[CONTENT]
$
USD
Total Economic Impact
Cost Savings And Business Benefits Enabled By Rocket Secure Host Access
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY Rocket Software, September 2025
Total Economic Impact
A FORRESTER TOTAL ECONOMIC IMPACT STUDY COMMISSIONED BY Rocket Software, September 2025
In today’s hybrid IT environments, organizations that continue to rely on mainframe systems face mounting challenges in managing secure, scalable, and efficient access for thousands of users. IT administrative teams are often burdened with fragmented access methods, legacy emulators, and manual provisioning processes that strain limited resources and hinder modernization efforts. Rocket Software’s Rocket Secure Host Access solution addresses these challenges by modernizing mainframe and other host system access without disrupting existing infrastructure. By consolidating access, enhancing visibility, and enabling comprehensive security, Rocket Secure Host Access allows IT teams to do more with less — freeing up resources for strategic initiatives while ensuring secure, reliable access to critical host systems.
Across industries, organizations that continue to rely on mainframe and other host systems face mounting pressure to modernize access while maintaining security, compliance, and operational continuity. Abandoning data and data processing on host systems – by moving to a cloud architecture or otherwise – is not a feasible or economically viable solution for many organizations. IT administrative teams are often constrained by emulators with stagnated roadmaps, fragmented access methods, and manual provisioning processes that are difficult to scale and support. These challenges are compounded by a shrinking pool of mainframe and other host-skilled professionals, increasing regulatory scrutiny, and the need to support hybrid workforces with secure, cross-platform access. Without centralized visibility or integration with modern identity and access management (IAM) systems, many organizations struggle to enforce consistent policies, monitor usage, and respond quickly to access-related issues –leaving them vulnerable to inefficiencies and risk.
Rocket Secure Host Access is a centrally managed desktop and web-based platform for secure host access. It supports modern encryption protocols such as transport layer security (TLS) 1.3, integrates with enterprise IAM systems and enables — through the IAM — multifactor authentication (MFA) to strengthen security and compliance. IT administrators benefit from a single pane of glass for managing user sessions, policies, and configurations, while automation and self-service capabilities reduce help desk burden and improve user productivity. The lightweight architecture of the platform’s Anywhere tier makes scaling global access easier by eliminating desktop installs and manual updates. Ultimately, Rocket Secure Host Access empowers organizations to modernize securely, improve end-user productivity, derive help desk savings (due to a large volume of access-related tickets), and optimize IT administrative overhead.
Rocket Software commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Rocket Secure Host Access.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Rocket Secure Host Access on their organizations.
Rocket Secure Host Access Branding
Rocket Software launched Rocket Secure Host Access in January 2025. At the time of the interviews, customers were running implementations of either Rocket Host Access Management & Security Server (MSS) and Rocket Reflection Desktop (rebranded as Rocket Secure Host Access Enterprise) or Rocket Host Access for the Cloud (rebranded as Rocket Secure Host Access Anywhere).
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed five decision-makers with experience using Rocket Secure Host Access. For the purposes of this study, Forrester aggregated the experiences of the interviewees and combined the results into a single composite organization that is a global enterprise with about 8,000 employees, operating in a heavily regulated industry and generating annual revenue of about $2 billion. The customers interviewed were using Rocket emulators on the mainframe. Although interviewee quotes mention mainframes, Rocket also supports systems like IBM i and virtual terminal (VT); therefore, customer experiences using Rocket Secure Host Access on other host systems would likely be similar.
Prior to adopting Rocket Secure Host Access, interviewees’ organizations faced a range of challenges stemming from outdated and fragmented mainframe access environments. Interviewees’ implementation of heritage systems lacked support for modern security practices and protocols like MFA and TLS encryption, making it difficult to meet regulatory compliance and exposing their organizations to security risks. Access was decentralized and inconsistent, leading to operational inefficiencies, high volumes of help desk tickets, and poor user experiences – particularly for remote and cross-platform users. Additionally, the inability to scale access efficiently with limited IT staff and the incompatibility of heritage emulators with modern infrastructure hindered productivity and digital transformation efforts.2
After the investment in Rocket Secure Host Access, the composite organization resolves a major challenge of its host environment through centralized, secure, and scalable access management. The platform replaces fragmented access methods with a unified, web-based administrative interface that integrates seamlessly with modern IAM systems, enabling MFA, single sign-on (SSO), and policy-driven controls. It reduces operational inefficiencies through automation and self-service capabilities, significantly lowering help desk ticket volumes and improving productivity for end users and IT staff. With cross-platform compatibility and streamlined deployment, Rocket Secure Host Access empowers the organization to meet compliance requirements, scale efficiently, and accelerate its digital transformation.
Reduction in breach risk with Rocket Secure Host Access by Year 3
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
Security posture improvement of 30%. The composite organization leverages Rocket Secure Host Access to modernize mainframe access with MFA, TLS 1.3, and centralized IAM integration. These features reduce its breach risk by 30% by Year 3, helping the organization meet regulatory compliance and avoid costly fines. Rocket Secure Host Access enables centralized session monitoring and audit logging, aligning with Zero Trust principles. Over three years, improved security posture is worth more than $502,000 to the composite organization.
End-user productivity improvement of 80% for access-related issues. About 30% of the composite’s employees (2,400 users) access host systems regularly and are often frustrated by login delays and password issues. Rocket Secure Host Access streamlines access by extending IAM authentication with capabilities like SSO, which eliminates the need for host system password resets and reduces ticket resolution time by 80% by Year 3. These capabilities allow users to focus on core tasks and reduce downtime. Over three years, improved end-user productivity is worth nearly $1.2 million to the composite organization.
Help desk time savings of $921,000. Help desk professionals at the composite organization previously spent 40 minutes per ticket resolving access issues for 48,000 tickets annually. Rocket Secure Host Access reduces ticket volume and resolution time by 50% by Year 3 through centralized access management and browser-based troubleshooting. These efficiencies allow help desk staff to better prioritize business needs. Over three years, help desk time savings are worth more than $921,000 to the composite organization.
Mainframe IT team productivity improvement of 50%. The composite organization’s 16 IT admins previously spent 50% of their time managing fragmented mainframe access. Rocket Secure Host Access centralizes control, automates provisioning, and eliminates manual emulator configurations, saving 50% of admin time by Year 3. These efficiencies enable redeployment of four FTEs to higher-value tasks. Over three years, improved IT admin productivity is worth nearly $954,000 to the composite organization.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Reduced downtime. Rocket Secure Host Access improves system reliability and reduces service disruptions, contributing to business continuity and user productivity. These are essential factors for maintaining the composite organization’s business continuity and productivity.
Administrative ease of use. The intuitive browser-based administrative console interface simplifies onboarding and reduces training needs for IT and business users. This simplicity helps reduce friction during rollout and improves user satisfaction across departments.
Superior customer support. Rocket Software provides responsive, expert support during deployment and ongoing operations, ensuring smooth transitions and reliable performance.
Improved user experience. Consistent login experiences across devices and locations enhance employee satisfaction and reduce frustration. This consistency helps users stay focused without being disrupted by access issues.
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
Rocket Secure Host Access licensing costs. The composite organization licenses Rocket Secure Host Access for 2,400 users under a subscription model with the Enterprise tier desktop and IAM integration access. Over three years, licensing costs total $1.4 million in present value.
Initial platform deployment and training costs. End-to-end deployment takes three months and involves two IT admins from the composite organization and professional services from Rocket Software. The platform’s intuitive design streamlines initial training for IT and end users. Over three years, initial deployment and training costs total just more than $158,000 in present value.
Ongoing training and maintenance costs. Two IT admins spend 15% of their time annually on maintenance, supported by Rocket Secure Host Access’ centralized management and automation features. Over three years, ongoing training and maintenance costs total $89,000 in present value.
The financial analysis that is based on the interviews found that a composite organization experiences benefits of $3.6 million over three years versus costs of $1.7 million, adding up to a net present value (NPV) of $1.9 million and an ROI of 116%.
Reduction in time for end-user access-related ticket resolution with Rocket Secure Host Access by Year 3
Return on investment (ROI)
Benefits PV
Net present value (NPV)
Payback
| Role | Industry | Region | Revenue | Employees | Secure Host Access Configuration |
|---|---|---|---|---|---|
| VP of product development | Managed healthcare |
HQ: North America Operations: >10,000 North America retail locations |
>$300 billion | >200,000 |
Enterprise ~35,000 seats licensed 10 to 12 mainframes |
| VP of technology | Financial services |
HQ: North America Operations: Global footprint |
>150 billion | >250,000 |
Anywhere ~125,000 seats licensed 10 to 12 mainframes |
| Operations support manager | Health insurance |
HQ: North America Operations: Presence in >15 US states |
>$150 billion | >100,000 |
Anywhere ~20,000 seats licensed 1 to 2 mainframes |
| Regional IT officer | Healthcare services |
HQ: North America Operations: Presence in >10 US states |
>$100 billion | >175,000 |
Mix of Anywhere and Enterprise ~150,000 seats licensed One to two mainframes |
| System administration lead | Textile manufacturer |
HQ: EMEA Operations: In ~three countries |
~$75 million | ~4,000 |
Enterprise ~400 seats licensed One to two mainframes |
Forrester interviewed decision-makers at five organizations who oversaw technology development and/or system administration operations. Each interviewee held a senior role in managing system administration for access to their legacy mainframe systems. Furthermore, four of the interviewees were in highly regulated industries, and three of those used their mainframes for storing and accessing personally identifiable information (PII).
Before adopting Rocket Secure Host Access Enterprise or Rocket Secure Host Access Anywhere (formerly known as MSS and Reflection Desktop or Host Access for Cloud, respectively), the interviewees’ organizations faced a range of critical challenges that hindered operational efficiency, security, and scalability. First among these was the need to meet increasingly stringent security and compliance requirements. Their existing host systems emulator required an MFA user workflow that was disjointed from the rest of the organization, creating a fragmented and decentralized mainframe access management process that was difficult to control and resulted in inconsistent user experiences. Organizations also struggled with operational inefficiencies, including high volumes of help desk tickets for password resets and access issues, due to the absence of automation and self-service tools. Compounding these issues were the technical limitations of emulators, which lacked cross-platform support. Finally, the inability to scale and manage host environments efficiently — especially with small IT teams supporting thousands of users — posed a significant barrier to growth and modernization.
Interviewees noted how their organizations struggled with common challenges, including:
Inadequate security and compliance standards. A consistent and pressing challenge across the interviewees’ organizations was the need to meet stringent security and compliance standards — particularly for highly regulated industries like healthcare, finance, and manufacturing. Interviewees cited heritage emulators and fragmented access methods as major vulnerabilities that lacked support for modern security best practices like MFA, TLS 1.3, and centralized identity management. These gaps not only exposed them to regulatory risk but also made it difficult to enforce consistent security policies across large, distributed user bases.
A fragmented and decentralized mainframe environment. Interviewees stated that their mainframe emulation software was fragmented and lacked centralized control, visibility, and consistency. Their organizations were often juggling multiple emulators, access points, and manual configurations, making it difficult to manage users, enforce policies, or scale securely. This fragmentation led to inefficiencies, security gaps, and poor user experience. The lack of centralization not only increased administrative overhead but also hindered efforts to modernize and standardize access across the enterprise. The VP of product development for a managed healthcare organization captured this issue succinctly: “We had a patchwork of access methods — some users on desktop emulators, others on VPNs or remote desktops. There was no single pane of glass to manage or monitor access. It was a nightmare from both a security and operational standpoint.”
Operational inefficiencies for help desk teams and end users. Several interviewees described how operational inefficiencies from their legacy environments created heavy support burdens, particularly around password resets, access inconsistencies, and the absence of automation. These inefficiencies strained IT teams (especially help desk professionals), slowed down user productivity, and introduced avoidable security risks. Manual provisioning and deprovisioning, lack of self-service capabilities, and fragmented login experiences were common pain points.
Limitations in scaling operational support of legacy emulators. Several interviewees reported that their legacy environments posed serious scalability and maintainability challenges, which hindered infrastructure growth and organizational agility. Supporting thousands of users with limited IT staff became increasingly unsustainable, especially as environments grew more complex and geographically distributed. Manual configurations, lack of centralized management, and outdated tooling made it difficult to scale access securely or efficiently. These limitations not only strained IT resources but also slowed down modernization efforts, making it harder for organizations to adapt to evolving business needs. The operations support manager for a health insurance provider illustrated this clearly: “We had 20,000 to 25,000 users and only three offshore support staff. Supporting that many users with legacy emulators and custom scripts was not scalable. Every upgrade was painful.”
Incompatibility with modern cloud-based systems. A recurring challenge cited by the interviewees was that their host systems — as implemented — lacked integration capabilities and were incompatible with modern cloud-based architectures and technology stacks. These environments often relied on outdated emulators and manual configurations that couldn’t connect easily with enterprise identity platforms, cloud infrastructure, or modern development tools. This created barriers to digital transformation, limited flexibility, and increased the cost and complexity of modernization efforts. The VP of product development for a managed healthcare organization highlighted this issue, stating: “We had a patchwork of access methods … and none of it was cloud ready. Integrating with our IAM systems or moving to a modern stack was nearly impossible without replacing the whole thing.”
The interviewees searched for a solution that could:
Deliver enhanced security and compliance readiness. Interviewees’ organizations looked for a solution that supported modern encryption standards (e.g., TLS 1.3), MFA, and detailed audit logging that would enable their organizations to meet internal and external compliance requirements.
Enable hybrid access for users. Interviewees noted their organizations wanted to enable users to have secure web-based and desktop access to mainframe systems, thus simplifying deployment for remote and global teams, improving cross-platform compatibility, and reducing maintenance overhead.
Allow centralized administration and control policy. Interviewees wanted the ability to manage user access, session policies, and configurations centrally compared to fragmented administrative experiences, reducing administrative burden and improving security posture.
Scale with organizational growth. Having the ability to scale access to thousands of users with minimal infrastructure and support staff was an important consideration cited by the interviewees. They ideally wanted a lightweight, server-based model that could complement desktop installs.
Provide seamless integration with IAM systems. Going hand-in-hand with enhanced security and compliance readiness was the need to support enterprise IAM platforms, thus enabling their organizations to enforce consistent authentication policies, including SSO and MFA, which were critical for meeting compliance and security standards.
Enable automation and self-service capabilities for end users. Interviewees emphasized the need for enabling automated provisioning, extending IAM authentication to facilitate self-service password resets via SSO, eliminating reliance on passwords at the host for end users, and modernizing macros/scripts to reduce help desk tickets and improve user productivity.
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the interviewees’ organizations, and it is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The composite is a global enterprise with about 8,000 employees across North America, Europe, and Asia, operating in a heavily regulated industry and generating annual revenue of about $2 billion. It relies heavily on mainframe and other host systems for critical operations that store and process PII, while also navigating strict regulatory requirements such as the EU’s Digital Operational Resilience Act and the New York State Department of Financial Services’ Title 23 NYCRR Part 500.
Prior state. Before deploying Rocket Secure Host Access, the composite organization faced significant challenges. Desktop emulator maintenance was difficult, they lacked sufficient secure login access, and they were incompatible with modern operating systems and cloud platforms. Access was fragmented across departments, provisioning was manual, and the lack of integration with identity access systems created security gaps and operational inefficiencies. This left the organization exposed to security risks and created challenges with regulatory compliance.
Deployment characteristics. In the initial period, Year 0, the composite organization aims to further modernize and consolidate its digital technology platforms, with a focus on unifying mainframe access with the rest of the organization. Deploying Rocket Secure Host Access is a three-month process that includes internal resources and professional services through Rocket Software.
Key modeling assumptions. To quantify the economic and productivity benefits that the composite organization derives from deploying Rocket Secure Host Access, Forrester uses the following assumptions in the financial model:
$2.0 billion revenue
8,000 employees
16 IT administrators managing mainframe systems before Rocket Secure Host Access
2,400 licensed users (30% of employees)
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|
| R1 | Employees (baseline) | Composite | 8,000 | 8,000 | 8,000 |
| R2 | Total licensed users | Composite | 2,400 | 2,400 | 2,400 |
| R3 | IT admin FTEs managing mainframe systems before Rocket Secure Host Access | Composite | 16 | 16 | 16 |
| R4 | Annual revenue (baseline) | Composite | $2,000,000,000 | $2,000,000,000 | $2,000,000,000 |
| R5 | Operating margin | Composite | 5.0% | 5.0% | 5.0% |
| R6 | Fully burdened annual salary for an IT admin | Research data | $121,500 | $121,500 | $121,500 |
| R7 | Fully burdened annual salary for an end user or business user | Research data | $108,000 | $108,000 | $108,000 |
| R8 | Fully burdened annual salary for a help desk professional | Research data | $60,750 | $60,750 | $60,750 |
| R9 | Effectiveness of Rocket Secure Host Access | Composite | 70% | 85% | 100% |
| Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|
| Atr | Security posture improvement | $167,064 | $206,841 | $238,662 | $612,567 | $502,130 |
| Btr | End-user productivity improvement | $395,200 | $474,240 | $573,040 | $1,442,480 | $1,181,740 |
| Ctr | Help desk time savings | $308,560 | $374,680 | $440,800 | $1,124,040 | $921,342 |
| Dtr | Mainframe IT team productivity-driven savings | $349,920 | $371,790 | $437,400 | $1,159,110 | $953,999 |
| Total benefits (risk-adjusted) | $1,220,744 | $1,427,551 | $1,689,902 | $4,338,197 | $3,559,211 |
Evidence and data. Interviewees consistently noted that one compelling benefit from deploying Rocket Secure Host Access was the significant improvement in their organization’s security posture. In environments previously reliant on outdated emulators and fragmented access methods, Rocket Secure Host Access introduced a suite of modern security capabilities that enabled organizations to meet internal policies and external compliance standards with confidence. Integration with enterprise IAM systems with features such MFA (enabled through IAM), TLS 1.3 encryption, and centralized session monitoring and audit logging were instrumental in reducing risk and enhancing visibility. By consolidating access through a secure platform and aligning with Zero Trust principles, Rocket Secure Host Access helped organizations proactively address vulnerabilities and regulatory demands — transforming host access from a liability into a strength.
The VP of product development for a managed healthcare organization explained: “Integrating with [modern IAM systems] so we could manage access centrally and enforce MFA was crucial for us. [Rocket Secure Host Access] provided that integration seamlessly, which significantly reduced our security risks and ensured we were compliant with industry standards.”
Asked to estimate the average regulatory fine avoided by being security compliant, the VP of technology for a financial services firm stated: “I would say definitely $5 million at least. That’s a fair assessment based on the revenue and the kinds of fines I’ve seen in the past. Regulators extrapolate the impact over time and fine accordingly.”
The system administration lead for a textile manufacturer observed: “Our old system didn’t work well on newer systems or for our [other operating system] users; it lacked modern encryption standards like TLS 1.3, which left us vulnerable to attacks. With [Rocket Secure Host Access’] enhanced security features, we now have peace of mind knowing our data is protected.”
Modeling and assumptions. This benefit focuses on the improvement in the security environment for the composite organization with Rocket Secure Host Access’ ability to modernize access to mainframe systems. To measure the improved security posture — or reduced risk of a breach — of a technology solution objectively, Forrester relies on regression data analysis of specific findings from the 2024 Forrester Security Survey. Based on the interviews, Forrester assumes the following about the composite organization:
A1: Regression analysis of the reported total cumulative costs of all breaches experienced by security decision-makers’ organizations in the past 12 months. The composite organization’s revenue is used as the input to the regression formula.3
A2: Regression analysis of the likelihood of experiencing one or more breaches, using the frequency that organizations experienced breaches in the past 12 months as reported by security decision-makers. The composite organization’s revenue is used as the input to the regression formula.4
A3: Percentage of breaches by primary attack vector for breaches, as reported by security decision-makers whose organizations experienced at least one breach in the past 12 months.5
There is a 60% likelihood of a risk of a breach before the composite deploys Rocket Secure Host Access based on how logon access is a basic gateway, or opportunity, for breach access.
The gross reduction of breach risk is 30% with Rocket Secure Host Access deployed. The net reduction (row A6) is based on the effectiveness ramp of the Rocket Secure Host Access platform: a 21% reduction in Year 1, 26% in Year 2, and 30% by Year 3.
Risks. Forrester recognizes that these results may not be representative of all experiences and that the improved security posture will vary among organizations depending on the following factors:
Organizations in highly regulated industries are likely to be more closely monitored, and an improved security posture would be more beneficial.
The size of an organization — as determined by revenue and/or number of employees — is likely to impact the size of regulatory fines imposed.
The prior state of an organization’s overall cybersecurity stack and specifically the logon access controls for mainframe access will determine the degree of improvement after deploying Rocket Secure Host Access.
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of just more than $502,000.
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| A1 | Cumulative cost of breaches for the composite | Forrester research | $3,207,000 | $3,207,000 | $3,207,000 | |
| A2 | Likelihood of experiencing one or more breaches | Forrester research | 64% | 64% | 64% | |
| A3 | Percentage of breaches originating from external attacks, internal incidents, or external ecosystem attacks or incidents | Forrester research | 76% | 76% | 76% | |
| A4 | Percentage of those attacks addressable with Rocket Secure Host Access | Composite | 60% | 60% | 60% | |
| A5 | Annual risk exposure addressable with Rocket Secure Host Access | A1*A2*A3*A4 | $935,931 | $935,931 | $935,931 | |
| A6 | Net reduction in breach risk with Rocket Secure Host Access | Interviews | 21.0% | 26.0% | 30.0% | |
| At | Security posture improvement | A5*A6 | $196,546 | $243,342 | $280,779 | |
| Risk adjustment | ↓15% | |||||
| Atr | Security posture improvement (risk-adjusted) | $167,064 | $206,841 | $238,662 | ||
| Three-year total: $612,567 | Three-year present value: $502,130 | |||||
Evidence and data. Interviewees stated that they realized a measurable improvement in end-user productivity by deploying Rocket Secure Host Access. Prior to Rocket Secure Host Access, users often faced slow, inconsistent login experiences; frequent password issues; and limited access flexibility — especially across remote teams, various device operating systems, or upon returning from vacations or time off. Rocket Secure Host Access addressed these pain points by extending IAM authentication, which enables self-service password resets via SSO, eliminating reliance on passwords at the host for end users and allowing users to connect quickly and securely from any location or device. These enhancements reduced friction in daily workflows, minimized downtime, and enabled users to focus on core tasks rather than troubleshooting access issues with the help desk — ultimately driving greater efficiency and responsiveness across the business.
The VP of technology for a financial services firm explained: “Now with MFA, users can reset their access fairly quickly and by themselves rather than calling the help desk. So in that sense, from 10 minutes to 2 minutes — that’s about an 80% time saving in those scenarios.”
The VP of product development for a managed healthcare organization described their experience: “The integration with [our modern IAM systems] streamlined our authentication process, reducing login times by up to 40%. This improvement directly translated into higher productivity for our employees.”
The operations support manager for a health insurance provider elaborated: “With [Rocket Secure Host Access], our users experienced a 30% reduction in time spent on login and access issues. This allowed them to focus more on their core tasks rather than dealing with technical problems.”
The system administration lead for a textile manufacturer observed: “Switching to a browser-based solution eliminated compatibility issues and reduced downtime by about 25%. Our employees could access mainframe applications seamlessly from any device, enhancing their overall efficiency.”
Modeling and assumptions. This benefit quantifies the productivity improvement for the business users, or end users, for mainframe access-related issues, such as password resets, expired passwords, and login issues. Based on the interviews, Forrester assumes the following about the composite organization:
There were 20 access-related IT tickets per end user per year for the composite’s 2,400 license users before Rocket Secure Host Access.6
The average time spent waiting on ticket resolution in the prior state was 3 hours (120 minutes). On average, an end user spent 30% of that time interacting with the help desk.7
The net improvement in productivity (or time saved) for resolving access-related tickets with Rocket Secure Host Access deployed is 56% in Year 1, 68% in Year 2, and 80% by Year 3, based on the effectiveness ramp of the platform.
The high percentage of time reduction is due to a significant decrease in the total number of access-related tickets, which leads to an overall reduction of time from tickets eliminated and faster resolution.
The fully burdened hourly rate for an end user is $52 (rounded).
Forrester applied a productivity adjustment factor for the composite organization that represents the percentage of productivity savings realized. For example, 1 hour of time savings does not necessarily translate to 1 hour of productive work. For these productivity-based cost savings, the composite organization’s business users productively utilize 50% of their time savings.
Risks. Forrester recognizes that these results may not be representative of all experiences and that productivity gains — or time saved — will vary among organizations depending on the following factors:
How secure and technologically advanced an organization’s mainframe environment is, which may impact the number of tickets per user and the time spent resolving each ticket.
The time saved per ticket with Rocket Secure Host Access, which will vary depending on an organization’s technological sophistication.
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of just under $1.2 million.
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| B1 | Access-related IT tickets before Rocket Secure Host Access | Composite | 48,000 | 48,000 | 48,000 | |
| B2 | Time spent waiting on ticket resolution before Rocket Secure Host Access (minutes) | Composite | 120 | 120 | 120 | |
| B3 | Percentage of wait time spent on access resolution | Composite | 30% | 30% | 30% | |
| B4 | Time spent working on access resolution previously (minutes) | B2*B3 | 36 | 36 | 36 | |
| B5 | Percentage of time saved resolving access resolution issues with Rocket Secure Host Access | Interviews | 56.0% | 68.0% | 80.0% | |
| B6 | Time saved avoiding access resolution issues with Rocket Secure Host Access per ticket (minutes) | B4*B5 | 20 | 24 | 29 | |
| B7 | Fully burdened hourly rate for an end-user (rounded) | R7/2,080 | $52 | $52 | $52 | |
| B8 | Productivity adjustment factor | TEI methodology | 50% | 50% | 50% | |
| Bt | End-user productivity improvement | B1*(B6/60)*B7*B8 | $416,000 | $499,200 | $603,200 | |
| Risk adjustment | ↓5% | |||||
| Btr | End-user productivity improvement (risk-adjusted) | $395,200 | $474,240 | $573,040 | ||
| Three-year total: $1,442,480 | Three-year present value: $1,181,740 | |||||
Evidence and data. A significant benefit realized by interviewees’ IT departments and help desk teams following the deployment of Rocket Secure Host Access was a substantial reduction in support time and effort. In the prior state, high ticket volumes related to password resets, access issues, and emulator configuration problems burdened help desk teams and often required manual intervention that slowed down response times. Rocket Secure Host Access addressed these inefficiencies in several ways, including eliminating password reliance at the host for end users by extending IAM authentication and enabling self-service password resets via SSO; delivering centralized access management; and eliminating the need for local installations and troubleshooting through a web-based, zero footprint user interface. These capabilities not only reduced the number of support requests but also freed up help desk staff to focus on higher-value initiatives, improving overall operational efficiency.
The operations support manager for a health insurance provider observed: “Supporting 20,000 to 25,000 users with only three offshore staff was not scalable without compromising security. With [Rocket Secure Host Access], we were able to optimize our IT support resources.”
The regional IT officer for a healthcare services organization explained: “We had users calling the help desk constantly for password issues or access problems. It wasn’t scalable, and it pulled resources away from more strategic work. We needed a solution that could automate access and reduce the noise while enhancing our security posture.”
Modeling and assumptions. This benefit quantifies the productivity improvement for help desk IT professionals, specifically for host access-related issues. Based on the interviews, Forrester assumes the following about the composite organization:
There are 48,000 access-related IT tickets per year before Rocket Secure Host Access (the same as B1).
A help desk professional spends 40 minutes resolving the average access-related ticket in the prior state.
Rocket Secure Host Access helps reduce the time a help desk professional spends resolving access-related tickets by 35.0% in Year 1, 42.5% in Year 2, and 50.0% by Year 3, based on the effectiveness ramp of the platform.
The fully burdened hourly rate for a help desk professional is $29 (rounded).
Forrester does not apply a productivity adjustment factor for help desk time savings as these professionals must comply with SLA commitments.
Risks. Forrester recognizes that these results may not be representative of all experiences and that help desk professional time savings will vary among organizations depending on the following factors:
The number of tickets in the prior state, which depends on the relative security of access to the host environment.
The time saved per ticket by Help Desk professionals, which will vary with an organization’s technological sophistication.
Results. To account for these risks, Forrester adjusted this benefit downward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of more than $921,000.
Reduction in access-related ticket resolution time for IT help desk professionals with Rocket Secure Host Access by Year 3
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| C1 | Number of access-related IT tickets before Rocket Secure Host Access | B1 | 48,000 | 48,000 | 48,000 | |
| C2 | Time spent working on ticket investigation and resolution, including escalation, previously (minutes) | Assumption | 40 | 40 | 40 | |
| C3 | Reduction in time spent per ticket with Rocket Secure Host Access | Interviews | 35.0% | 42.5% | 50.0% | |
| C4 | Total help desk time savings (hours) | C1*C2*C3/60 | 11,200 | 13,600 | 16,000 | |
| C5 | Fully burdened hourly rate for a help desk professional (rounded) | R8/2,080 | $29 | $29 | $29 | |
| Ct | Help desk time savings | C4*C5 | $324,800 | $394,400 | $464,000 | |
| Risk adjustment | ↓5% | |||||
| Ctr | Help desk time savings (risk-adjusted) | $308,560 | $374,680 | $440,800 | ||
| Three-year total: $1,124,040 | Three-year present value: $921,342 | |||||
Evidence and data. Interviewees reported that after implementing Rocket Secure Host Access, there was a marked increase in mainframe and host system IT administration team productivity driven by reduced complexity and centralized control. Prior to Rocket Secure Host Access, IT administrators were often consumed by manual tasks such as configuring desktop emulators, managing fragmented access methods, and troubleshooting compatibility issues across diverse environments. Rocket Secure Host Access streamlined these operations by offering centralized, browser-based administrative access, policy-driven administration, and tight integration with IAM systems, which eliminated the need for repetitive, hands-on support. As a result, organizations could redeploy IT resources to more strategic initiatives, reduce staffing strain, and scale access management without increasing headcount — making Rocket Secure Host Access not just a technical upgrade, but a force multiplier for IT administration.
The regional IT officer for a healthcare services organization observed: “[Rocket Secure Host Access] allowed us to automate and secure access, thus freeing up our IT administrative staff to concentrate on more strategic initiatives. Before [Rocket Secure Host Access], we needed 10 to 14 people to manage access and security. After [Rocket Secure Host Access], we only needed five to seven.”
The operations support manager for a health insurance provider elaborated: “[Rocket Secure Host Access] allowed us to centralize control and enforce strict security policies across all user sessions. This significantly reduced the time our IT admins spent on manual configurations and troubleshooting.”
The VP of technology for the financial services firm explained: “[Rocket Secure Host Access] is helping us become more robust in our security from an administrative perspective. I’d say roughly a 10% improvement is a fair assessment.” They went on to explain how Rocket Secure Host Access enabled their organization to derive additional cost savings: “We not only got rid of our on-prem servers, but also the technologies and resources associated with them. Even in my division, I’d say we’re saving hundreds of millions [of dollars] through this cloud migration.”
Modeling and assumptions. This benefit focuses on operational productivity for the core IT administration team that supports host access on a day-to-day basis. This benefit does not duplicate the help desk productivity improvement quantified in Benefit C, which represents help desk professionals. Based on the interviews, Forrester assumes the following about the composite organization:
There are 16 IT admins on the core administrative support team in the prior state. Each admin spends 50% of their time on host access management to administer the environment (not resolve help desk issues).
With Rocket Secure Host Access, IT admins save 40.0% of their time in Year 1, 42.5% in Year 2, and 50.0% by Year 3, based on the effectiveness ramp of the platform (these savings are coincidentally the same as in Benefit C).
With Rocket Secure Host Access, the number of IT admin FTEs that the composite can redeploy for higher-impact initiatives is 3.2 in Year 1, 3.4 in Year 2, and 4 in Year 3.
The average fully burdened annual salary for an IT administrator is $121,500.
Forrester does not apply a productivity adjustment factor for FTE cost savings.
Risks. Forrester recognizes that these results may not be representative of all experiences and that IT administrator time savings will vary among organizations depending on the following factors:
The number of IT admins needed for an organization that deploys Rocket Secure Host Access, which will depend on the nature of the organization and the specific industry.
The time savings for IT admins, which will depend on the relative sophistication of the organization’s prior environment for mainframe access.
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of just under $954,000.
Mainframe IT team time savings by Year 3
| Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
|---|---|---|---|---|---|---|
| D1 | IT admin FTEs managing mainframe systems before Rocket Secure Host Access | R3 | 16.0 | 16.0 | 16.0 | |
| D2 | Percentage of IT admin time previously spent on mainframe access management | Assumption | 50.0% | 50.0% | 50.0% | |
| D3 | IT admin time spent on mainframe access management previously (FTE equivalent) | D1*D2 | 8.0 | 8.0 | 8.0 | |
| D4 | IT admin time savings with Rocket Secure Host Access | Interviews | 40.0% | 42.5% | 50.0% | |
| D5 | IT admin FTEs that can take on higher-value tasks | D3*D4 | 3.2 | 3.4 | 4.0 | |
| D6 | Fully burdened annual salary for an IT admin | R6 | $121,500 | $121,500 | $121,500 | |
| Dt | Mainframe IT team productivity-driven savings | D5*D6 | $388,800 | $413,100 | $486,000 | |
| Risk adjustment | ↓10% | |||||
| Dtr | Mainframe IT team productivity-driven savings (risk-adjusted) | $349,920 | $371,790 | $437,400 | ||
| Three-year total: $1,159,110 | Three-year present value: $953,999 | |||||
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
Reduced downtime. While not quantified, several interviewees mentioned that Rocket Secure Host Access contributed to fewer service disruptions and more stable access to mainframe systems compared to their prior state — an essential factor for maintaining business continuity and productivity. The challenge in quantifying a benefit like reduced downtime is due to the variance in downtimes based on the specific failure of the host system, the complexity of lost revenue per hour based on the extent of the downtime (localized versus wider spread), and the specific business model.
Administrative ease of use. Interviewees stated that the Rocket Secure Host Access Anywhere tier [the former web-based emulator Host Access for Cloud] featured an intuitive, browser-based interface that was easy for end users to adopt without extensive training or support. This simplicity helped reduce friction during rollout and improved user satisfaction across departments. The operations support manager for a health insurance provider said: “The browser-based access was intuitive and easy for our users to adopt. It reduced the learning curve significantly compared to our old emulators.”
Superior customer support. Interviewees highlighted Rocket Software’s customer support as a standout strength. They noted that the responsiveness, expertise, and hands-on guidance provided during implementation and ongoing operations helped ensure a smooth transition and reliable ongoing performance. The VP of product development for a managed healthcare organization said: “Rocket Software’s support team was incredibly responsive and knowledgeable. They helped us troubleshoot issues quickly and provided excellent guidance during the implementation phase.”
Improved user experience. Interviewees noted that Rocket Secure Host Access delivered a more consistent and reliable user experience across devices and locations. This consistency reduced frustration and helped users stay focused on their work without being disrupted by access issues. Benefit B quantifies the productivity impact but cannot capture the qualitative benefit of employee satisfaction. The regional IT officer for a healthcare services provider stated: “Our users appreciated the consistent login experience that [Rocket Secure Host Access] provided across different devices and locations. It made their daily tasks much smoother.”
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Rocket Secure Host Access and later realize additional uses and business opportunities, including:
Scalable architecture for future growth. Interviewees noted that Rocket Secure Host Access Anywhere’s lightweight, centralized architecture allowed their organizations to scale access to tens of thousands of users without increasing IT overhead. This scalability ensured that businesses could grow or pivot without being constrained by their access infrastructure. The VP of technology for a financial services firm said: “[Rocket Secure Host Access’] lightweight, centralized architecture allowed our organizations to scale access to tens of thousands of users without increasing IT overhead. This scalability ensured that our businesses could grow or pivot without being constrained by their access infrastructure.” Additionally, if a customer also needs desktop access, both thick [desktop] and thin [web client] can be managed by the same centralized administration.
Adaptable integration with existing infrastructure. Interviewees stated that Rocket Secure Host Access allowed their organizations to modernize their host access without significantly overhauling existing systems. The ability to integrate with identity providers and work within hybrid environments gave IT administrative teams the flexibility to evolve at their own pace.
Cross-platform and remote access compatibility. The web-based nature of Secure Host Access Anywhere enabled seamless access across different operating systems and devices, including various operating systems and remote setups. This flexibility was especially valuable for organizations with distributed teams or bring your own device policies. The operations support manager for a health insurance provider said: “We needed something that worked across platforms and didn’t require local installs. [Rocket Secure Host Access] gave us that flexibility and helped us support thousands of users with minimal effort.”
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Total Economic Impact Approach).
| Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
|---|---|---|---|---|---|---|---|
| Etr | Rocket Secure Host Access licensing costs | $0 | $529,200 | $565,950 | $605,850 | $1,701,000 | $1,404,002 |
| Ftr | Initial costs: Platform deployment and initial training | $158,073 | $0 | $0 | $0 | $158,073 | $158,073 |
| Gtr | Ongoing costs: Incremental training and maintenance | $0 | $35,865 | $35,828 | $35,791 | $107,484 | $89,105 |
| Total costs (risk-adjusted) | $158,073 | $565,065 | $601,778 | $641,641 | $1,966,558 | $1,651,180 |
Evidence and data. Interviewees noted that their organizations’ Rocket Secure Host Access licensing costs had a tiered pricing structure based on the number of licensed seats, along with the flexibility to have a desktop or web browser access interface.
Organizations using Rocket Secure Host Access are subject to a tiered pricing structure based on the number of users. The interviews table in the Customer Journey section depicts interviewees’ licensed products.
Rocket Software offers three options for Rocket Secure Host Access: 1) Pro, which is the desktop emulator with in-session security best practices; 2) Enterprise, which provides desktop access and includes the security server that integrates with IAM solutions; and 3) Anywhere, which offers a web-based interface with zero footprint licenses, in addition to what is available in Enterprise.
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The composite licenses Enterprise.
The composite falls into the 5,000 to 10,000 licensed seats tier.
The pricing in row E1 reflects a lower discount compared to what is considered standard for an organization of the composite’s size. Pricing also assumes an annual increase.
The model assumes subscription licensing. Pricing will vary. Contact Rocket Software for additional details.8
Risks. The risks that can potentially impact configuration costs include potential add-ons and larger configurations that could increase the solution cost.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of just more than $1.4 million.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| E1 | Subscription pricing for Enterprise | Composite | $0 | $504,000 | $539,000 | $577,000 |
| Et | Rocket Secure Host Access licensing costs | E1 | $0 | $504,000 | $539,000 | $577,000 |
| Risk adjustment | ↑5% | |||||
| Etr | Rocket Secure Host Access licensing costs (risk-adjusted) | $0 | $529,200 | $565,950 | $605,850 | |
| Three-year total: $1,701,000 | Three-year present value: $1,404,002 | |||||
Evidence and data. While deployment and initial training represent upfront costs for organizations adopting Rocket Secure Host Access, interviewees consistently described the process as smooth, efficient, and well-supported. Rocket Secure Host Access’ intuitive interface reduced the learning curve for end users. Additionally, the integration with existing IAM systems and centralized administration tools helped IT teams accelerate configuration and policy setup. Several interviewees also praised Rocket Software’s responsive and knowledgeable support team, which played a key role in guiding implementation and resolving early issues — making the transition from legacy systems far less disruptive than anticipated.
The operations support manager for a health insurance provider elaborated: “The deployment cost was significant, but [the Rocket Secure Host Access] browser-based architecture eliminated complex desktop installations. This reduced our overall setup time and training expenses by about 30%.”
The VP of product development for a managed healthcare organization described their experience: “Initial training costs were high due to the scale of our operations. However, [Rocket Secure Host Access’] intuitive interface and seamless integration with [enterprise IAM solutions] helped us cut down on training time significantly.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The initial training time for IT admins is 1 hour per administrator. The initial training time for end users is 30 minutes each.
The fully burdened hourly rate for an IT admin is $58. The fully burdened hourly rate for an end user is $52.
The composite incurs a one-time implementation cost of $50,000, which includes professional services fees paid to Rocket Software for end-to-end deployment and macros migration.
Two IT admin FTEs spend 50% of their time over three months for the deployment.
The average fully burdened annual salary for an IT admin professional is $121,500.
Risks. The following risks can potentially impact the cost of deploying Rocket Secure Host Access and initial training costs.
The size of the organization and its specific configuration of Rocket Secure Host Access, including add-on options.
The relative expertise of the organization’s end-user community.
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of just more than $158,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| F1 | Training time for IT admins (hours) | Interviews | 16.0 | 0.0 | 0.0 | 0.0 |
| F2 | Fully burdened hourly rate for an IT admin | R6/2,080 | $58 | $58 | $58 | $58 |
| F3 | Training time for end users (hours) | Interviews | 1,200 | |||
| F4 | Fully burdened hourly rate for an end user | Research data | $52 | $52 | $52 | $52 |
| F5 | Subtotal: Initial training costs for platform | (F1*F2)+(F3*F4) | $63,328 | $0 | $0 | $0 |
| F6 | Upfront fee for Rocket Software deployment services | Composite | $50,000 | |||
| F7 | Internal FTE effort to deploy Rocket Secure Host Access | Interviews | 0.25 | |||
| F8 | Fully burdened annual rate for an IT admin | R6 | $121,500 | $21,500 | $121,500 | $121,500 |
| F9 | Subtotal: Initial deployment costs for platform | F6+(F7*F8) | $80,375 | $0 | $0 | $0 |
| Ft | Initial costs: Platform deployment and initial training | F5+F9 | $143,703 | $0 | $0 | $0 |
| Risk adjustment | ↑10% | |||||
| Ftr | Initial costs: Platform deployment and initial training (risk-adjusted) | $158,073 | $0 | $0 | $0 | |
| Three-year total: $158,073 | Three-year present value: $158,073 | |||||
Evidence and data. While Rocket Secure Host Access introduced incremental training and ongoing maintenance responsibilities, interviewees consistently described them as manageable and well-justified due to the platform’s design and capabilities. Across diverse industries, from healthcare and finance to manufacturing, organizations found that the intuitive interface, centralized management console, and seamless integration with IAM systems significantly reduced the learning curve for IT administrators and business users. Features like macro automation support and compatibility with modern authentication best practices (e.g., MFA, SSO) enabled teams to streamline operations and reduce manual overhead. As a result, although it required some upfront coordination (Cost F), interviewees often described the ongoing use and maintenance of Rocket Secure Host Access as smoother than anticipated, with long-term maintenance supported by robust vendor engagement and scalable architecture.
The operations support manager for a health insurance provider noted: “We needed something that worked across platforms and didn’t require local installs. [Rocket Secure Host Access] gave us that flexibility and helped us support thousands of users with minimal effort.”
The VP of product development for a managed healthcare organization explained: “Ongoing maintenance is about one FTE spread across two individuals. That’s beyond what we get from Rocket’s support.”
The regional IT officer for a healthcare services organization stated, “Maintenance now takes about 30% of the time of two to three people, thanks to the enterprise-level integration.”
The system administration lead for a textile manufacturer mused, “We’re a small IT team — just two of us — but [Rocket Secure Host Access] made it easy to manage 1,000 users with minimal effort.”
Modeling and assumptions. Based on the interviews, Forrester assumes the following about the composite organization:
The ongoing training time for IT admins is 30 minutes annually. The ongoing training time for new end users (due to attrition) is also 30 minutes annually.
The fully burdened hourly rate for an IT admin is $58. The fully burdened hourly rate for an end user is $52.
Two IT admin FTEs spend 12.5% of their time on ongoing maintenance.
The average fully burdened annual salary for an IT admin professional is $121,500.
Risks. The risks that can potentially impact incremental training and ongoing maintenance costs are the support levels needed by end users, including additional features and macros.
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of just more than $89,000.
| Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 |
|---|---|---|---|---|---|---|
| G1 | Incremental training time for IT admins (hours) | Interviews | 0.0 | 5.2 | 4.6 | 4.0 |
| G2 | Fully burdened hourly rate for an IT admin | Research data | 0.0 | $58 | $58 | $58 |
| G3 | Training time for new end users (hours) | Interviews | 0.0 | 60.0 | 60.0 | 60.0 |
| G4 | Fully burdened hourly rate for an IT admin | R6/2,080 | $58 | $58 | $58 | $58 |
| G5 | Subtotal: Ongoing training costs for platform | (G1*G2)+(G3*G4) | $0 | $3,782 | $3,747 | $3,712 |
| G6 | Internal FTE effort for ongoing maintenance of Rocket Secure Host Access | Interviews | 0.00 | 0.25 | 0.25 | 0.25 |
| G7 | Fully burdened annual salary for an IT admin | R6 | $121,500 | $121,500 | $121,500 | $121,500 |
| G8 | Subtotal: Ongoing maintenance costs for platform | G6*G7 | $0 | $30,375 | $30,375 | $30,375 |
| Gt | Ongoing costs: Incremental training and maintenance | G5+G8 | $0 | $34,157 | $34,122 | $34,087 |
| Risk adjustment | ↑5% | |||||
| Gtr | Ongoing costs: Incremental training and maintenance (risk-adjusted) | $0 | $35,865 | $35,828 | $35,791 | |
| Three-year total: $107,484 | Three-year present value: $89,105 | |||||
| Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
|---|---|---|---|---|---|---|
| Total costs | ($158,073) | ($565,065) | ($601,778) | ($641,641) | ($1,966,558) | ($1,651,180) |
| Total benefits | $0 | $1,220,744 | $1,427,551 | $1,689,902 | $4,338,197 | $3,559,211 |
| Net benefits | ($158,073) | $655,679 | $825,773 | $1,048,261 | $2,371,639 | $1,908,031 |
| ROI | 116% | |||||
| Payback | <6 months |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment in Rocket Secure Host Access.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Rocket Secure Host Access can have on an organization.
Interviewed Rocket Software stakeholders and Forrester analysts to gather data relative to Rocket Secure Host Access.
Interviewed five decision-makers at organizations using Rocket Secure Host Access to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Benefits represent the value the solution delivers to the business. The TEI methodology places equal weight on the measure of benefits and costs, allowing for a full examination of the solution’s effect on the entire organization.
Costs comprise all expenses necessary to deliver the proposed value, or benefits, of the solution. The methodology captures implementation and ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. The ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists solution providers in communicating their value proposition to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of business and technology initiatives to both senior management and other key stakeholders.
2 Source: The State Of Mainframe, Global, 2025, Forrester Research, Inc., May 23, 2025; The Top Trends Shaping Identity And Access Management In 2025, Forrester Research, Inc., March 6, 2025; The Content Platforms Landscape, Q3 2024, Forrester Research, Inc., September 17, 2024; The Information Archiving Platforms Landscape, Q2 2024, Forrester Research, Inc., April 3, 2024.
3 Source: Forrester’s Security Survey, 2024, “Using your best estimate, what was the total cumulative cost of all breaches experienced by your organization in the past 12 months?” Base: 1,660 global security decision-makers who have experienced a breach in the past 12 months.
4 Source: Forrester’s Security Survey, 2024, “How many times do you estimate that your organization’s sensitive data was potentially compromised or breached in the past 12 months?” Base: 2,769 global security decision-makers.
5 Source: Forrester’s Security Survey, 2024, “Of the times that your organization’s sensitive data was potentially compromised or breached in the past 12 months, please indicate how many of each fall into the categories below.” Base: 1,542 global security decision-makers who have experienced a breach in the past 12 months.
6 Source: Password Statistics: What the Numbers Really Say About Your Security, DeepStrike LLC, May 12, 2025.
7 Source: The Hidden Cost of Passwords: Why Modern Businesses Need a Better Solution, MojoAuth, January 23, 2025.
8 Historically, Rocket Software offered perpetual licensing for Rocket Host Access Management & Security Server and Rocket Host Access for the Cloud, the products on which Rocket Secure Host Access Enterprise and Anywhere are built.
Readers should be aware of the following:
This study is commissioned by Rocket Software and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Rocket Secure Host Access.
Rocket Software reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Rocket Software provided the customer names for the interviews but did not participate in the interviews.
Erach Desai
September 2025
ABOUT FORRESTER CONSULTING
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
https://mainstayadvisor.com/go/mainstay/gdpr/policy.html
PDF