Ronald Hudson - Fotolia


How to calculate SASE return on investment and costs

SASE return on investment will vary for each organization, depending on use cases and architecture requirements. But the metrics used to determine ROI and cost factors are the same.

Digital transformation has accelerated thanks to global adoption of "everything as a service," backed by the tailwinds of the COVID-19 pandemic that bolstered online shopping, online investing and remote work. Now, IT teams are starting to refrain from racking and stacking servers and hardware in data centers, transitioning instead to infrastructure as code. Application workloads have transformed to run seamlessly on public cloud infrastructure and benefit from the shared responsibility cloud model.

It is natural that companies will follow the trend and move their self-managed, in-house security to an as-a-service model operated from the cloud. The main drivers of this model are scalability, agility, new business models and the cost reduction needed for companies to continue their growth.

One result of this as-a-service trend is the emergence of Secure Access Service Edge (SASE), an architecture that converges network and security functions into a cloud-based platform. While SASE is a relatively new term, the market is growing rapidly and crowding with new and existing players.

Types of SASE frameworks

The various SASE offerings have slightly different approaches and, in some cases, address different niche markets. If we ignore the architectural differences of the various offerings, we see they are here to fulfill the same purpose: secure and connect remote workforces to their workplaces, regardless of where they are located.

SASE frameworks can be divided into two main buckets: network as a service and security as a service.

Network as a service. This framework mainly refers to software-defined WAN (SD-WAN) options, and it creates a virtual private overlay network on top of public internet infrastructure. Depending on the vendor, network as a service is available via three deployment options, such as a hardware appliance, a software client or clientless, which currently has some limitations.

Security as a service. This framework contains interconnected layers that include zero-trust network access (ZTNA), cloud access security brokers (CASBs), secure web gateway (SWGs) or firewall as a service, and DNS security.

To summarize, SASE provides security controls and visibility for companies that need their employees to browse the internet and access corporate resources and SaaS applications -- which often use BYOD devices, like home PCs or mobile phones, to perform these tasks.

Analyze IT budget breakdowns

With any new technology teams might buy for their business, they must do the proper due diligence and build a business case. This requires them to model how a new technology will affect their business's bottom line and identify the ROI. In the case of security offerings, ROI is calculated by reference to the risk mitigation. When it comes to SASE, however, risk is a primary driver for adoption, but the ROI components are more complex.

To justify SASE investment, teams need to analyze the breakdown of cost factors in their current IT budgets and try to understand which items will become obsolete by transitioning to SASE. Below are six IT budget areas teams should analyze:

  1. physical infrastructure
  2. inbound connectivity
  3. outbound connectivity
  4. logging and monitoring
  5. administration and manpower
  6. data sources

The image below details common components that fall under each of those budget areas.

IT budget breakdown
This IT budget breakdown helps teams analyze how SASE deployment might affect other cost areas.

Assess SASE Capex and Opex

Multiple cost factors exist when looking at SASE components, some related to Capex and some to Opex. Both Capex and Opex, however, are tightly coupled to an organization's requirements and architecture.

The chart below looks at the eight following SASE components and provides information about related Capex and Opex considerations:

  1. CASB and data loss prevention
  2. identity provider
  3. initial setup
  4. SD-WAN
  5. SWG
  6. services
  7. support
  8. ZTNA
SASE Capex and Opex breakdown
This chart breaks down how SASE components fall under Capex and Opex.

Understand SASE ROI metrics

SASE ROI could be high in some cases, especially if teams are approaching equipment refreshes. To understand SASE ROI, teams should first break it down into building blocks they can quantify and create a model that represents their organization. There is no silver bullet or single formula to calculate SASE ROI, so enterprises need to assess it case by case.

That said, while the building blocks may vary, the following metrics are commonly used to measure the ROI of SASE transformation.

1. Increased security posture and risk reduction

The ZTNA model is the major contributor in SASE architecture that helps reduce the risk factor and bolster the security model. SASE also reduces risk because the remote workforce no longer connects to organization resources over insecure internet connections. Enterprises further increase security by ensuring users are always protected while they browse. The security posture also shifts left, as the maintenance and patching of underlying technology becomes part of the SASE provider shared responsibility model.

The suggested approach is for teams to identify the main ROI metric relevant to their specific organization and then identify two additional supporting ROI items.

2. Scalability

Fulfilling the demand for secure connectivity for a remote workforce requires capacity planning that would be fulfilled by the elasticity of the SASE service provider and its underlying private or public cloud infrastructure. The pay-per-user business model brings the elasticity required for company growth.

3. Cost optimization

SASE implementation typically doesn't require the purchase of additional technology, such as software or appliances. This factor is where most of the cost optimization originates. But SASE software does include licensing and annual subscription fees, including integration efforts and costs.

4. Operational efficiency

SASE provides one pane of glass for multiple network and security services and tools. Naturally, this increases operational efficiency so the existing workforce can support growing demand and company growth. Further, SASE onboarding and usage with a ZTNA-based model are more straightforward compared to a traditional VPN.

5. Speed and agility

Faster routing and connectivity contribute to increased transfer speeds and overall productivity, mostly for SaaS services, such as Microsoft 365, Salesforce and others.

6. Affordability

The pay-per-user business model provides predictable service costs, compared to a model in which teams build, run and scale on their own. Most SASE vendors support a pay-per-user model, which is also well aligned with the dynamic environment modern organizations face from the effects of COVID-19.

7. Capex

As noted with the Capex chart above, SASE can help significantly reduce Capex.

8. UX

By aggregating many services under one umbrella, SASE enables end users to have similar experiences while browsing, connecting to work and uploading files to SaaS services.

Create the ROI model

It is important to note that every company is different and has its unique use cases. Hence, the items used to model SASE ROI will be different. The suggested approach is for teams to identify the main ROI metric relevant to their specific organization and then identify two additional supporting ROI items. Once teams have identified those items, they should make the assessment and create a model that calculates the ROI for three and five years. This is a straightforward task that can provide teams with the required answers to see if SASE will contribute to their organization.

Next Steps

Explore 5 SASE products to cut through the truth vs. hype

Cisco network as a service for hybrid clouds on the horizon

Dig Deeper on Network security

Unified Communications
Mobile Computing
Data Center