[CONTENT]
$
USD
Total Economic Impact
Cost Savings And Business Benefits Enabled By Island
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY ISLAND, NOVEMBER 2025
Total Economic Impact
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY ISLAND, NOVEMBER 2025
Modern enterprises must balance several significant and often competing priorities, including enabling end users to work remotely across devices and SaaS applications, addressing evolving cybersecurity threats, adopting new AI capabilities, and managing a growing pile of technical debt. Adding to the complexity, knowledge workers are increasingly leveraging the browser as the central workspace from which they access their business applications. Given this new working paradigm, Forrester advocates investing in an enterprise browser technology to streamline IT controls and reduce complexity, consolidate security and remote access functions, reduce the risk of security threats, and boost user productivity.1
Island is an enterprise browser that can help organizations consolidate and enhance security, streamline IT management, and bolster workforce productivity by embedding critical controls and capabilities directly into the browsing experience. It integrates browser-based security and policy management, unmanaged device support, and built-in productivity and AI features to enable and augment browser-based workflows.
Island commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Island.2 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Island on their organizations.
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four decision-makers with experience using Island. For the purposes of this study, Forrester aggregated the experiences of the interviewees and combined the results into a single composite organization, which operates globally with $500 million in annual revenue and 5,000 FTEs, including 1,000 corporate employees, 3,500 agents, and 500 contractors.
Interviewees said that prior to using Island, their organizations leveraged multiple browsers, extensions, and third-party security and remote access tools. However, these fragmented tools left security gaps, overburdened IT teams, and created unnecessary workflow bottlenecks. These issues compounded, ultimately increasing technology costs, amplifying risks, and hampering user productivity.
After the investment in Island, the interviewees’ organizations successfully consolidated numerous browser, security, and remote access tools with less comprehensive or redundant functionality. Key results from the investment include operational IT efficiencies, enhanced security and controls, technology cost savings, and improved productivity.
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Time savings of 12 minutes per day using Island’s productivity and AI tools. Island can enhance employee productivity by embedding tools directly into the browser that simplify daily workflows. Features like VPN-less access, password management, clipboard functionality, and home page customization can reduce the time the composite’s employees spend searching for applications or reentering repetitive information. Additionally, Island’s AI assistant enables employees to summarize content, query for answers, and improve communication tone quickly, saving valuable minutes on routine tasks. Over three years, these cumulative time savings result in significant productivity gains, amounting to $5.1 million for the composite organization.
Legacy technology cost savings of more than $1 million per year. By reducing or replacing legacy endpoint security and remote access tools such as virtual desktop infrastructure (VDI), VPNs, Zero Trust network access (ZTNA)/ secure access service edge (SASE), and endpoint data loss prevention (DLP) solutions, the composite organization eliminates redundant costs associated with software and hardware licensing. Additionally, Island enables the organization to expand its bring-your-own-device (BYOD) program to contractors, reducing the need to provide and replace corporate-issued laptops. These consolidated savings amount to $3.1 million over three years.
Security risk exposure reduction by up to 90%. Embedding critical controls within the browser, including device fingerprinting, IP allowlisting, and granular DLP policies, strengthens the composite organization’s security posture. These features help mitigate risks such as credential theft, phishing, and malicious browser extensions while ensuring compliance across devices and endpoints. By reducing the likelihood of security breaches and unauthorized data exposure, the composite organization avoids potential costs related to remediation, penalties, and lost trust, totaling $800,000 over three years.
Latency reduction of 300 milliseconds per web request. The composite optimizes its browsing performance by removing latency caused by additional security agents, unnecessary web traffic, inefficient browser extensions, and ad-ridden content delivery network overhead. Employees experience faster uploads, downloads, and web requests, allowing them to complete tasks more efficiently. The resulting time savings equal $515,000 over three years.
Access control management streamlined by 50% per access policy. Island simplifies the composite’s IT workflows by automating user provisioning and centralizing access control policies. IT teams can set permissions and create granular policies for individuals, departments, or clients in half the time compared to their previous environments. This streamlined process reduces the complexity of managing multiple access control tools, freeing IT resources to focus on higher-value strategic initiatives. Over three years, these efficiencies generate $121,000 for the composite organization.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Simplified vendor management. In addition to reducing technology costs, Island also reduces the complexity of managing multiple security and productivity tools by centralizing key functionalities within its enterprise browser.
Flexibility. Customers might adopt Island and later realize additional uses and business opportunities, including:
Easier scaling for future growth. Island’s centralized management and flexible deployment model position organizations to scale effectively as their workforces grow or as they onboard new contractors.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
Software licensing costs of $1.6 million. The composite organization incurs annual licensing costs for Island’s enterprise secure browser and optional add-ons, Island Private Access (IPA), and Dedicated IP. These add-ons expand functionality by enabling secure access to on-prem resources and IP allowlisting for SaaS applications.
Internal deployment and administration costs of $545,000. IT engineers and administrators dedicate time to onboard users, train employees, and create documentation to support adoption. Although the composite onboards most users during the first year, it incurs incremental costs in Years 2 and 3 due to additional onboarding efforts for new users.
Configurations for access policies costs of $67,000. During the initial implementation phase, the composite organization invests engineering hours to configure access policies tailored to organizational needs. These upfront costs include creating and testing granular rules, group-based permissions, and integrations with existing identity and access management systems.
The financial analysis that is based on the interviews found that a composite organization experiences benefits of $9.7 million over three years versus costs of $2.2 million, adding up to a net present value (NPV) of $7.5 million and an ROI of 344%.
Return on investment (ROI)
Benefits PV
Net present value (NPV)
Enterprise Browsers
Forrester defines the secure enterprise browser as an emerging solution that “adds advanced controls to the web experience, providing better security and management of software as a service and internal web application delivery than traditional browsers.”3 Enterprise browsers are becoming strategic investments for IT and security leaders, as they address multiple pain points simultaneously. Traditional browsers, even those with centralized policy controls, lack the depth of security features and backend services enterprise browsers offer. For example, enterprise browsers can enforce data protection policies directly within the browser, such as masking sensitive information, controlling downloads, and preventing unauthorized access — capabilities that are increasingly critical in environments with diverse endpoints and hybrid workforces.4
Additionally, enterprise browsers provide VPN-free private access to internal applications while integrating seamlessly into broader security frameworks, including DLP, encryption, and persistent data control technologies. This convergence of capabilities reduces complexity, improves visibility, and enhances operational efficiency, making enterprise browsers a priority spend area for organizations looking to modernize their IT security stacks.5
Further adding to the demand for these capabilities, people are increasingly performing knowledge work on a browser. In Forrester’s Workforce Survey, 2023, nearly half of respondents (49%) could perform all functions of their work within a web browser and another 34% could perform the majority of their work via a browser.6
Base: 4,976 respondents employed full time or part time who use a computer at least weekly for work purposes
Source: Forrester’s Workforce Survey, 2023
These workers are also increasingly content with using a browser for work. Longitudinal data from the same survey shows that satisfaction levels while accessing internal applications has been steadily increasing, from 66% in 2019 to 77% in 2023.7
Note: Showing responses 4 and 5 on a scale of 1 (“Not at all satisfied”) to 5 (“Very satisfied”)
Base: Variable global information workers who use the employee intranet on a computer at least weekly
Source: Forrester’s Workforce Surveys, 2019 to 2023
As organizations increasingly embrace hybrid work, BYOD, and cloud-based applications, the enterprise browser space will continue to mature and reach widespread adoption, becoming a cornerstone of the broader Zero Trust and data security ecosystem. Solutions that continue to evolve and address IT, security, and business pain points during this transition will set the new paradigm for browser-based work.
| Role | Industry | Revenue | Employees |
|---|---|---|---|
| CIO and CISO | Higher education | Less than $250M | Fewer than 1,000 |
| CISO | Insurance | $250M to $500M | 1,000 to 2,000 |
| CTO | Business process outsourcing | $250M to $500M | 1,000 to 2,000 |
| CISO | Retail | $1B+ | 8,000+ |
Before adopting Island, interviewees described a fragmented IT environment that relied on multiple third-party solutions, extensions, and browsers to enable secure work in a distributed environment. These tools added complexity and costs while failing to fully address key security and productivity needs. Interviewees noted how their organizations struggled with common challenges, including:
Spiraling technology costs. Interviewees described how relying on separate tools for endpoint security, remote access, and DLP drove up costs, especially as their organizations grew. IT teams struggled to justify the rising expenses associated with maintaining overlapping solutions, which drained resources from other strategic initiatives. The CISO at a retail organization noted, “We were managing multiple tools for security and remote access, and the licensing costs alone were becoming unsustainable.”
Complexity and inefficiencies managing multiple tools. Managing a siloed and disparate technology stack required IT teams to juggle multiple vendors, tools, and licensing agreements, leading to higher administrative overhead and slower response times. For example, configuring access policies often involved manual setups across different systems, consuming valuable engineering hours and delaying implementation. The CTO at a business process outsourcing firm noted, “We had to coordinate across multiple vendors just to enforce simple access policies, and the time and effort required slowed down operations.”
Insufficient security controls. Legacy tools struggled to fully address risks such as phishing, credential theft, and data exfiltration, particularly on unmanaged devices. Interviewees noted that it was difficult to secure BYOD environments without issuing corporate hardware, and stolen credentials frequently posed threats due to limited device-level authentication.
Productivity bottlenecks. Legacy solutions introduced latency that slowed uploads, downloads, and web requests, frustrating employees and reducing efficiency. Additionally, tools like VPNs caused frequent connection drops, forcing employees to log in repeatedly, which disrupted workflows and wasted time. The CIO and CISO at a higher education organization shared, “Whether it was waiting on slow web requests or dealing with connection issues, employees were losing valuable time every day due to inefficiencies in our legacy tools.”
Limited visibility into user activity. IT teams lacked transparency into where threats were coming from, which sites employees were accessing, and what they needed to block or allow. Interviewees noted that legacy tools provided incomplete views of user behavior, which made it difficult to identify risky activity or enforce policies effectively. The CIO and CISO at a higher education organization shared: “Island gave us visibility into what sites users were visiting and where risks were coming from. This allowed us to block harmful activity while enabling legitimate workflows and ensuring compliance.”
The interviewees searched for a solution that could:
Consolidate multiple endpoint security and remote access tools.
Provide robust security features.
Streamline user onboarding and access management.
Enhance employee productivity.
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The $500 million organization provides customer support, sales, and administrative functions to its diverse client base. Headquartered in North America with global operations, it employs 5,000 FTEs, including 1,000 corporate employees, 3,500 customer service agents, and 500 contractors. Before adopting Island, the organization relied on a fragmented technology stack, including multiple browsers with extensions and distinct VDI, DLP, VPN, and ZTNA/SASE solutions, which added complexity and costs to its operations.
Deployment characteristics. The composite organization deploys Island across the enterprise in three distinct phases, each spanning one year. Phase one includes agents, contractors, and 100 IT employees. Phase two includes an additional 450 corporate employees in departments that handle sensitive data, such as HR and finance. Finally, phase three deploys Island to the remainder of the organization, which includes 450 corporate employees working in departments such as marketing and sales.
$500 million in annual revenue
125 unique access policies
1,000 corporate employees
3,500 agents
500 contractors
| Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|
| Atr | Productivity boost from AI and workflow automation | $1,876,160 | $2,082,080 | $2,288,000 | $6,246,240 | $5,145,336 |
| Btr | Legacy software and hardware cost savings | $1,182,600 | $1,260,360 | $1,308,960 | $3,751,920 | $3,100,152 |
| Ctr | Strengthened security | $320,045 | $320,045 | $320,045 | $960,135 | $795,905 |
| Dtr | Reduced latency | $187,616 | $208,208 | $228,800 | $624,624 | $514,534 |
| Etr | Streamlined access control management | $48,708 | $48,708 | $48,708 | $146,124 | $121,130 |
| Total benefits (risk-adjusted) | $3,615,129 | $3,919,401 | $4,194,513 | $11,729,043 | $9,677,057 |
Evidence and data. Interviewees consistently reported that Island’s embedded productivity tools, such as VPN-less access, clipboard functionality, home page customization, password management, and AI assistant, significantly streamlined workflows and saved employees time on routine tasks. Employees leveraged the clipboard feature to input preprogrammed information quickly and eliminated the need to retype common text, while the password manager simplified login processes and reduced downtime caused by forgotten credentials. Additionally, IT teams customized Island’s home page to centralize access to frequently used applications, enabling employees to organize and launch their work environments frictionlessly. Finally, users leveraged the built-in AI assistant to find solutions quickly, summarize content, and improve communications.
The CIO and CISO at a higher education organization noted, “Since rolling out Island, agents have started using the clipboard feature thousands of times a day, reducing repetitive typing and improving workflow speeds.”
The CISO at a retail organization stated, “Employees save 5 to 10 minutes per day just by not having to log into the VPN or deal with dropped connections.”
The CISO at an insurance company said, “The home page provides a one-stop shop for all [employees’] apps, saving time compared to hunting through bookmarks or disparate systems.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
In Year 1, 4,100 employees use Island. The user base grows to 4,550 in Year 2 and 5,000 in Year 3.
Time saved due to productivity gains translates into hours saved per year, which the composite recaptures at a productivity rate of 25%.
Risks. Other organizations may experience varying results depending on the following factors:
User adoption may vary across departments, with some employees preferring legacy workflows over Island’s productivity features.
Initial training and onboarding may temporarily reduce productivity until employees become familiar with the platform’s features.
The extent of time savings could depend on the complexity of tasks performed by different user groups, with some workflows benefiting more than others.
Results. To account for these risks, Forrester adjusted this benefit downward by 20%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $5.1 million.
Daily time savings per user
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| A1 | Island users | Composite | 4,100 | 4,550 | 5,000 | |
| A2 | Time saved per day by leveraging Island AI and workflow automation tools per user (hours) | Interviews | 0.20 | 0.20 | 0.20 | |
| A3 | Workdays | TEI standard | 260 | 260 | 260 | |
| A4 | Total user time saved by leveraging Island AI and workflow automation tools (hours) | A1*A2*A3 | 213,200 | 236,600 | 260,000 | |
| A5 | Average fully burdened hourly rate for an FTE | TEI standard | $44 | $44 | $44 | |
| A6 | Productivity recapture | TEI standard | 25% | 25% | 25% | |
| At | Productivity boost from AI and workflow automation | A4*A5*A6 | $2,345,200 | $2,602,600 | $2,860,000 | |
| Risk adjustment | ↓20% | |||||
| Atr | Productivity boost from AI and workflow automation (risk-adjusted) | $1,876,160 | $2,082,080 | $2,288,000 | ||
| Three-year total: $6,246,240 | Three-year present value: $5,145,336 | |||||
Evidence and data. Interviewees highlighted how Island’s comprehensive functionality enabled their organizations to reduce reliance on multiple endpoint security and remote access solutions, leading to significant cost savings. By replacing legacy VDI, DLP, VPN, and ZTNA/SASE tools, interviewees’ organizations streamlined their technology stacks and eliminated substantial licensing costs. Additionally, Island’s BYOD capabilities allowed contractors to use their own hardware, reducing the need for hardware refreshes.
The CISO at a retail organization noted, “We’re actually looking to replace VDI, ZTNA, VPN, and data security solutions altogether — or at least scale them down significantly — since we now have Island handling much of that workload.”
The CIO and CISO at a higher education organization shared, “We eliminated almost all of our VPN licenses and scaled back our planned purchase of DLP licenses by rolling those capabilities into Island.”
The CISO at an insurance organization stated, “Island’s BYOD model reduced our need to provision corporate laptops for contractors, saving thousands in hardware costs annually.”
Modeling and assumptions. Based on the interviews, Forrester assumes the composite organization replaces licenses for the following users:
VDI: Only contractors who previously worked on unmanaged corporate devices before Island.
DLP: Phase two corporate employees, agents, and contractors. IT teams still retain their DLP licenses for redundancy and specialized use cases.
VPN: All non-IT corporate employees. IT teams still retain both VPN and ZTNA licenses for redundancy and specialized use cases.
Risks. Other organizations may experience varying results depending on the following factors:
Some organizations may continue to require legacy tools for specific use cases, limiting the extent of savings realization.
Organizations may face resistance from stakeholders accustomed to legacy tools, delaying adoption and full savings realization.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $3.1 million.
Annual savings for reduced or replaced technology
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| B1 | VDI licenses replaced | Composite | 500 | 500 | 500 | |
| B2 | Monthly user VDI total cost | Interviews | $45 | $45 | $45 | |
| B3 | Subtotal: VDI savings | B1*B2*12 | $270,000 | $270,000 | $270,000 | |
| B4 | DLP licenses replaced | Composite | 4,000 | 4,450 | 4,450 | |
| B5 | Monthly user DLP licensing cost | Interviews | $6 | $6 | $6 | |
| B6 | Subtotal: DLP savings | B4*B5*12 | $288,000 | $320,400 | $320,400 | |
| B7 | VPN licenses replaced | Composite | 0 | 450 | 900 | |
| B8 | Monthly user VPN licensing cost | Interviews | $10 | $10 | $10 | |
| B9 | Subtotal: VPN savings | B7*B8*12 | $0 | $54,000 | $108,000 | |
| B10 | ZTNA/SASE licenses replaced | Composite | 4,000 | 4,000 | 4,000 | |
| B11 | Monthly user ZTNA/SASE licensing cost | Interviews | $12 | $12 | $12 | |
| B12 | Subtotal: ZTNA/SASE savings | B10*B11*12 | $576,000 | $576,000 | $576,000 | |
| B13 | Contractors eligible for hardware refresh | Interviews | 150 | 150 | 150 | |
| B14 | Cost per device | Interviews | $1,200 | $1,200 | $1,200 | |
| B15 | Subtotal: BYOD hardware savings | B13*B14 | $180,000 | $180,000 | $180,000 | |
| Bt | Legacy software and hardware cost savings | B3+B6+B9+B12+B15 | $1,314,000 | $1,400,400 | $1,454,400 | |
| Risk adjustment | ↓10% | |||||
| Btr | Legacy software and hardware cost savings (risk-adjusted) | $1,182,600 | $1,260,360 | $1,308,960 | ||
| Three-year total: $3,751,920 | Three-year present value: $3,100,152 | |||||
Evidence and data. Interviewees described how Island’s layered security features embedded directly into the browser significantly reduced phishing, credential theft, and data exfiltration risks, thereby strengthening organizational security posture. They said that features such as device fingerprinting, IP allowlisting, browser hardening, and granular DLP policies enabled their organizations to enforce robust security protocols across all endpoints, including BYOD devices.
The CISO at a retail organization explained, “Island mitigates risks from credential theft because even if credentials are stolen, they’re effectively useless unless the attacker is coming from an approved device and location.”
The CIO and CISO at a higher education institution noted, “With Island, we can ensure sensitive SaaS applications are only accessible from the Island browser, reducing exposure to phishing and malicious browser extensions.”
The CTO at a business process outsourcing firm shared, “Island gave us the visibility and controls to enforce endpoint security even on unmanaged devices, which was critical for reducing risks in our BYOD environment.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Based on Forrester’s Security Survey, 2024, the cumulative cost of breaches for the composite organization is $2,429,000.8
The likelihood of the composite organization experiencing one or more breaches per year is 61%.9
Island addresses 30% of these risks with its embedded security capabilities, such as device fingerprinting, granular DLP policies, and IP allowlisting.10
Island reduces the likelihood of exposure to breach costs from addressable risks by 90%.
Risks. Other organizations may experience varying results; effectiveness depends on the proper configuration and adoption of Island’s security features, which could vary across departments.
Results. To account for these risks, Forrester adjusted this benefit downward by 20%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $796,000.
Reduction in addressable security risks
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| C1 | Cumulative cost of breaches for the composite | Forrester research | $2,429,000 | $2,429,000 | $2,429,000 | |
| C2 | Likelihood of experiencing one or more breaches per year for the composite | Forrester research | 61% | 61% | 61% | |
| C3 | Percentage of those attacks addressable with Island | Interviews | 30% | 30% | 30% | |
| C4 | Annual risk exposure addressable with Island | C1*C2*C3 | $444,507 | $444,507 | $444,507 | |
| C5 | Reduced risk of exposure to breach costs from addressable attacks with Island | Interviews | 90% | 90% | 90% | |
| Ct | Strengthened security | C4*C5 | $400,056 | $400,056 | $400,056 | |
| Risk adjustment | ↓20% | |||||
| Ctr | Strengthened security (risk-adjusted) | $320,045 | $320,045 | $320,045 | ||
| Three-year total: $960,135 | Three-year present value: $795,905 | |||||
Evidence and data. Interviewees noted that Island’s platform significantly reduced latency caused by legacy solutions, improving browsing speed and optimizing workflows. By eliminating inefficiencies created by VDIs, DLP agents, and VPN tools, employees experienced faster uploads, downloads, and web requests. These improvements enhanced productivity by removing delays associated with excessive web traffic and inefficient browser extensions.
The CISO at a retail organization stated: “Island removed the latency caused by legacy tools like DLP and ZTNA. Employees now upload and download data much faster, which has streamlined their workflows.”
The CISO at an insurance company mentioned, “With Island, web requests are noticeably faster, and employees can complete tasks more efficiently without interruptions or delays.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Employees make an average of 30 web requests per hour during their workdays.
In Year 1, 4,100 employees use Island. The user base grows to 4,550 in Year 2 and 5,000 in Year 3.
Time saved due to reduced latency translates into hours saved per year, which the composite recaptures at a productivity rate of 25%.
Risks. Other organizations may experience varying results depending on the following factors:
Latency improvements may vary depending on the types of web requests employees make, with some workflows benefiting more than others.
Organizations may continue to require legacy tools for certain use cases, which could limit the extent of latency reduction.
Results. To account for these risks, Forrester adjusted this benefit downward by 20%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $515,000.
Reduction in latency
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| D1 | Average latency per web request pre-Island (seconds) | Interviews | 0.5 | 0.5 | 0.5 | |
| D2 | Percentage reduction in latency with Island | Interviews | 60% | 60% | 60% | |
| D3 | Reduced latency per web request with Island (seconds) | D1*D2 | 0.3 | 0.3 | 0.3 | |
| D4 | Average web requests per hour | Interviews | 30 | 30 | 30 | |
| D5 | Island users | Composite | 4,100 | 4,550 | 5,000 | |
| D6 | Time saved due to reduced web latency (hours) | (D3*D4*D5*2,080)/3,600 | 21,320 | 23,660 | 26,000 | |
| D7 | Average fully burdened hourly rate for an FTE | TEI standard | $44 | $44 | $44 | |
| D8 | Productivity recapture | TEI standard | 25% | 25% | 25% | |
| Dt | Reduced latency | D6*D7*D8 | $234,520 | $260,260 | $286,000 | |
| Risk adjustment | ↓20% | |||||
| Dtr | Reduced latency (risk-adjusted) | $187,616 | $208,208 | $228,800 | ||
| Three-year total: $624,624 | Three-year present value: $514,534 | |||||
Evidence and data. Interviewees reported that Island’s centralized management platform and automation capabilities significantly reduced the complexity and time required to configure and adjust access control policies. By enabling group-based permissions and automated provisioning, IT teams streamlined processes that previously required manual intervention and coordination across multiple tools. These improvements saved engineering hours and freed IT resources for higher-value strategic initiatives.
The CISO at an insurance organization shared: ”Island’s centralized access controls have drastically simplified our workflows. Adjustments that used to require hours of engineering time across multiple tools can now be completed in less than half the time and within a single platform.”
The CISO at a retail company stated: “With Island, configuring access control policies is much faster and easier. We’ve cut the time spent on these adjustments by half, allowing IT teams to focus on other priorities.”
The CTO at a business process outsourcing firm noted: “Island’s automation capabilities have been a game changer for managing access controls. It’s simplified what used to be a highly manual process.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization manages 41 access policies annually, with 10 adjustments per policy per year.
Time saved due to streamlined access control management translates into hours saved per year, which the composite recaptures at a productivity rate of 75%.
Risks. Other organizations may experience varying results, as access policies may require complex customizations that could limit automation efficiencies.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $121,000.
Faster configurations of access policies
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| E1 | Access policies | Composite | 41 | 41 | 41 | |
| E2 | Adjustments to rules per access policy | Interviews | 10 | 10 | 10 | |
| E3 | Engineering time to adjust rules and configurations per access policy pre-Island (hours) | Interviews | 4 | 4 | 4 | |
| E4 | Percentage reduction in engineering time needed for policy configurations | Interviews | 50% | 50% | 50% | |
| E5 | Engineering time to adjust rules and configurations per access policy with Island (hours) | E3*E4 | 2 | 2 | 2 | |
| E6 | Fully burdened hourly rate for an IT engineer | TEI standard | $88 | $88 | $88 | |
| E7 | Productivity recapture | TEI standard | 75% | 75% | 75% | |
| Et | Streamlined access control management | E1*E2*E5*E6*E7 | $54,120 | $54,120 | $54,120 | |
| Risk adjustment | ↓10% | |||||
| Etr | Streamlined access control management (risk-adjusted) | $48,708 | $48,708 | $48,708 | ||
| Three-year total: $146,124 | Three-year present value: $121,130 | |||||
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Simplified vendor management. In addition to reducing technology costs, Island also reduces the complexity of managing multiple security and productivity tools by centralizing key functionalities within its enterprise browser. This reduction in vendor sprawl simplifies management and allows IT teams to focus on optimizing their security posture rather than maintaining a fragmented technology stack. As the CIO and CISO at a higher education institution shared, “We were able to consolidate tools like VPN and password managers into Island, reducing the complexity of our environment and giving us a more streamlined approach to managing our security stack.”
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Island and later realize additional uses and business opportunities, including:
Easier scaling for future growth. Island’s centralized management and flexible deployment model position organizations to scale as they grow their workforces or onboard new contractors. With features such as group-based access controls and automated provisioning, IT teams can accommodate increased user demands without proportional increases in administrative workloads.
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Total Economic Impact Approach).
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Ftr | Software licensing | $0 | $586,200 | $632,100 | $678,000 | $1,896,300 | $1,564,697 |
| Gtr | Internal deployment and administration | $0 | $503,685 | $55,283 | $55,283 | $614,251 | $545,118 |
| Htr | Configurations for access policies | $67,470 | $0 | $0 | $0 | $67,470 | $67,470 |
| Total costs (risk-adjusted) | $67,470 | $1,089,885 | $687,383 | $733,283 | $2,578,020 | $2,177,285 |
Evidence and data. Interviewees outlined the costs associated with Island’s enterprise browser licensing and its optional add-ons, including ZTNA-based IPA and Island Dedicated IP. Although the base licensing provides comprehensive capabilities for security and productivity, interviewees’ organizations added IPA to enable secure access to on-premises resources and Dedicated IP to facilitate IP allowlisting for SaaS applications.
The CIO and CISO at a higher education organization explained: “Island’s licensing costs were justified by the breadth of functionality. The ability to centralize tools like DLP and VPN into the browser made the investment cost-effective.”
The CTO at a business process outsourcing firm noted, “Island’s pricing structure is straightforward, and while the add-ons come at a premium, they provide significant value for organizations with complex security requirements.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
Island provides base enterprise browser licenses to all users according to the phased approach outlined in the Composite Organization section. In Year 1, this group includes 4,100 users. The user base grows to 4,550 in Year 2 and 5,000 in Year 3.
Only agents and contractors receive IPA add-on licenses.
Agents, contractors, and IT employees receive dedicated IP add-on licenses.
Results. Forrester made no adjustments to software licensing costs since these reflect standard pricing. Island licensing represents a three-year, total cost PV (discounted at 10%) of $1.6 million.
Software licensing percentage of total costs
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| F1 | Enterprise secure browser licensing | Interviews | $295,200 | $327,600 | $360,000 | |
| F2 | IPA add-on licensing | Interviews | $168,000 | $168,000 | $168,000 | |
| F3 | Dedicated IP add-on licensing | Interviews | $123,000 | $136,500 | $150,000 | |
| Ft | Software licensing | F1+F2+F3 | $0 | $586,200 | $632,100 | $678,000 |
| Risk adjustment | 0% | |||||
| Ftr | Software licensing (risk-adjusted) | $0 | $586,200 | $632,100 | $678,000 | |
| Three-year total: $1,896,300 | Three-year present value: $1,564,697 | |||||
Evidence and data. Interviewees described the effort required to deploy and administer Island across their organizations as minimal. Key steps included initial user setup, ongoing training, documentation, and communication. IT engineers spent time configuring user accounts and ensuring compatibility with existing systems, while administrators provided training and created materials to support adoption.
The CISO at an insurance organization shared: “We focused on creating detailed onboarding materials and providing hands-on training for our teams. It paid off, as users quickly adapted to Island and were able to leverage its features without much follow-up support.”
The CIO and CISO at a higher education organization shared: “We prioritized training and documentation early to ensure users felt confident with the platform. The feedback we received was overwhelmingly positive, with most users finding Island intuitive and easy to use.”
Modeling and assumptions. Based on the interviews, Forrester assumes that the composite organization onboards 4,100 users to Island in Year 1, followed by an additional 450 users in both Year 2 and Year 3 as per the phased approach outlined in the Composite Organization section.
Risks. Other organizations may experience varying costs depending on the following factors:
Larger organizations with diverse workflows may require more extensive training and documentation, increasing administrative costs.
Resistance to change from users accustomed to legacy tools may necessitate additional communication and support.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $545,000.
Internal deployment percentage of total costs
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| G1 | FTEs onboarded to Island | Composite | 4,100 | 450 | 450 | |
| G2 | Engineering time needed for setup, configuration, and change management per user (hours) | Interviews | 1 | 1 | 1 | |
| G3 | Fully burdened hourly rate for an IT engineer | TEI standard | $88 | $88 | $88 | |
| G4 | IT admin time needed for training, documentation, and communications per user (hours) | Interviews | 0.5 | 0.5 | 0.5 | |
| G5 | Fully burdened hourly rate for an IT admin | TEI standard | $58 | $58 | $58 | |
| Gt | Internal deployment and administration | (G1*G2*G3)+(G1*G4*G5) | $0 | $479,700 | $52,650 | $52,650 |
| Risk adjustment | ↑5% | |||||
| Gtr | Internal deployment and administration (risk-adjusted) | $0 | $503,685 | $55,283 | $55,283 | |
| Three-year total: $614,251 | Three-year present value: $545,118 | |||||
Evidence and data. Interviewees explained that initial configurations for access policies required upfront engineering effort to build rules and settings tailored to their organization’s needs. IT teams spent time creating granular controls, group-based access policies, and integrations with existing identity and access management (IAM) systems. This investment was a one-time effort that enabled their organizations to realize long-term efficiencies in managing and adjusting policies over time. The CTO at a business process outsourcing firm stated, “We took some time to build rules, configurations, and integrations at the start, which made any future adjustments much easier.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite organization configures 41 access policies during the initial implementation phase. This reflects the deployment for a large enterprise using Island broadly across internal and customer-facing use cases. Organizations leveraging Island for smaller, more targeted deployments may configure less than 20 access policies in its tenant.
Each policy requires 17 hours of engineering time to build initial rules, configurations, and user acceptance testing. Usually, the testing efforts are passive and require little more than observation.
Risks. Other organizations may experience varying costs depending on the following factors:
The complexity of access policies may vary across organizations, requiring more engineering hours for policies tied to sensitive data or multi-factor authentication.
Integrations with existing IAM systems or legacy tools may introduce unforeseen technical challenges, increasing setup time.
Organizations may require external professional services or consultants to assist with configurations, adding to initial costs.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $67,000.
Configurations for access policies percentage of total costs
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| H1 | Access policies | Composite | 41 | |||
| H2 | Engineering time needed to build initial rules and configurations per access policy (hours) | Interviews | 17 | |||
| H3 | Fully burdened hourly rate for an IT engineer | TEI standard | $88 | |||
| Ht | Configurations for access policies | H1*H2*H3 | $61,336 | $0 | $0 | $0 |
| Risk adjustment | ↑10% | |||||
| Htr | Configurations for access policies (risk-adjusted) | $67,470 | $0 | $0 | $0 | |
| Three-year total: $67,470 | Three-year present value: $67,470 | |||||
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | ($67,470) | ($1,089,885) | ($687,383) | ($733,283) | ($2,578,020) | ($2,177,285) |
| Total benefits | $0 | $3,615,129 | $3,919,401 | $4,194,513 | $11,729,043 | $9,677,057 |
| Net benefits | ($67,470) | $2,525,244 | $3,232,019 | $3,461,231 | $9,151,023 | $7,499,772 |
| ROI | 344% |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Island.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Island can have on an organization.
Interviewed Island stakeholders and Forrester analysts to gather data relative to Island.
Interviewed four decision-makers at organizations using Island to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
Related Forrester Research
Endpoint Security Market Insights, 2025, Forrester Research, Inc., March 26, 2025.
The State Of Bring Your Own Device, 2024, Forrester Research, Inc., November 14, 2024.
Predictions 2025: Cybersecurity, Risk, And Privacy, Forrester Research, Inc., October 1, 2024.
Budget Planning Guide 2025: Security And Risk, Forrester Research, Inc., August 1, 2024.
Leading Practices To Secure The Anywhere-Work Browser, Forrester Research, Inc., February 8, 2024.
Securing The Browser In The World Of Anywhere Work, Forrester Research, Inc., November 3, 2022.
How To Secure Your Virtual Desktop Infrastructure Deployment, Forrester Research, Inc., April 13, 2022.
1 Source: The Forrester Tech Tide™: End-User Computing, Q2 2025, Forrester Research, Inc., April 25, 2025.
2 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
3 Source: The Forrester Tech Tide™: End-User Computing, Q2 2025, Forrester Research, Inc., April 25, 2025.
4 Source: Paddy Harrington, Enterprise Browsers Reignite The Browser Wars But This Time For Businesses, Forrester Blogs.
5 Source: The Guide To Data Security Controls, Forrester Research, Inc., July 25, 2024.
6 Source: Forrester’s Workforce Survey, 2023.
7 Source: Forrester’s Workforce Surveys, 2019 to 2023.
8 Regression analysis of the reported total cumulative costs of all breaches experienced by security decision-makers’ organizations in the past 12 months. The composite organization’s revenue is used as the input to the regression formula. Source: Forrester’s Security Survey, 2024, “Using your best estimate, what was the total cumulative cost of all breaches experienced by your organization in the past 12 months?” Base: 1,660 global security decision-makers who have experienced a breach in the past 12 months.
9 Regression analysis of the likelihood of experiencing one or more breaches, using the frequency that organizations experienced breaches in the past 12 months as reported by security decision-makers. The composite organization’s revenue is used as the input to the regression formula. Source: Forrester’s Security Survey, 2024, “How many times do you estimate that your organization’s sensitive data was potentially compromised or breached in the past 12 months?” Base: 2,769 global security decision-makers.
10 Percentage of breaches by primary attack vector for breaches, as reported by security decision-makers whose organizations experienced at least one breach in the last 12 months. Source: Forrester’s Security Survey, 2024, “Of the times that your organization’s sensitive data was potentially compromised or breached in the past 12 months, please indicate how many of each fall into the categories below.” Base: 1,542 global security decision-makers who have experienced a breach in the past 12 months.
Readers should be aware of the following:
This study is commissioned by Island and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Island.
Island reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Island provided the customer names for the interviews but did not participate in the interviews.
David Park
Marianne Friis
November 2025
ABOUT FORRESTER CONSULTING
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
https://mainstayadvisor.com/go/mainstay/gdpr/policy.html
PDF