The Total Economic Impact™ Of Microsoft Defender for Cloud

Cost Savings And Business Benefits Enabled By Defender for Cloud

A Forrester Total Economic Impact Study Commissioned By Microsoft, August 2024

As today’s enterprises optimize for hybrid and multicloud environments, they risk opening a multivariate attack surface to threat actors. Cloud workload security (CWS) plays an essential role in cloud adoption, cloud data, and threat protection. Savvy organizations leverage the business benefits of visibility as they migrate workloads and their security to the cloud.1

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) that embeds security across the entire application lifecycle, from development to runtime. Defender for Cloud provides a unified platform for Cloud Security Posture Management, DevOps security management, and cloud workload protections across multicloud and hybrid environments.

Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Microsoft Defender for Cloud.2 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Defender for Cloud on their organizations.

icon

Return on investment (ROI)

99%

icon

Net present value (NPV)

$4.25M

To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed five representatives with experience using Defender for Cloud. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization that is a global, North America-based company facing mounting cybersecurity threats to its multicloud infrastructure.

Interviewees said that as their organizations grew, their consumption of cloud services and increased cloud-based collaboration with partners and third parties increased their attack surfaces. Their legacy CWS tools were inefficient and ineffective, and they drained resources’ abilities to proactively respond to a gamut of threats. This left the organizations’ cloud environments — including mission-critical apps and workloads related to the continuous integration and continuous delivery (CI/CD) lifecycle —vulnerable to costly breaches.

The interviewees said that after the investment in Defender for Cloud, their organizations reduced their risk and improved their security and compliance postures at scale. This helped the organizations keep pace with compliance requirements in a dynamically shifting regulatory climate with added context provided on their security postures compared to their peers based on Microsoft cloud security benchmarks.

At the same time, interviewees pointed out that Defender for Cloud helped their organizations better position themselves for secure, efficient software development and collaboration with third-party partners for purposes such as research and development. Interviewees discussed how this reduced development effort and improved time to value to develop secure products that enable business growth.

Key Findings

Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:

  • Ten percent license savings compared to legacy security infrastructure tools and more than 1,700 hours of security stack administration avoided due to multicloud consolidation. With Defender for Cloud, the composite organization eliminates licensing and management costs for five tools over three years as it protects more workloads. This yields more than $1 million in cost savings.
  • Thirty percent improvement in SecOps productivity from expanded visibility, context, and automations. As the composite organization expands the volume of workloads protected by Defender for Cloud, it streamlines redundant multicloud security policies, eliminates manual patching processes, and gains efficiencies through other automations and integrations into the Microsoft ecosystem. Over three years, these productivity savings total more than $5.6 million.
  • Fifty percent reduction in false positives and 30% decrease in the time to investigate and remediate threats. With Defender for Cloud, the composite organization avoids more than 36,000 hours of investigation and remediation, and it reallocates $796,000 of SecOps labor effort to proactive threat-hunting and other higher-value activities.
  • Ten percent reduction in incidents needing response that would not have been caught in the prior environment. With Microsoft Defender for Cloud, the composite organization captures and resolves a greater number of real incidents not caught by previous solutions, and it provides greater context and prioritization. This improved posture helps the composite avoid $292,000 in costs related to data breaches.
  • Fifteen percent reduction in audit compliance overhead and lower reliance on auditing services. With Microsoft Defender for Cloud, the composite organization decreases the cost to remain in compliance, which streamlines meeting schedules and avoids auditing fees. Over three years, the value of this improved compliance posture totals $857,000.

Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:

  • Additional context and targeted guidance on security posture when leveraging Microsoft cloud security benchmarks.
  • A compressed, more secure development lifecycle giving way to DevSecOps efficiencies.
  • Less operational risk and improved visibility into the CI/CD.
  • Improved employee experience for SecOps team members.

Costs. Three-year, risk-adjusted PV costs for the composite organization include:

  • Microsoft Defender for Cloud fees for CNAPP and other workloads. The composite organization’s total fees to Microsoft for cloud native application protection platform and DevOps as well as subscription costs for Defender for Servers, Containers, Databases, Storage (and malware scanning), and APIs, as well as for Microsoft professional services come to $3.8 million over three years.
  • Internal and external implementation costs and maintenance overhead. The composite organization deploys workloads to Defender for Cloud in a phased approach during the three-year period, engaging external partner costs to support these deployments. Ongoing administration totals 855 hours over three years while implementation and maintenance costs $477,000.

The representative interviews and financial analysis found that a composite organization experiences benefits of $8.52 million over three years versus costs of $4.27 million, adding up to a net present value (NPV) of $4.25 million and an ROI of 99%.

Avoided potential costs related to data breaches

$292,000

“We are all looking for [more] speed and less risk, and … Microsoft is aligning themselves nicely with that. As you integrate any new solution, you are inevitably inviting the risk of a breach. So, having an extensible suite that is on the same platform helps to mollify that affect.”

Technical manager, B2B software

Key Statistics

  • icon icon

    Return on investment (ROI)

    99%
  • icon icon

    Benefits PV

    $8.52M
  • icon icon

    Net present value (NPV)

    $4.25M
  • icon icon

    Avoided potential costs of a data breach

    $292K
  • icon icon
  • icon icon
  • icon icon
  • icon icon

Benefits (Three-Year)

Multicloud and hybrid security infrastructure consolidation SecOps productivity gain Threat investigation and remediation acceleration Data breach-related cost reduction Audit compliance posture improvement

TEI Framework And Methodology

From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Defender for Cloud.

The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Defender for Cloud can have on an organization.

  1. Due Diligence

    Interviewed Microsoft stakeholders and Forrester analysts to gather data relative to Defender for Cloud.

  2. Interviews

    Interviewed five representatives at organizations using Defender for Cloud to obtain data about costs, benefits, and risks.

  3. Composite Organization

    Designed a composite organization based on characteristics of the interviewees’ organizations.

  4. Financial Model Framework

    Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.

  5. Case Study

    Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.

Disclosures

Readers should be aware of the following:

This study is commissioned by Microsoft and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.

Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Defender for Cloud.

Microsoft reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.

Microsoft provided the customer names for the interviews but did not participate in the interviews. The scope of the cyber security practice within Forrester is founded in industry knowledge and survey information from global organizations, updated on an annual basis. Further information is available from Forrester Business Technographics or with a Forrester analyst.

Consulting Team:

Courtenay O’Connor

Marianne Friis

Cookie Preferences

Accept Cookies

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.

Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.

Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.

Please see our Privacy Policy for more information.