A Forrester Total Economic Impact™ Study Commissioned By Palo Alto Networks, December 2023
Switch between the study data and your custom data below. Answering the questions on the 'Custom Data' tab will allow you to customize the analysis and estimate the potential impact of using a Total Economic Impact study.
To read Forrester's full analysis and customize the findings to your organization, please register below.
Total workloads and applications
Percentage of workloads and applications in the cloud
Percentage of workloads and applications in the cloud - Year 2
To read Forrester's full analysis and customize the findings to your organization, please register below.
Total workloads and applications
Percentage of workloads and applications in the cloud
Percentage of workloads and applications in the cloud
Percentage of workloads and applications in the cloud
Percentage of workloads and applications in the cloud - Year 2
Cloud technology gives companies the power to scale and adapt at speed, driving business agility, streamlining operations, and accelerating innovation. But increased reliance on the cloud and the explosive growth of cloud application development driven by AI also increase risk. Cloud security requires the use of a code to cloud platform that can eliminate vulnerabilities in development and stop exploits in runtime before they lead to a breach.
Palo Alto Networks Prisma Cloud is a cloud-native application protection platform (CNAPP) that secures applications and services across multicloud, hybrid, and private environments. It begins at the coding stage with early-stage code and pipeline scanning throughout the application lifecycle and through runtime, bringing security operations (SecOps) together with developers. The platform gives a single source of security posture state to both SecOps and developers. This combination provides visibility across development environments, accounts, and applications by monitoring and detecting threats across the clouds for a full code to cloud security platform covering cloud security posture, permissions, workloads, and detection.
Palo Alto Networks commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Prisma Cloud.1 The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Prisma Cloud on their organizations.
Reduction of SecOps team effort to investigate incidents
48%
To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed four representatives with experience using Prisma Cloud. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization of 15,000 employees operating globally.
Prior to using Prisma Cloud, these interviewees noted how their organizations worked in a hybrid environment with assets spread across on-premises and the cloud. Having moved recently to multiple clouds, however, many of these organizations faced the issues of 1) securing these assets with proper posture management, and 2) making sure that their newly developed services, APIs, and applications that reside in the cloud are secure. There simply was not a solution to bring together cloud security management for the interviewees’ organizations.
After the investment in Prisma Cloud, the interviewees were able to consolidate their management of cloud security as well as secure new code developed for the cloud. Key results from the investment include the reduction of SecOps effort, reduction of DevOps effort, and a direct reduction in possible breach costs.
Return On Investment (ROI)
263%263%
Net Present Value (NPV)
$6.8M$6.8M
Quantified benefits. Three-year, risk-adjusted present value (PV) quantified benefits for the composite organization include:
For , the SecOps team efficiency lift for cloud enforcement might be worth over three years.
For , the DevOps productivity lift from adopting shift-left security might be worth over three years.
For , the material breach risk reduction savings might be worth over three years.
For , the compliance efficiencies uplift for reporting might be worth over three years.
Unquantified benefits. Benefits that provide value for the composite organization but are not quantified for this study include:
Costs. Three-year, risk-adjusted PV costs for the composite organization include:
For , licensing costs might be over three years.
For , internal ongoing costs might be over three years.
For , implementation and training costs might be during the initial year.
The representative interviews and financial analysis found that a composite organization experiences benefits of $9.4 million over three years versus costs of $2.6 million, adding up to a net present value (NPV) of $6.9 million and an ROI of 264%.
might experience benefits of over three years versus costs of , adding up to an NPV of and an ROI of 0%.
Return on investment (ROI):
Benefits PV:
Net present value (NPV):
Payback:
“There are solutions that provide metrics but not together with remediation capability, code security, and policy enforcement. Prisma Cloud is a couple of years ahead of the game.”
Senior security analyst, financial services
From the information provided in the interviews, Forrester constructed a Total Economic Impact™ framework for those organizations considering an investment Prisma Cloud.
The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. Forrester took a multistep approach to evaluate the impact that Prisma Cloud can have on an organization.
Interviewed Palo Alto Networks stakeholders and Forrester analysts to gather data relative to Prisma Cloud.
Interviewed four representatives at organizations using Prisma Cloud to obtain data about costs, benefits, and risks.
Designed a composite organization based on characteristics of the interviewees’ organizations.
Constructed a financial model representative of the interviews using the TEI methodology and risk-adjusted the financial model based on issues and concerns of the interviewees.
Employed four fundamental elements of TEI in modeling the investment impact: benefits, costs, flexibility, and risks. Given the increasing sophistication of ROI analyses related to IT investments, Forrester’s TEI methodology provides a complete picture of the total economic impact of purchase decisions. Please see Appendix A for additional information on the TEI methodology.
Readers should be aware of the following:
This study is commissioned by Palo Alto Networks and delivered by Forrester Consulting. It is not meant to be used as a competitive analysis.
Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly advises that readers use their own estimates within the framework provided in the study to determine the appropriateness of an investment in Prisma Cloud.
Palo Alto Networks reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the study and its findings and does not accept changes to the study that contradict Forrester’s findings or obscure the meaning of the study.
Palo Alto Networks provided the customer names for the interviews but did not participate in the interviews.
Consulting Team:
Henry Huang
Marianne Friis
Luca Son
Role | Industry | Region | Revenue |
---|---|---|---|
Cloud security engineer | Healthcare | North America | $1 billion+ |
Senior security architect | Communication service provider | North America | $10 billion+ |
Senior security analyst | Financial services | Global | $5 billion+ |
Cloud manager | Professional services | Global | $100 million+ |
Interviewees’ organizations shifted a mounting number of workloads and data toward a multicloud environment, as each cloud presented different value propositions. Frustrations mounted as they realized the difficulty in securing these cloud assets with different cloud providers; by not having a single view of the assets, they were unable to deploy common policies and permissions across clouds. This led to an increased inability to monitor clouds — and thereby mitigate further risks — as they could not properly protect their assets in the cloud.
The four interviewees noted how their organizations struggled with common challenges, including:
“We didn’t have the time to budget the money or the internal horsepower to go and get a CSPM [cloud security posture management] tool and a different container tool to solve our cloud problems.”
Senior security architect, communication service provider
“The fact was that Prisma Cloud was a unified platform with potential to add even more capabilities for our future in the cloud — not to mention [being] best of breed as well.”
Senior security architect, communication service provider
The interviewees’ organizations searched for a solution that could:
Based on the interviews, Forrester constructed a TEI framework, a composite company, and an ROI analysis that illustrates the areas financially affected. The composite organization is representative of the four interviewees and is used to present the aggregate financial analysis in the next section. The composite organization has the following characteristics:
Description of composite. The Forrester composite is a 15,000-employee global, public organization. It has numerous regulatory entities that oversee its operations. The anticipated strategy is to quickly move the organization to the cloud to not only be able to save on capital expenses but also to provide service to its distributed workforce across regions and work-from-home employees. The expectation is that SecOps will deploy 10 FTEs in the initial year, which ramps up to 20 due to newly created cloud workloads.
Ref. | Benefit | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|
Atr | SecOps efficiency lift | $985,313 $985,313 | $1,333,120 $1,333,120 | $2,003,121 $2,003,121 | $4,321,553 $4,321,553 | $3,502,465 $3,502,465 |
Btr | DevOps shift left and productivity lift | $468,874 $468,874 | $703,310 $703,310 | $1,062,781 $1,062,781 | $2,234,965 $2,234,965 | $1,805,980 $1,805,980 |
Ctr | Material breach risk reduction savings | $668,109 $668,109 | $1,111,027 $1,111,027 | $1,731,859 $1,731,859 | $3,510,995 $3,510,995 | $2,826,747 $2,826,747 |
Dtr | Compliance productivity lift | $501,648 $501,648 | $510,029 $510,029 | $522,600 $522,600 | $1,534,278 $1,534,278 | $1,270,193 $1,270,193 |
Total benefits (risk-adjusted) | $2,623,944 $2,623,944 | $3,657,486 $3,657,486 | $5,320,361 $5,320,361 | $11,601,791 $11,601,791 | $9,405,385 $9,405,385 |
Evidence and data. The largest and perhaps most important benefit realized by the interviewees’ organizations was the efficiency created for security professionals. The interviewees shared the following ways their respective SecOps teams benefited from the deployment of Prisma Cloud.
Reduction in SecOps time configuring/enforcing policies
80%
“There was no way we could manage 100 accounts without a tool like Prisma Cloud. It simply would not happen. The type of automated scanning and protecting is just not feasible without Prisma Cloud.”
Cloud security engineer, healthcare
Modeling and assumptions. Forrester modeled this benefit category based upon the customer interviews and the following additional factors:
has 0% of workloads in the cloud in Year 1, 0% in Year 2, and 0% in Year 3.
might face 0 cloud security incidents in Year 1, 0 in Year 2, and 0 in Year 3.
At , the SecOps team might spend 0 hours configuring and enforcing policies in Year 1, 0 in Year 2, and 0 in Year 3.
Risks. Forrester accounts for variability and potential risks that may impact the financial model, including:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $3.5 million.
For , this benefit might have a three-year, risk-adjusted total PV of .
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
A1 | Percentage of workloads and applications in the cloud | InterviewsInterviews | 30%30% | 45%45% | 68%68% | |
A2 | Projected number of severe-level cloud security incidents requiring manual investigation or intervention in the legacy environment | CompositeComposite | 9,7989,798 | 14,69714,697 | 22,20922,209 | |
A3 | Hours spent per investigation | Forrester research | 3.73.7 | 3.73.7 | 3.73.7 | |
A4 | Reduction in SecOps effort required to investigate incidents with Prisma Cloud | InterviewsInterviews | 48%48% | 48%48% | 48%48% | |
A5 | Productivity recapture | Assumption | 90%90% | 90%90% | 90%90% | |
A6 | Average fully burdened hourly salary: SecOps (rounded) | TEI standard | $62 $62 | $62 $62 | $62 $62 | |
A7 | Subtotal: Lift in SecOps productivity from reduced incident intervention rate (rounded) | A2*A3*A4*A5*A6 | $970,990 $970,990 | $1,456,484 $1,456,484 | $2,200,930 $2,200,930 | |
A8 | SecOps hours spent configuring and enforcing policies | CompositeComposite | 4,1604,160 | 832832 | 832832 | |
A9 | Reduction in time spent configuring and enforcing policies with Prisma Cloud | InterviewsInterviews | 80%80% | 80%80% | 80%80% | |
A10 | Productivity recapture | Assumption | 60%60% | 60%60% | 60%60% | |
A11 | Subtotal: Lift in SecOps productivity from configuring and enforcing policies (rounded) | A8*A9*A10*A6 | $123,802 $123,802 | $24,760 $24,760 | $24,760 $24,760 | |
At | SecOps efficiency lift | A7+A11 | $1,094,792 $1,094,792 | $1,481,244 $1,481,244 | $2,225,690 $2,225,690 | |
Risk adjustment | ↓10% | |||||
Atr | SecOps efficiency lift (risk-adjusted) | $985,313 $985,313 | $1,333,120 $1,333,120 | $2,003,121 $2,003,121 | ||
Three-year total: $4,321,553 $4,321,553 | Three-year present value: $3,502,465 $3,502,465 |
Evidence and data. Palo Alto Networks Prisma Cloud enhanced DevOps’ visibility into its cloud development, and by doing so, it helped teams contextualize misconfigurations and vulnerabilities so they could take precise and immediate action. Through Prisma Cloud’s scans and alerts, the interviewees’ organizations were able to identify and resolve software vulnerabilities in a timely manner.
“We can now fix this prior to things going to production, without having to raise issues to the executive team — this is where our cloud development is at.”
Senior security analyst, financial services
Modeling and assumptions. For the composite organization, Forrester assumes the following:
At before implementing Prisma Cloud, DevOps FTEs might spend 0 hours addressing vulnerabilities and exposures in Year 1, 0 in Year 2, and 0 in Year 3.
Risks. The expected financial impact is subject to risks and variation based on several factors, including:
Results. To account for these risks, Forrester adjusted this benefit downward by 15%, yielding a three-year, risk-adjusted total PV of $1.8 million.
For , this benefit might have a three-year, risk-adjusted total PV of .
“Developers use Prisma Cloud at the IDE level, which prevents faulty code from being released. That is a massive and exciting improvement.”
Cloud security engineer, healthcare
“Prisma Cloud helps us find things faster and sooner. We’re not expecting breaches, and it’s attributed to Palo [Alto Networks] helping us find vulnerabilities before or early so we can remediate faster. We’re not playing catchup.”
Cloud manager, professional services
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
B1 | DevOps time spent addressing vulnerabilities and exposures introduced by new cloud developments (hours) | CompositeComposite | 31,20031,200 | 46,80046,800 | 70,72070,720 | |
B2 | Additional, shift-left DevOps hours addressing vulnerabilities and exposures earlier in the development lifecycle | InterviewsInterviews | 3,1203,120 | 4,6804,680 | 7,0727,072 | |
B3 | Reduction in time needed to address vulnerabilities due to shift-left efficiencies enabled by Prisma Cloud | InterviewsInterviews | 60%60% | 60%60% | 60%60% | |
B4 | Productivity recapture | Assumption | 60%60% | 60%60% | 60%60% | |
B5 | Average fully burdened hourly salary: DevOps (rounded) | TEI standard | $68 $68 | $68 $68 | $68 $68 | |
Bt | DevOps shift left and productivity lift | (B1*B3*B4*B5)-( B2*B5) | $551,616 $551,616 | $827,424 $827,424 | $1,250,330 $1,250,330 | |
Risk adjustment | ↓15% | |||||
Btr | DevOps shift left and productivity lift (risk-adjusted) | $468,874 $468,874 | $703,310 $703,310 | $1,062,781 $1,062,781 | ||
Three-year total: $2,234,965 $2,234,965 | Three-year present value: $1,805,980 $1,805,980 |
Evidence and data. Like all companies, the interviewees’ organizations rely on software to power their business. But a majority of their codebases include open source software, which left their applications’ code at risk due to third-party sources. Palo Alto Networks Prisma Cloud’s software composition and infrastructure as code analysis tools significantly reduced the number of vulnerabilities reaching production by helping developers remediate vulnerabilities and keep libraries up to date. The result was increased cloud posture, far fewer alerts, and less misconfiguration risk for security and development teams having to spend time remediating.
Modeling and assumptions. For the composite organization, Forrester quantifies the impact of significant material data breaches and assumes the following:
might face an average number of data breaches per year from cloud workloads of 0 in Year 1, 0 in Year 2, and 0 in Year 3.
At , the proportion of employees affected by each data breach might be face an average number of data breaches per year from cloud workloads of 0% in Year 1, 0% in Year 2, and 0% in Year 3.
Risks. The expected financial impact is subject to risks and variation based on several factors, including:
Results. To account for these risks, Forrester adjusted this benefit downward by 20%, yielding a three-year, risk-adjusted total PV of $2.8 million.
For , this benefit might have a three-year, risk-adjusted total PV of .
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | ||
---|---|---|---|---|---|---|---|
C1 | Average number of data breaches per year from cloud workloads | Forrester research | 0.80.8 | 1.21.2 | 1.81.8 | ||
C2 | Average potential cost of data breach | Forrester research | $3,026,370 $3,026,370 | $3,026,370 $3,026,370 | $3,026,370 $3,026,370 | ||
C3 | Reduced likelihood of a cloud data breach with Prisma Cloud | Forrester research | 27%27% | 27%27% | 27%27% | ||
C4 | Subtotal: Avoided costs of remediation, customer resolution, fines, brand rebuild, and all other external-facing costs | C1*C2*C3 | $653,696 $653,696 | $980,544 $980,544 | $1,470,816 $1,470,816 | ||
C5 | Number of internal business users | CompositeComposite | 15,00015,000 | 15,00015,000 | 15,00015,000 | ||
C6 | Average percentage of employees affected per breach | CompositeComposite | 10%10% | 15%15% | 17%17% | ||
C7 | Diminished / eliminated internal user productivity hours per breach | Forrester research | 3.63.6 | 3.63.6 | 3.63.6 | ||
C8 | Average fully burdened hourly salary: Business user (showing rounded value) | TEI standard | $42 $42 | $42 $42 | $42 $42 | ||
C9 | Subtotal: Cost of reduced internal productivity | C5*C6*C7*C8*C1 | $181,440 $181,440 | $408,240 $408,240 | $694,008 $694,008 | ||
Ct | Material breach risk reduction savings | C4+C9 | $835,136 $835,136 | $1,388,784 $1,388,784 | $2,164,824 $2,164,824 | ||
Risk adjustment | ↓20% | ||||||
Ctr | Material breach risk reduction savings (risk-adjusted) | $668,109 $668,109 | $1,111,027 $1,111,027 | $1,731,859 $1,731,859 | |||
Three-year total: $3,510,995 $3,510,995 | Three-year present value: $2,826,747 $2,826,747 |
Evidence and data. Security compliance reporting is critical to organizations to both understand and comply with standards and avoid fines and associated costs. Interviewees informed Forrester of the following:
Modeling and assumptions. Forrester models this benefit category based on the customer interviews and the following additional factors:
90%
Reduction in compliance reporting effort
“Internal audits are now under one week, when it used to be a month. There is no lie there.”
Cloud manager, professional services
With Prisma Cloud, might reduce total audit time by 0% in Year 1, 0% in Year 2, and 0% in Year 3.
Risks. Forrester accounts for variability and potential risks that may impact the financial model, including:
Results. To account for these risks, Forrester adjusted this benefit downward by 10%, yielding a three-year, risk-adjusted total PV of $1.3 million.
For , this benefit might have a three-year, risk-adjusted total PV of .
Ref. | Metric | Source | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|
D1 | DevOps hours to create and document each control | InterviewsInterviews | 2,5602,560 | 2,5602,560 | 2,5602,560 | |
D2 | Compliance analyst hours to aggregate, produce, and revise reports | InterviewsInterviews | 6,1606,160 | 6,1606,160 | 6,1606,160 | |
D3 | Compliance manager hours to consume and validate reports | AssumptionAssumption | 5,2805,280 | 5,2805,280 | 5,2805,280 | |
D4 | Reduction in time to create, review, and consume reporting with Prisma Cloud | InterviewsInterviews | 90%90% | 90%90% | 90%90% | |
D5 | Productivity recapture | Composite | 70%70% | 70%70% | 70%70% | |
D6 | Average fully burdened hourly salary: compliance analyst (rounded) | TEI standard | $44 $44 | $44 $44 | $44 $44 | |
D7 | Average fully burdened hourly salary: compliance manager (rounded) | TEI standard | $59 $59 | $59 $59 | $59 $59 | |
D8 | Subtotal: Labor saved from reporting efficiencies (rounded) | [(D1*B5)+(D2*D6)+(D3*D7)]*(D4*D5) | $476,683 $476,683 | $476,683 $476,683 | $476,683 $476,683 | |
D9 | Internal audit events | Composite | 44 | 44 | 44 | |
D10 | Internal auditor FTEs | CompositeComposite | 55 | 55 | 55 | |
D11 | Total internal audit hours per event | D10*40 hours | 200200 | 200200 | 200200 | |
D12 | External audit events | Composite | 11 | 11 | 11 | |
D13 | External auditors | CompositeComposite | 33 | 33 | 33 | |
D14 | Total external audit hours per event | D13*160 hours | 480480 | 480480 | 480480 | |
D15 | External compliance professional hourly rate | Composite | $250 $250 | $250 $250 | $250 $250 | |
Dt | Reduction in total audit time due to improved evidence tracking, monitoring, and reviewing | CompositeComposite | 52%52% | 58%58% | 67%67% | |
Subtotal: Audit compliance productivity lift | [(D9*D11*D6)+(D12*D14*D15)]*D16 | $80,704$80,704 | $90,016$90,016 | $103,984$103,984 | ||
Dtr | Compliance productivity lift | D8+D17 | $557,387$557,387 | $566,699$566,699 | $580,667$580,667 | |
Three-year total: $1,534,278$1,534,278 | Three-year present value: $1,270,193$1,270,193 |
Interviewees mentioned the following additional benefits that their organizations experienced but were not able to quantify:
The value of flexibility is unique to each customer. There are multiple scenarios in which a customer might implement Prisma Cloud and later realize additional uses and business opportunities, including:
Flexibility would also be quantified when evaluated as part of a specific project (described in more detail in Appendix A).
“Knowing that we were going multicloud, even though we’re AWS-focused, the features and possibilities that Prisma [Cloud] offered just made sense for us.”
Senior security analyst, financial services
Ref. | Cost | Initial | Year 1 | Year 2 | Year 3 | Total | Present Value |
---|---|---|---|---|---|---|---|
Etr | Licensing costs | $0$0 | $523,341$523,341 | $785,012$785,012 | $1,186,240$1,186,240 | $2,494,592$2,494,592 | $2,015,774$2,015,774 |
Ftr | Ongoing costs | $0$0 | $141,856$141,856 | $212,784$212,784 | $326,269$326,269 | $680,909$680,909 | $549,945$549,945 |
Gtr | Implementation and training costs | $27,702$27,702 | $0$0 | $0$0 | $0$0 | $27,702$27,702 | $27,702$27,702 |
Total costs (risk-adjusted) | $27,702$27,702 | $665,197$665,197 | $997,796$997,796 | $1,512,508$1,512,508 | $3,203,203$3,203,203 | $2,593,421$2,593,421 |
Evidence and data. Costs for licensing depend on workloads and applications being secured. The following costs from Palo Alto Networks include support and implementation services.
Modeling and assumptions. Forrester models this cost category based upon the following:
Licensing costs for are estimated based on cloud usage. The costs are automated estimates only and do not constitute a quote. For more details on pricing, please contact Palo Alto Networks.
Risks. Forrester factors the impact of potential differences that might influence the cost for other organizations. Possible risks include:
Results. To account for these risks, Forrester adjusted this cost upward by 5%, yielding a three-year, risk-adjusted total PV (discounted at 10%) of $2.0 million.
For , this cost might have a three-year, risk-adjusted total PV of .
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
E1 | Palo Alto Networks Prisma Cloud Licensing | Palo Alto Networks | $0$0 | $498,420$498,420 | $747,630$747,630 | $1,129,752$1,129,752 | |
Et | Licensing costs | E1 | $0$0 | $498,420$498,420 | $747,630$747,630 | $1,129,752$1,129,752 | |
Risk adjustment | ↑5% | ||||||
Etr | Licensing costs (risk-adjusted) | $0$0 | $523,341$523,341 | $785,012$785,012 | $1,186,240$1,186,240 | ||
Three-year total: $2,494,592$2,494,592 | Three-year present value: $2,015,774$2,015,774 |
Evidence and data. Ongoing costs reflect internally borne costs. Interviewees expressed that:
Modeling and assumptions. Forrester models this cost category based upon the following:
“Palo Alto [Networks] has helped us become a proactive cloud security team, which has served us well and justified the cost.”
Cloud manager, professional services
Risks. Forrester factors the impact of potential differences that might influence the costs for other organizations. Possible risks include:
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV of $550,000.
For , this cost might have a three-year, risk-adjusted total PV of .
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
F1 | SecOps FTEs required to support developers | InterviewsInterviews | 0.00.0 | 1.01.0 | 1.51.5 | 2.32.3 | |
F2 | Average fully burdened salary: SecOps (showing rounded value) | TEI standard | $128,960$128,960 | $128,960$128,960 | $128,960$128,960 | $128,960$128,960 | |
Ft | Ongoing costs | F1*F2 | $0$0 | $128,960$128,960 | $193,440$193,440 | $296,608$296,608 | |
Risk adjustment | ↑10% | ||||||
Ftr | Ongoing costs (risk-adjusted) | $0$0 | $141,856$141,856 | $212,784$212,784 | $326,269$326,269 | ||
Three-year total: $680,909$680,909 | Three-year present value: $549,945$549,945 |
Evidence and data. Interviewees expressed that implementation was not difficult; rather, the costs were borne of adjusting prior policies and permissions to Prisma Cloud. Forrester heard the following:
Risks. Forrester factors the impact of potential differences that might influence the costs for other organizations. Possible risks include:
Results. To account for these risks, Forrester adjusted this cost upward by 10%, yielding a three-year, risk-adjusted total PV of $28,000.
For , this cost might have a three-year, risk-adjusted total PV of .
Ref. | Metric | Source | Initial | Year 1 | Year 2 | Year 3 | |
---|---|---|---|---|---|---|---|
G1 | Planning, implementation, and integration hours | CompositeComposite | 240240 | 00 | 00 | 00 | |
G2 | Average fully burdened hourly salary: SecOps (showing rounded value) | A6 | $62$62 | $62$62 | $62$62 | $62$62 | |
G3 | Subtotal: Planning, implementation, and integration costs | G1*G2 | $14,880 $14,880 | $0 $0 | $0 $0 | $0 $0 | |
G4 | Training hours | InterviewsInterviews | 1616 | 1616 | 1616 | 1616 | |
G5 | SecOps training FTEs | CompositeComposite | 66 | 00 | 00 | 00 | |
G6 | DevOps training FTEs | CompositeComposite | 44 | 00 | 00 | 00 | |
G7 | Average fully burdened hourly salary: DevOps (showing rounded value) | B5 | $68$68 | $68$68 | $68$68 | $68$68 | |
G8 | Subtotal: Training costs | (G4*G5*G2)+(G4*G6*G7) | $10,304$10,304 | $0$0 | $0$0 | $0$0 | |
Gt | Implementation and training costs | G3+G8 | $25,184$25,184 | $0$0 | $0$0 | $0$0 | |
Risk adjustment | ↑10% | ||||||
Gtr | Implementation and training costs (risk-adjusted) | $27,702$27,702 | $0$0 | $0$0 | $0$0 | ||
Three-year total: $27,702$27,702 | Three-year present value: $27,702$27,702 |
The financial results calculated in the Benefits and Costs sections can be used to determine the ROI, NPV, and payback period for the composite organization’s investment. Forrester assumes a yearly discount rate of 10% for this analysis.
These risk-adjusted ROI, NPV, and payback period values are determined by applying risk-adjustment factors to the unadjusted results in each Benefit and Cost section.
Initial | Year 1 | Year 2 | Year 3 | Total | Present Value | |
---|---|---|---|---|---|---|
Total costs | ($27,702)($27,702) | ($665,197)($665,197) | ($997,796)($997,796) | ($1,512,508)($1,512,508) | ($3,203,203)($3,203,203) | ($2,593,421)($2,593,421) |
Total benefits | $0$0 | $2,623,944$2,623,944 | $3,657,486$3,657,486 | $5,320,361$5,320,361 | $11,601,791$11,601,791 | $9,405,385$9,405,385 |
Net benefits | ($27,702)($27,702) | $1,958,747$1,958,747 | $2,659,691$2,659,691 | $3,807,853$3,807,853 | $8,398,588$8,398,588 | $6,811,964$6,811,964 |
ROI | 263%263% | |||||
Payback period (months) | <6<6 |
Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
Benefits represent the value delivered to the business by the product. The TEI methodology places equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of the technology on the entire organization.
Costs consider all expenses necessary to deliver the proposed value, or benefits, of the product. The cost category within TEI captures incremental costs over the existing environment for ongoing costs associated with the solution.
Flexibility represents the strategic value that can be obtained for some future additional investment building on top of the initial investment already made. Having the ability to capture that benefit has a PV that can be estimated.
Risks measure the uncertainty of benefit and cost estimates given: 1) the likelihood that estimates will meet original projections and 2) the likelihood that estimates will be tracked over time. TEI risk factors are based on “triangular distribution.”
The present or current value of (discounted) cost and benefit estimates given at an interest rate (the discount rate). The PV of costs and benefits feed into the total NPV of cash flows.
The present or current value of (discounted) future net cash flows given an interest rate (the discount rate). A positive project NPV normally indicates that the investment should be made unless other projects have higher NPVs.
A project’s expected return in percentage terms. ROI is calculated by dividing net benefits (benefits less costs) by costs.
The interest rate used in cash flow analysis to take into account the time value of money. Organizations typically use discount rates between 8% and 16%.
The breakeven point for an investment. This is the point in time at which net benefits (benefits minus costs) equal initial investment or cost.
The initial investment column contains costs incurred at “time 0” or at the beginning of Year 1 that are not discounted. All other cash flows are discounted using the discount rate at the end of the year. PV calculations are calculated for each total cost and benefit estimate. NPV calculations in the summary tables are the sum of the initial investment and the discounted cash flows in each year. Sums and present value calculations of the Total Benefits, Total Costs, and Cash Flow tables may not exactly add up, as some rounding may occur.
1 Total Economic Impact is a methodology developed by Forrester Research that enhances a company’s technology decision-making processes and assists vendors in communicating the value proposition of their products and services to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to both senior management and other key business stakeholders.
2 Source: Forrester Consulting Cost Of A Security Breach Survey, Q4 2020
3 Source: “Security Survey, 2022,” Forrester Research, Inc., September 12, 2022.
4 Ibid.
5 Ibid.
6 Ibid.
Forrester provides independent and objective research-based consulting to help leaders deliver key transformation outcomes. Fueled by our customer-obsessed research, Forrester’s seasoned consultants partner with leaders to execute on their priorities using a unique engagement model that tailors to diverse needs and ensures lasting impact. For more information, visit forrester.com/consulting.
© Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies.
Cookie Preferences
Accept Cookies
Decline
Close
This website uses cookies to deliver functionality and enhance your experience. GDPR requires that we obtain your consent before activating these cookies. Please accept the use of cookies or review your cookie settings now.
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions (data inputs, website navigation), so you don’t have to re-enter data when you come back to the site or browse from one page to another.
Behavioral information collected by our web analytics vendor is used to analyze data pertaining to visitor trends, plan website enhancements, and measure overall website effectiveness. We may also use cookies or web beacons to help us offer you products, programs, or services that may be of interest to you and to deliver relevant advertising. We may use third-party advertising companies to help tailor website content to users or to serve ads on our behalf. These companies may also employ cookies and web beacons to measure advertising effectiveness.
Please accept cookies and the collection of behavioral information to receive full functionality and enhance your experience. If you decline cookies, some features of the website may not function normally.
Please see our
Privacy Policy for more information.