fastly helps the composite address the rise in cyberattacks without expanding its cybersecurity team. Instead, it reallocates staff from continuous WAF rule tuning to more impactful activities, reducing security incidents by 30%.

25%

False positives reduction

Reduced overage traffic, challenge, and other costs by $832K. After deploying Fastly’s WAAP, the composite can mitigate nonorganic traffic by improving web application security, reducing overage charges, usage costs, and regulatory fines. The composite filters out unwanted traffic while allowing genuine user access, reducing overage charges by $300,000 in the first year.
Consolidated security infrastructure savings of $839K. The composite experiences substantial cost savings and efficiency improvements after adopting Fastly’s WAAP solutions, eliminating the need for various WAF solutions, traffic managers, and domain translations. Fastly’s developer-focused UI and support allow the composite to consolidate redundant, legacy tools, saving $270,000 in Year 1. By standardizing with Fastly, the composite also reduces costs for variable or scaling infrastructure, data egress traffic, and computing.

Flexibility benefits. Additional value enabled by long- or near-term investments and scenarios not factored into the composite organization analysis include:

Increased application development time to value of 3X drives top-line revenue. Interviewees shared that their companies experienced a threefold increase in application development speed for their online platforms, which can enable developers to focus on other revenue-generating activities.
Improved marketing effectiveness. Companies can achieve better returns on marketing spending as they improve campaign effectiveness. By blocking bad bots that generate fake impressions, the composite is confident that its campaigns are reaching genuine users, which enhances marketing targeting. This could lead to a noticeable increase in sales, demonstrating the long-term benefits of refined marketing strategies.
Amplified impacts with a holistic, single pane of glass experience. By deploying Fastly WAAP solutions with its Content Delivery Network (CDN) or other Fastly tools, companies could improve operational efficiency, increase visibility, enhance reporting, and reduce costs by managing all solutions on one unified platform.

Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:

Improved security with full blocking mode. The composite reaches full blocking mode two to three weeks after implementation and reports a 25% reduction in false positives compared to its prior WAF solutions. Due to its increased confidence in the WAF protection, the composite experiences improved security against malicious attacks and threat actors.
Accelerated change implementation. Fastly enables rapid change implementation and instantly propagated daily updates, resulting in increased efficiency gains and work output.
Enhanced customer experience. Fastly eliminates downtime and reduces latencies encountered with legacy solutions, leading to an enhanced customer experience.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

Enterprise license fees totaling $1.38M over three years. The composite pays for Fastly licenses, which include Next-Gen WAF, Bot Management, API Security, and DDoS Protection. The composite organization begins operations in North and South America in Year 1, EMEA in Year 2, and APAC in Year 3.
Internal planning, migration, and implementation costs totaling $178K for three years. The composite organization involves key stakeholders in the planning process for a successful Fastly deployment. The organization spends less than six months on planning and legacy solution migration and completes the actual Fastly implementation in three weeks.
Insights and ongoing maintenance costs totaling $243K over three years. The composite organization leverages its cybersecurity team as passive users of Fastly’s UI to gain insights from data and reports and to push out rule enhancements and maintenance.

The representative interviews and financial analysis found that a composite organization experiences benefits of $6.04 million over three years versus costs of $1.80 million, adding up to a net present value (NPV) of $4.23 million and an ROI of 235%.

“Fastly’s origins are as an engineering-centric company rather than a traditional infrastructure company. Its products and services reflect that DNA. We achieved a lot in a short timeframe and will continue to grow knowledge because the product is user friendly and developer-centric.”

Head of platforms, media

Key Statistics

Return on investment (ROI)

235%

Benefits PV

$6.04M

Net present value (NPV)

$4.23M

Payback

<6 months

Benefits (Three-Year)

Profit from increased conversions Improved operational productivity Reduced overage, traffic, challenge, and other charges Consolidating security infrastructure costs

TEI Framework And Methodology

From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Fastly WAAP solutions.

The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Fastly WAAP solutions can have on an organization.

Due Diligence

Interviewed Fastly stakeholders and Forrester analysts to gather data relative to WAAP solutions.
Interviews

Interviewed four representatives at organizations using Fastly WAAP solutions to obtain data about costs, benefits, and risks.
Composite Organization

Designed a composite organization based on characteristics of the interviewees’ organizations.
Financial Model Framework

Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Case Study

Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

Disclosures

Readers should be aware of the following:

This study is commissioned by Fastly and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Fastly WAAP solutions.

Fastly reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Fastly provided the customer names for the interviews but did not participate in the interviews.

Consulting Team:

Alexander Parsons

Amy Harrison

Drivers leading to the WAAP investment

Interviews

Role	Industry	Region	Revenue
Director of global engineering	Retail	Global	$1 billion to $10 billion
Manager of cyber security	Travel and hospitality	North and South America	$1 billion to $10 billion
Security engineer	Financial services	Global	$10 billion to $50 billion
Head of platforms	Media	APAC	$100 million to $1 billion

Key Challenges

Interviewees faced several challenges before using Fastly, including a lack of visibility and control over their web security. They reported that previous security solutions, including WAF products, were often inadequate or unsophisticated. Some lacked flexibility to configure for Kubernetes environments, deploy at the network edge, or meet other needs, causing performance issues and scalability problems. Overcomplicated rulesets required constant rule tuning by security teams without the benefit of holistic reporting and insights to guide decision-making — limitations that caused application deployment delays and blocked legitimate traffic. Prior solutions couldn’t support volume spikes and were susceptible to malicious attacks, causing site downtime and lost revenue. Interviewees’ companies also struggled to manage traffic volume spikes, which led to site downtime and employee turnover from additional pressure.

The interviewees noted how their organizations struggled with common challenges, including:

Legitimate traffic blocking. Interviewees discussed prior solutions creating too many false positives, which prevented customers from interacting with their sites. This ultimately led to higher cart abandonment rates and negative impacts on top-line revenues and customer experience. The manager of cyber security in travel and hospitality shared: “With the previous solution, we faced challenges where it was blocking legitimate traffic. We didn’t have much visibility with that platform.”

“Anytime we have to take our site down, 5 or 6 hours costs hundreds of thousands of dollars of lost revenue.”

Manager of cyber security, travel and hospitality

Complexity of managing multiple WAF vendors. Interviewees noted their organization required additional resources and had inflated costs from using multiple WAF providers. The head of platforms in media shared: “One of the primary factors for us was the need to consolidate our cost base. We were double-paying bills to two different providers and needed to consolidate that to scale our efficiency.” Interviewees also discussed how using a multi-WAF strategy created issues with visibility and managing overlapping policies, which had downstream impacts on website performance.
Rule change fear. Interviewees shared that their companies either spent excess time on each security rule change or avoided making changes altogether. Legacy WAFs relied on regex pattern-matching rules, which were difficult to manage and required constant tuning to avoid false positives. The director of global engineering in retail shared, “With [the previous solution], teams were afraid to make security-related rule changes for fear of blocking the wrong traffic that could lead to taking the site down or causing an outage.”
Inadequate vendor support and flexibility. Interviewees discussed the passive or inadequate support from previous vendors that did not enable rule configuration to meet complex customer needs in their environments. The manager of cyber security in travel and hospitality shared: “We didn’t have the same level of control previously. They were not full equipped to deal with our volume spikes or able to support our needs.”
Lack of visibility. Interviewees discussed issues with a lack of visibility and inadequate reporting on the latest threats and insights. Without real-time, granular insights, their security and engineering teams spent more time troubleshooting and had less confidence in their prior WAF solution.
Lack of deployment flexibility and protection at the edge. The director of global engineering in retail said, “Our previous solution’s native WAF left a lot to be desired with being able to protect via the edge.”

Investment Objectives

The interviewees’ organizations searched for a solution that could:

Improve time to value, agility, and overall output for application development.
Enable long-term business scalability while providing comprehensive, best-in-class protection from malicious actors and requests.
Drive operational efficiencies across security, engineering, and development teams.
Deliver visibility and control over site traffic to identify malicious signals and act on threat intel.

After a request for proposal and business case process evaluating multiple vendors, the interviewees’ organizations chose Fastly’s WAAP solutions for its security and performance relative to competitors, its developer-centric approach to the user experience, and its overall ease of use, including:

Visibility and control. The manager of cyber security in the travel and hospitality industry said: “We chose Fastly for the visibility we gained, the control that we had over the traffic, the way we could shape the traffic with rate limiting, and our overall ability to strengthen our security controls. It just made sense to move everything to Fastly.”

“What we’ve been able to do utilizing [Fastly] and its team is impressive. I cannot speak more highly of the level of support they’ve given to get us where we need to be. I’m really excited about this ongoing work as we get to the next level of maturity. They’re my favorite partner to work with.”

Security engineer, financial services

Confidence in blocking mode. Interviewees remarked that they could achieve full blocking mode within two to three weeks during the proof-of-concept (POC) trial. Because of the confidence in blocking and the simplified single pane of glass interface, they were able to deploy Fastly WAAP solutions quickly across their online platforms.
Developer-focused approach. The director of global engineering in retail said: “One thing we consistently like about Fastly is its developer-focused approach. The ability to make code changes very quickly really stood out.” Interviewees discussed how Fastly delivered more accurate detection and better visibility through Next-Gen WAF, leading to better developer engagement. The manager of cyber security in travel and hospitality added, “We’ve onboarded more applications and we’re doing more development with Fastly.”
Application security at the edge. Interviewees’ companies appreciated Fastly’s flexibility, including its ability to deploy capabilities at the network edge. The security engineer in financial services shared, “It was very important to the business to have something like a next generation firewall, which Fastly has, and moving things closer to the edge.”
High-quality service and collaborative approach. Interviewees shared that their companies appreciated Fastly’s hands-on approach during and after implementation. Resources and leadership within Fastly were easy to engage with and quick to react to questions. The head of platforms in media stated, “Fastly is very collaborative, and they work as part of the team. There’s a lot more collaboration than we previously had in the cybersecurity space.”
Native WAF Kubernetes support. The director of global engineering in retail said: “We’re standing things up on Kubernetes and wanted a solution that allowed us to protect that natively, so Fastly fit the bill. It was something we could deploy as a container within our environment as Kubernetes native. There are numerous examples where we would have things like structured query language (SQL) injection that would bypass or go through [the prior solution] but would be caught by Fastly. That’s what really drove us to choose Fastly.”
Cloud-native and cloud-first solutions. The security engineer in financial services said: “Fastly supports the ability to migrate to the cloud at speed and at scale. Every big company is thinking about modernizing. This tool has enhanced that journey for us and just been part of the puzzle piece to make sure that we have all the necessary protections in place for our customers.”

2 to 3 weeks

Time to full blocking mode with Fastly

Composite Organization

Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the four interviewees, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:

Description of composite. The global omnichannel retailer has more than $1 billion in annual revenue that includes $350 million in online sales across multiples sites and brands. The company has more than 4 million customers and 350 million site visits per year, which are supported by 4,000 employees globally, including 10 cybersecurity engineers and 10 software developers.

Deployment characteristics. The composite organization deploys Fastly WAAP solutions over three weeks following six months of planning and internal migration from its legacy security solutions. A five-person team of cybersecurity engineers and software developers support the initial transition to the new platform. The organization decommissions legacy infrastructure, namely its previous WAF provider, as it rolls out Fastly’s capabilities to North and South America, EMEA, and APAC in Years 1, 2, and 3 respectively.

Key Assumptions

Omnichannel retailer
Global operations
$1+ billion annual revenue
$350 million online sales
4,000 employees
4 million customers
350 million annual site visits

Quantified benefit data as applied to the composite

Total Benefits

Ref.	Benefit	Year 1	Year 2	Year 3	Total	Present Value
Atr	Increased conversions profit	$680,000	$1,530,000	$2,380,000	$4,590,000	$3,670,774
Btr	Improved operational productivity	$212,925	$283,900	$354,875	$851,700	$694,819
Ctr	Reduced overage, traffic, challenge, and other charges	$255,000	$340,000	$425,000	$1,020,000	$832,119
Dtr	Consolidated security infrastructure costs	$229,500	$344,250	$459,000	$1,032,750	$837,994
	Total benefits (risk-adjusted)	$1,377,425	$2,498,150	$3,618,875	$7,494,450	$6,035,706

Increased Conversions Profit

Evidence and data. Fastly enabled interviewees’ organizations to transform their security practices from cost centers to revenue enablers by effectively managing and blocking nonorganic traffic. Interviewees reported enhancing site performance and focusing on engaging with genuine users, leading to improved targeting, increased conversions, and reduced customer churn. Additionally, reducing site outages, especially those caused by DDoS attacks or spikes in bot traffic, prevented significant revenue losses.

The manager of cyber security in travel and hospitality stated: “Customers cannot book tickets if we experience a DDoS attack. If the application is slow or experiences latency, people will likely give up and turn to a competitor. Fastly has definitely helped reduce abandonment rates and has provided our customers with a better, faster experience.”
Adopting Fastly’s security capabilities allowed interviewees to integrate new products seamlessly into their environments without security applications becoming barriers.

4% to 8%

Conversion rate improvement

The security engineer in financial services said, “With Fastly, being able to quickly add a product to our environment means that WAF is not a barrier to deploying a product.” This increased speed enabled their organization to concentrate on its core business activities without being hindered by security concerns.
The director of global engineering in retail described how their investment in Fastly led to over $20 million in sales gains: “Last holiday season is when we first enabled bot management. We thought it was a statistical anomaly because we saw a double-digit conversion rate increase. But it wasn’t. We attributed the increase to reducing the bot traffic and getting more realistic users hitting the site through checkout.”

“The true measure of the impact was how effective Fastly was at blocking nonorganic traffic. We were able to block content scrapers in terms of bot traffic and make sure that we were getting actual, organic, real users visiting the site. That’s led to a greater than 10% improvement in conversions, and the business was ecstatic.”

Director of global engineering, retail

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite receives 200 million site visits in Year 1, 300 million in Year 2, and 350 million in Year 3.
The conversion rate before Fastly is 2% with a net increase after Fastly of 4% in Year 1, 6% in Year 2, and 8% in Year 3.
The composite’s average order value is $50, and it has an operating margin of 10%.

Companies could increase top-line revenue through improved time to value for application development. Interviewees experienced an average of 3x improvement in time to value for application development for their online platforms. This allowed interviewees to dedicate more time to revenue- and growth-driving projects while deploying capabilities faster. The director of global engineering in retail shared: “Speed to adoption really stands out as we officially transitioned to the edge deployment for Fastly. It’s been easier for us to onboard additional features.”
Companies may be able to amplify their top-line revenue with improved marketing effectiveness. The director of global engineering in retail shared: “We’re getting better returns on marketing spend because we know our campaigns are reaching users. It’s a feedback loop where we now know that our campaigns are working and can better target. That’s proving out in the long run because we’re making more sales.”

Risks. The profit from increased conversions may vary depending on the following:

The number of annual site visits.
The average order size.
How quickly the organization can deploy Fastly.

The organization’s operating margin.

Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $3.7 million.

Increased Conversions Profit

Ref.	Metric	Source	Year 1	Year 2	Year 3
A1	Annual site visits	Composite	200,000,000	300,000,000	350,000,000
A2	Conversion rate before Fastly	Composite	2.00%	2.00%	2.00%
A3	Net increase in conversion rate with Fastly	Composite	4%	6%	8%
A4	Conversion rate after Fastly	A2*(1+A3)	2.08%	2.12%	2.16%
A5	Average order value	Composite	$50	$50	$50
A6	Operating margin	TEI standard	10%	10%	10%
At	Increased conversions profit	A1(A4-A2)A5*A 6	$800,000	$1,800,000	$2,800,000
	Risk adjustment	↓15%
Atr	Increased conversions profit (risk-adjusted)		$680,000	$1,530,000	$2,380,000
Three-year total: $4,590,000		Three-year present value: $3,670,774

Improved Operational Productivity

Evidence and data. After deploying Fastly, interviewees could respond to an increasing number of cyberattacks without needing to expand their cybersecurity staff. With an improved ability to detect and block malicious traffic without generating false positives, interviewees’ companies could optimize their workforce by shifting from routine tasks, like managing security applications and addressing security concerns, to more valuable activities like data analysis and advanced rule tuning. This shift enabled staff to enhance their skills in these critical areas.

Cybersecurity developers gained confidence in their ability to deploy applications rapidly, facilitated by a 30% decrease in security incidents and stronger protection measures. The manager of cyber security in travel and hospitality said: “With Fastly, we have to spend fewer man hours on [remedial] tasks. They’re being proactive in threat hunting and analyzing the solutions for optimization, so that’s time we don’t have to spend on those tasks.”

30%

Decrease in security incidents

Interviewees described the positive impact of Fastly on their software development teams. Interviewees’ companies doubled their software development output by reallocating resources and improving cybersecurity processes.
Interviewees shared that their companies also saw improved productivity with a 25% decrease in false positive rates compared to prior WAF solutions. With fewer false positives impacting legitimate customers, security team members had time for higher value tasks. The director of global engineering in retail shared: “Fastly, from the beginning, limited false positives. In fact, I can count on my hand the number of false positives we’ve actually flagged.”

“We’ve seen a 20% increase in actual attacks hitting the site year over year, but we’ve had no increase in escalations to an actual incident.”

Director of global engineering, retail

In addition to improved operational productivity, companies experienced improved response times critical to minimizing attack vector impact. Interviewees shared how Fastly’s capabilities enabled faster responses to malicious threats. The head of platforms in media said: “Our ability to understand when attacks are happening and respond is faster with Fastly. When they notice discrepancies, particularly with DDoS traffic, they proactively notify us about what is happening.”

“There’s a reduction in the time between the intrusion happening and our ability to act on it with Fastly. That’s a big benefit because we track [intrusions] quickly.”

Head of platforms, media

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite has six cybersecurity engineers focused on Fastly in Year 1, eight in Year 2, and 10 in Year 3.
The composite experiences a 25% improvement in cybersecurity engineer productivity with Fastly.
The composite has six software developers focused on Fastly in Year 1, eight in Year 2, and 10 in Year 3.
The composite experiences a 20% improvement in software developer productivity with Fastly.
The average fully burdened annual salary is $170,000 for a cybersecurity engineer and $205,000 for a software developer.
Forrester conservatively estimates that 50% of the total time saved per software developer or cybersecurity engineer is applied directly to value-generating tasks, and it is therefore included in the benefit calculation.

Risks. Improved operational productivity results may vary by:

The organization’s relative size, industry, or location of operations.
The total number of cybersecurity engineers and software developers.
The percentage of productivity captured by the affected users.
The skill level, efficiency, and salaries of the organization’s employees.

Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $695,000.

Improved Operational Productivity

Ref.	Metric	Source	Year 1	Year 2	Year 3
B1	Cybersecurity engineers focused on Fastly	Composite	6	8	10
B2	Improved productivity with Fastly	Interviews	25%	25%	25%
B3	Fully burdened annual salary for a cybersecurity engineer	TEI standard	$170,000	$170,000	$170,000
B4	Subtotal: Improved cybersecurity engineer productivity	B1B2B3	$255,000	$340,000	$425,000
B5	Software developers focused on Fastly	Composite	6	8	10
B6	Improved productivity with Fastly	Interviews	20%	20%	20%
B7	Fully burdened annual salary for a software developer	TEI standard	$205,000	$205,000	$205,000
B8	Subtotal: Improved software developer productivity	B5B6B7	$246,000	$328,000	$410,000
B9	Productivity recapture rate	TEI standard	50%	50%	50%
Bt	Improved operational productivity	(B4+B8)*B9	$250,500	$334,000	$417,500
	Risk adjustment	↓15%
Btr	Improved operational productivity (risk-adjusted)		$212,925	$283,900	$354,875
Three-year total: $851,700		Three-year present value: $694,819

Reduced Overage, Traffic, Challenge, And Other Charges

Evidence and data. Fastly’s WAAP helped interviewees significantly reduce the nonorganic traffic reaching their sites. The reduction in malicious and bot traffic helped lower the costs associated with traffic overages and usage charges and played a crucial role in reducing regulatory fines by improving web applications’ security posture.

Proactively blocking malicious site visits before they could cause issues allowed companies to avoid the financial repercussions of unwanted traffic, including overage costs. By maintaining a strong WAF that effectively detects and mitigates threats, companies reported a decrease in security research costs from fewer exploited vulnerabilities.

“We have a hard cap for how many API calls we can make to the [back end] to log in. If we’re not filtering out that bad traffic, we could overrun costs, have site degradation, or have an outage because we’re overloading our API limit. Fastly had an immediate impact there.”

Director of global engineering, retail

When discussing Fastly’s impact, the manager of cyber security in travel and hospitality said, “The faster we get to blocking helps because now we’re not paying overages for traffic that would have gotten through.”
Interviewees’ companies decreased costs up to $1 million annually with reduced overage and regulatory charges. The manager of cyber security in travel and hospitality shared: “If we exceed certain booking ratios, we pay overages. We used to pay overages for our previous solution where [the solution] allowed bots to go through. We’d spent millions of dollars that we’re avoiding with Fastly.”

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite reduces overage, traffic, challenge, and other charges by $300,000 in Year 1, $400,000 in Year 2, and $500,000 in Year 3 as its use of Fastly WAAP solutions expands.

Risks. The reduction in overages charges may vary based on:

The amount of unwanted traffic or attacks an organization sustains.
The amount previously paid for overage, regulatory, or other costs.

Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $832,000.

30%

Overage charge reduction

Reduced Overage, Traffic, Challenge, And Other Charges

Ref.	Metric	Source	Year 1	Year 2	Year 3
C1	Reduction in overage, traffic, challenge, and other charges	Interviews	$300,000	$400,000	$500,000
Ct	Reduced overage, traffic, challenge, and other charges	C1	$300,000	$400,000	$500,000
	Risk adjustment	↓15%
Ctr	Reduced overage, traffic, challenge, and other charges (risk-adjusted)		$255,000	$340,000	$425,000
Three-year total: $1,020,000		Three-year present value: $832,119

Consolidated Security Infrastructure Costs

Evidence and data. Interviewees experienced significant cost savings and improved efficiency by switching to Fastly’s WAAP solutions. They eliminated multiple WAF solutions, traffic managers, and domain translations.

The director of global engineering in retail highlighted savings of $3 million over three years from decommissioning company tools. In addition to the financial benefits, they received enhanced value from the new solution and noted: “Support is significantly better than [the prior solution]. Not only is it because they are developer-focused, but it’s also their response time, thoroughness, and technical level of expertise.”
A security engineer from the financial services sector said: “With Fastly, you can reduce your costs if you have variable or scaling infrastructure. You can reduce the amount of data egress traffic, compute, and other costs based on having lost traffic.”

“I’ve decommissioned traffic managers, domain translations, and virtual servers because now I’m doing it with Fastly. All told, [our savings] added up to $200,000 per year.”

Manager of cyber security, travel and hospitality

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite eliminates legacy WAF solutions, consolidates additional supporting infrastructure, and saves the associated infrastructure and maintenance costs.
The savings total $270,000 in Year 1, $405,000 in Year 2, and $540,000 in Year 3.

Flexibility. Forrester traditionally views flexibility benefits as future supplemental value enabled by long-term added investments. Flexibility can also be applied to near-term and alternative scenarios by considering an investment decision’s potential beyond a financial measurement, providing relevancy to readers. Companies could gain additional efficiencies, effectiveness, and cost savings by deploying other Fastly products and further consolidating their tech stacks.

The head of platforms in media shared their experience: “Having delivery and security on the same platform means we get a single voice in terms of recommendations rather than having to talk to different suppliers. Getting advice and support from Fastly across product lines helps our efficiency.”
By consolidating technical infrastructure, companies could find value in simplifying and standardizing internal environments. The security engineer in financial services discussed their experience: “One of the big things we’ve been working on with Fastly is standardizing processes and architectures. Over time, we’ve used almost all the major players of web application firewalls, we’ve had on-premises deployments, and pretty much every major cloud implementation. Because we’ve had so many tools, developing standards has been complicated.”

Risks. The cost savings from consolidating security infrastructure may vary depending on:

The company’s industry, focus, and relative size.
The previous solutions deployed, which affects the magnitude of impacts gained by using Fastly WAAP solutions.

Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $838,000.

Consolidated Security Infrastructure Costs

Ref.	Metric	Source	Year 1	Year 2	Year 3
D1	Consolidated security infrastructure costs	Interviews	$270,000	$405,000	$540,000
Dt	Consolidated security infrastructure costs	D1	$270,000	$405,000	$540,000
	Risk adjustment	↓15%
Dtr	Consolidated security infrastructure costs (risk-adjusted)		$229,500	$344,250	$459,000
Three-year total: $1,032,750		Three-year present value: $837,994

Unquantified Benefits

Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:

Improved security with full blocking mode. Interviewees’ companies were able to achieve full blocking mode with Fastly’s Next-Gen WAF solution after two to three weeks. Interviewees shared that with Fastly’s patented approach to detection and blocking via SmartParse, their companies could more accurately block malicious traffic while minimizing false positives compared to prior solutions that used legacy, regular expression (regex) WAFs. The director of global engineering in retail shared: “We have a global policy rule that already applies if it’s a malicious attack because it is identified as SQL injection, so we just enable that rule. We have so much confidence in the blocking rules that we pretty much aggressively have been blocking since the start.”
Increased application development. With increased confidence and control over their security rules, interviewees shared their companies had seen application development increase, including one company that was able to double its application development output with its investment in Fastly WAAP solutions. The director of global engineering in retail stated, “Fastly gives us a lot more confidence in covering security risks, so the approach has shifted to giving tools to enable our developers where security isn’t something they have to actively think about.”
Accelerated change implementation. The head of platforms in media said, “With Fastly, we can push changes daily, and the speed at which those changes propagate out is instantaneous, so there’s an efficiency gain as a result.”
Enhanced customer experience. The manager of cyber security in travel and hospitality explained, “We can enhance that customer experience because we don’t have the downtime or latencies we were experiencing with the other solution.”
Broadened usability. Interviewees discussed how a broader group of individuals found value in Fastly capabilities for observability, logging, data tagging, and other features. The head of platforms in media shared: “Fastly Next-Gen WAF is very user friendly and not hard to find your way around. We use the reporting dashboards and logging functionality quite a lot. With a more accessible platform than before, our technical team has been able to benefit by gradually upskilling people outside the immediate infrastructure engineering team.”
Elevated customer support. Interviewees lauded Fastly’s commitment and support throughout the POC and implementation phases and beyond. The manager of cyber security in travel and hospitality highlighted Fastly’s exceptional responsiveness, such as its on-site presence during critical hours and participation in middle-of-the-night calls. They also emphasized managed services as a key benefit, with Fastly’s team acting as an extension of their team and offering proactive support in threat hunting, solution optimizing, and application onboarding. They said, “There was a lot of pride and ownership within the team, and it feels like a true partnership.”

“I’m constantly impressed by the Fastly support. The way that they work with us is awesome. We have somebody representing us in each of our major time zones, and the scope of work they get done is really incredible. I haven’t seen a level of support this good from any other vendor in my career.”

Security engineer, financial services

Flexibility

The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Fastly WAAP solutions and later realize additional uses and business opportunities, including:

Efficient, unified management. Interviewees described crossover benefits with Fastly’s single pane of glass design when using other Fastly products, including its CDN solution.
Additional investment opportunity. The manager of cyber security in travel and hospitality said: “We have a great partnership with Fastly. We’re looking at different features and functionality that Fastly has released and are on the road map. Now, we’re migrating into dynamic caching, so our use of Fastly will only increase.”
Active customer community. Interviewees saw value in sharing experiences with other Fastly customers. The director of global engineering in retail said: “There’s a good community of other customers. Fastly does a good job of facilitating interactions through events or individual requests. Customers generally seem to be happy with Fastly and have a willingness to share, so we’re excited to share information freely. That’s one of the biggest differentiators.”

Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).

Interview Spotlight

Streamlining Developer Workflows

The director of global engineering in retail discussed how Fastly helped improve internal productivity with its ease of use with Terraform: “Fastly is consistent in its developer-focused features. The key strategic things that stand out are its support of Terraform for deploying code changes and the ability to purge content quickly. A deployment or purging of content on [a competitor network] could take 10 minutes, whereas on Fastly, it’s seconds. Configuration and WAF changes are also difficult because [the competitor] has their proprietary language. Now, we can script or go through Terraform and deploy it within any of our other code changes, so it was a natural thing that our teams could immediately adopt and support very easily. It was a differentiator for us.”

Quantified cost data as applied to the composite

Total Costs

Ref.	Cost	Initial	Year 1	Year 2	Year 3	Total	Present Value
Etr	Enterprise license fees	$0	$378,000	$567,000	$756,000	$1,701,000	$1,380,225
Ftr	Internal planning, migration, and implementation costs	$178,969	$0	$0	$0	$178,969	$178,969
Gtr	Insights and ongoing maintenance costs	$0	$97,750	$97,750	$97,750	$293,250	$243,090
	Total costs (risk-adjusted)	$178,969	$475,750	$664,750	$853,750	$2,173,219	$1,802,284

Enterprise License Fees

Evidence and data. The interviewees’ organizations paid Fastly for licensing based on the number of users, modules, and features in use, which included Next-Gen WAF, Bot Management, API Security, and DDoS Protection.

The composite organization initially launched in North and South America in Year 1 before expanding to EMEA in Year 2, and APAC in Year 3.

“We choose Fastly for its overall offering. [The team] was highly responsive during the POC. They brought all the right people to the conversations, calls, and whiteboarding sessions. They’re not just selling a product; they are really in the trenches with us.”

Manager of cyber security, travel and hospitality

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

The composite organization pays $360,000 to deploy Fastly Next-Gen WAF, Bot Management, API Security, and DDoS Protection solutions in Year 1. The composite pays $540,000 in Year 2 and $720,000 in Year 3 as it expands into EMEA and APAC, respectively.
Pricing may vary. Contact Fastly for additional details.

Risks. Fees paid to Fastly may vary depending on the following:

The size of the organization and the overall scale of its engagement with Fastly.
The licensing agreement, modules, and specific features deployed.

Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of just under $1.4 million.

Enterprise License Fees

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
E1	Enterprise license fees (annual)	Interviews		$360,000	$540,000	$720,000
Et	Enterprise license fees	E1	$0	$360,000	$540,000	$720,000
	Risk adjustment	↑5%
Etr	Enterprise license fees (risk-adjusted)		$0	$378,000	$567,000	$756,000
Three-year total: $1,701,000		Three-year present value: $1,380,225

Internal Planning, Migration, And Implementation Costs

Evidence and data. Interviewees said their companies spent a significant amount of time on planning and migration before a relatively quick implementation engagement with Fastly.

Interviewees shared that their companies spent the most time on planning and migration from legacy solutions. These activities took approximately six months and used three to six individuals from internal engineering, security, and business teams.

2 to 3 weeks

Implementation time for Fastly WAAP solutions

Interviewees spent an average of two to three weeks implementing and deploying Fastly’s capabilities, which was inclusive of testing and rule tuning. The director of global engineering in retail described their experience and said, “The implementation was very quick; any configuration on our side was pretty easy and seamless.”
The manager of cyber security in travel and hospitality described their experience throughout the planning, migration, and implementation process: “It’s been great as far as the whole experience goes, because [Fastly was] with us every step of the way. They always brought the right individuals. I think the level of commitment from the organization was great.”

Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:

Five team members participate in the planning process.
The team spends 25% of its time participating in the planning process for 23 weeks.
The team spends 25% of its time implementing Fastly for three weeks.
The composite spends $40,000 to hire a third-party professional services organization to support internal planning, migration, and implementation. Implementation costs vary based on client needs and its size, geography, and modules deployed.

Risks. The costs for internal planning, migration, and implementation may vary depending on:

The number of team members involved in the planning and implementation of Fastly.
The size and complexity of the organization’s existing internal IT infrastructure and digital platform.
The organization’s requirements for internal design, security strategy, and compliance standards.
The choice to hire third-party professional services to support the planning process.

Results. To account for these risks, Forrester adjusted this cost upward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of just under $180,000.

“Deploying Fastly has been a smooth, fast, and easy transition. The Fastly team is very technical, and we appreciate their developer focus. They’re constantly bringing the right mix of technical resources.”

Director of global engineering, retail

Internal Planning, Migration, And Implementation Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
F1	Internal planning, migration, and implementation team FTEs	Interviews	5
F2	Internal planning and migration from legacy solution (weeks)	Interviews	23
F3	Fastly Application Security Solutions implementation (weeks)	Interviews	3
F4	Percentage of FTE time spent on internal planning, migration, and implementation	Interviews	25%
F5	Fully burdened annual salary for internal planning, migration, and implementation team member	TEI standard	$185,000
F6	Subtotal: Internal planning, migration, and implementation team costs	F1((F2+F3)/52) F4*F5	$115,625
F7	Third-party professional services supporting internal planning, migration, and implementation	Interviews	$40,000
Ft	Internal planning, migration, and implementation costs	F6+F7	$155,625	$0	$0	$0
	Risk adjustment	↑15%
Ftr	Internal planning, migration, and implementation costs (risk-adjusted)		$178,969	$0	$0	$0
Three-year total: $178,969		Three-year present value: $178,969

Insights And Ongoing Maintenance Costs

Evidence and data. After the initial launch of Fastly WAAP solutions, some interviewees’ companies used a small user group of cybersecurity engineers to gain additional insights and enhance their internal settings.

Interviewees described the overall need for maintenance with Fastly as relatively minimal compared to their prior solution, with one interviewee’s company using just one security engineer for ongoing maintenance. However, interviewees shared that their companies were investing in more resource access to gain additional insights from Fastly’s available data and reporting.
The security engineer in financial services discussed their experience: “Having insight into our web traffic and being able to identify malicious signals is one thing we get from Fastly. We use logging, detection, response, and signaling, which we can leverage into threat intel. These insights are great for us to start understanding trends.”

“It’s low cost on maintenance. We try to keep up to date on knowledge as much as possible, but everything else is kind of hands off and running on Fastly’s infrastructure.”

Head of platforms, media

The manager of cyber security discussed how they used Fastly to gain insights and drive value for their company: “From the security side, with the visibility I have, I can manage the traffic the way I want to. I have this ability to get in and make rule changes and shape my traffic.”

Modeling and assumptions.

There are 10 cybersecurity engineer FTEs focused on Fastly.
The engineers spend 5% of their time on insights and ongoing maintenance for Fastly WAAP.
The average fully burdened annual salary for a cybersecurity engineer is $170,000.

Risks. The costs for insights and ongoing maintenance may vary by:

The number of cybersecurity engineers participating in ongoing maintenance.
The average fully burdened annual salary for a cybersecurity engineer.

Results. To account for these risks, Forrester adjusted this cost upward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $243,000.

Insights And Ongoing Maintenance Costs

Ref.	Metric	Source	Initial	Year 1	Year 2	Year 3
G1	Cybersecurity engineer FTEs focused on Fastly	Composite		10	10	10
G2	Percentage of time spent on insights and ongoing maintenance for Fastly Application Security Solutions	Interviews		5%	5%	5%
G3	Fully burdened annual salary for a cybersecurity engineer	TEI standard		$170,000	$170,000	$170,000
Gt	Insights and ongoing maintenance costs	G1G2G3	$0	$85,000	$85,000	$85,000
	Risk adjustment	↑15%
Gtr	Insights and ongoing maintenance costs (risk-adjusted)		$0	$97,750	$97,750	$97,750
Three-year total: $293,250		Three-year present value: $243,090

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Total costs Total benefits Cumulative net benefits Initial Year 1 Year 2 Year 3

The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.

These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.

Cash Flow Analysis (Risk-Adjusted Estimates)

	Initial	Year 1	Year 2	Year 3	Total	Present Value
Total costs	($178,969)	($475,750)	($664,750)	($853,750)	($2,173,219)	($1,802,284)
Total benefits	$0	$1,377,425	$2,498,150	$3,618,875	$7,494,450	$6,035,706
Net benefits	($178,969)	$901,675	$1,833,400	$2,765,125	$5,321,231	$4,233,422
ROI						235%
Payback						<6 months

Appendix A: Total Economic Impact

Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.

Total Economic Impact Approach

Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”

PRESENT VALUE (PV)

The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
NET PRESENT VALUE (NPV)

The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
RETURN ON INVESTMENT (ROI)

A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
DISCOUNT RATE

The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
PAYBACK PERIOD

The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.

The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.

Appendix B: Endnotes

¹ Source: The Web Application Firewall Solutions Landscape, Q4 2024, Forrester Research, Inc., October 7, 2024.

² Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.

ABOUT FORRESTER CONSULTING

Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.

© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.

Cookie Settings

This website uses cookies to deliver functionality and enhance your experience. GDPR requires that we obtain your consent before activating these cookies. Please accept the use of cookies or review your cookie settings now.

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.

Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.

Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.

Please see our Privacy Policy for more information.

Executive Summary

Key Findings

Table Of Contents

Key Statistics

235%

$6.04M

$4.23M

<6 months

Benefits (Three-Year)

TEI Framework And Methodology

Due Diligence

Interviews

Composite Organization

Financial Model Framework

Case Study

Disclosures

The Fastly Application Security Solutions Customer Journey

Drivers leading to the WAAP investment

Interviews

Key Challenges

Investment Objectives

Composite Organization

Key Assumptions

Analysis Of Benefits

Quantified benefit data as applied to the composite

Total Benefits

Increased Conversions Profit

Increased Conversions Profit

Improved Operational Productivity

Improved Operational Productivity

Reduced Overage, Traffic, Challenge, And Other Charges

Reduced Overage, Traffic, Challenge, And Other Charges

Consolidated Security Infrastructure Costs

Consolidated Security Infrastructure Costs

Unquantified Benefits

Flexibility

Interview Spotlight

Streamlining Developer Workflows

Analysis Of Costs

Quantified cost data as applied to the composite

Total Costs

Enterprise License Fees

Enterprise License Fees

Internal Planning, Migration, And Implementation Costs

Internal Planning, Migration, And Implementation Costs

Insights And Ongoing Maintenance Costs

Insights And Ongoing Maintenance Costs

Financial Summary

Consolidated Three-Year, Risk-Adjusted Metrics

Cash Flow Chart (Risk-Adjusted)

Cash Flow Analysis (Risk-Adjusted Estimates)

Appendixes

Appendix A: Total Economic Impact

Total Economic Impact Approach

PRESENT VALUE (PV)

NET PRESENT VALUE (NPV)

RETURN ON INVESTMENT (ROI)

DISCOUNT RATE

PAYBACK PERIOD

Appendix B: Endnotes

ABOUT FORRESTER CONSULTING