Getting zero trust strong needs to start by applying microsegmentation to every network endpoint at scale, reducing cyberattackers’ ability to move laterally across a network, and stopping breaches before they happen.
Think of zero trust as the fitness plan your business needs to get stronger. The goal is to be strong enough to protect operations from disruption, increasing network reliability and efficiency while reducing operating costs. Taking on the challenge of getting microsegmentation right is where to start. Like zero trust, microsegmentation implementations don’t have to be complex and costly to be effective.
What’s essential is developing a mindset that a breach will happen. It’s not a matter of if one will; it’s a question of when. CISOs tell me that mindset is essential to getting their zero-trust frameworks in place and excelling at microsegmentation. Making microsegmentation part of the muscle memory of any organization is essential to becoming stronger at zero trust and is a key part of any cybersecurity fitness plan.
Microsegmentation Needs To Drive Zero Trust
At the core of any successful zero-trust strategic initiative is ensuring least privileged access is achieved on every device, endpoint, and identity, whether human or machine. Microsegmentation is core to zero trust because it’s designed to isolate identities into segments, regardless of their origin. By treating every identity’s endpoint as a separate micro-segment as Airgap’s Zero Trust Everywhere solution does, granular context-based policy enforcement for every attack surface and endpoint is achieved, killing any chance of lateral movement through the network. AirGaps’ Trust Anywhere architecture also includes an Autonomous Policy Network that scales microsegmentation policies network-wide immediately.
AirGap’s unique approach has captured why microsegmentation is included in the definitive standard for zero trust from the National Institute of Standards (NIST). Their Zero Trust Architecture Guidelines NIST SP, 800-207, underscore the critical role of microsegmentation in attaining zero trust compliance corporate-wide.
Microsegmentation techniques are also pivotal in stopping and containing intrusion attempts. Forrester’s Trusting Zero Trust study found that 75% of CISO- and director-level leaders consider microsegmentation a key technology foundation for achieving their zero-trust strategic initiatives and are seeing results from their investments. Ponemon Institute’s 2022 report, Managing Risks & Costs At The Edge, found that 54% of organizations have had an average of five attacks on their endpoints in the past year. The annual cost of these annual attacks is $1.8 million or $360,000 per attack. Microsegmentation is proving its value by stopping intrusions and breaches.
Building A Business Case For Microsegmentation
A strong business case for microsegmentation is essential for organizations to keep pursuing and achieving their zero-trust initiatives and goals. By comparing benefits and costs, it’s possible to define the Return on Investment (ROI) of investing in microsegmentation that fits a given business's specific, unique needs. This section intends to provide a baseline framework for assessing benefits versus costs to calculate the ROI of investing in microsegmentation.
Figures used in these examples are from interviews with CISOs of mid-size and large-scale enterprises who requested anonymity, given the confidential nature of the data. They are real-world examples of microsegmentation making a difference in operating costs while reducing risks.
The following are the benefits that need to be included in a business case for microsegmentation:
- Not requiring frequent software agent updates on endpoints reduces IT Help Desk time and costs. When CISOs were asked how much they would save if they didn’t have to install and support updates to endpoint software, they said it would easily save 1,250 hours a year of Help Desk time. They also said there are inevitable software conflicts on endpoints that cost more time to troubleshoot and solve. Total wasted time on IT Help Desks from keeping endpoint software current, and conflict-free with other agents is 1,500 hours a year on average. A fully burdened cost per hour of $125 saves $187,000 a year in a company with just over 1,000 employees.
- Improving network visibility and control and securing asset access using Multi-Factor Authentication (MFA) and Single Sign-On (SSO) averted several ransomware attacks for a financial services firm. The average cost of a single breach is $360,000 based on Ponemon’s latest study, making just the primary costs of seven breaches $2.5 million. CISOs who spoke anonymously say they know of several major ransomware attacks in the last year aimed at their organizations. Total benefit of repelling ransomware attacks microsegmentation to the endpoint level is $2.5 million. For this analysis, assembling a micro-segmented endpoint that will block at least one ransomware attack is reasonable, making the baseline benefit value $360,000.
- No more firefighting intrusion attempts using trial-and-error techniques that bring cybersecurity and IT teams in over weekends and holidays at overtime rates. CISOs say playing whack-a-mole with intrusion and breach attempts and then trying to remove the ransomware code that’s successfully infiltrated their networks burns their teams out. One CISO of a cloud-based enterprise software provider said to have teams working seven days a week to solve breaches. CISOs say they’re losing employees, which also drains productivity. Overtime salary and material costs for a CISO supporting a 1,000-person company average 850 hours per incident at a fully burdened hourly cost of $125, costing $106,250. Microsgementing every endpoint using a DHCP-enabled gateway, as Air Gaps’ Zero Trust Anywhere solution does, would alleviate this cost.
- Eliminating network zones is no longer needed, reducing hardware, software, and services licensing and maintenance costs. CISOs said that microsegmentation helps identify which network zones are the most underutilized and contributing to delays. Eliminating network zones, not in use lowers software licensing and maintenance contracts. For the CISO of an organization with 300 employees, he says that microsegmentation helped identify 15 no longer needed zones. Each zone was burning $3,600 a year in hardware, software, and licensing fees, all of which could be saved by eliminating the endpoints in those no longer needed. Total savings from eliminating 15 zones no longer needed is $54,000 annually.
- Reducing the risk of fines and regulatory action by enforcing security controls consistently. Microsegmentation helps reduce compliance costs by making it easier to implement and enforce security controls required by regulatory and industry compliance standards. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to maintain consistent security standards across their networks to protect the confidentiality, integrity, and availability of protected health information (PHI). Tier 1 HIPAA fines start at $10,000 per violation, with an annual maximum of $50,000, and Tier 2 is $50,000 per violation, with an annual maximum of $1.5 million. Legal costs to contest a data security violation can average $25,000 in legal fees alone.
Creating A Compelling Business Case For Microsegmentation
The following are the microsegmentation costs that need to be included in the business case:
- Annual, often multi-year microsegmentation licensing costs. Microsegmentation providers vary in their pricing models, costs, and fees. Subscription fees of $50,000 a year are assumed for this analysis.
- Change management, implementation, and integration costs increase with IT security, Operations, and IT Service Management (ITSM) integration complexity. Expect an average price of between $40K to over $100K to integrate microsegmentation with the current security stack, including security information and event management (SIEM) systems.
The best microsegmentation business cases provide a 360-degree view of costs, benefits, and why taking action now is needed.
Knowing the initial software and services costs to acquire and integrate microsegmentation across an organization. CISOs say they’ve doubled down on training, change management, and ongoing support costs to ensure successful implementation.
Many include the following equation to provide an ROI estimate in their business cases. The Return on Investment (ROI) for the microsegmentation initiative is calculated as follows:
|Microsegmentation Benefit||Savings Per Year|
|Not requiring software agents on endpoints reduces IT Help Desk time and costs.||$187,000|
|Improving network visibility and control and securing asset access using Multi-Factor Authentication (MFA) and Single Sign-On (SSO).||$360,000|
|No more firefighting intrusion attempts using trial-and-error techniques that bring cybersecurity and IT teams in over weekends and holidays at overtime rates.||$106,250|
|Eliminating network zones and reducing hardware, software, and services licensing and maintenance costs.||$54,000|
|Reducing the risk of fines and regulatory action by enforcing security controls consistently (starting with legal fees to contest a HIPAA violation)||$25,000|
|Value Of Microsegmentation Benefits Based On CISO’s Cost Estimates||$732,250|
Based on CISOs’ cost estimates of microsegmentation having the potential to save $732,250 a year and the assumption of AirGap’s Zero Trust Everywhere solution costing $150,000 a year, investing in microsegmentation will yield a return of $3.88 for every dollar invested.
Additional factors to keep in mind when building a business case for microsegmentation :
- Microsegmentation ROI estimates fluctuate, and it's best to get started with a pilot to capture live data with budgets available at the end of a quarter. Typically, organizations will allocate the remaining IT security budgets at the end of a quarter, which is an excellent time to ask for a budget for a microsegmentation pilot.
- Define and measure microsegmentation initiatives' progress using a digitally-enabled dashboard that can be shared across any device, anytime. Enabling everyone supporting and involved in microsegmentation and zero trust initiatives needs to know what success looks like. A digitally-enabled dashboard that clearly shows each goal or objective and the company's progress toward them is critical to success. AirGaps’ centralized cloud-delivered management and analytics can help.
Bottom Line: CISOs say microsegmentation can pay for itself within months of successfully defending against breaches, and based on their cost estimates, every dollar spent yields $3.88 in value.