Shift Security Spending From Capex to Predictable Opex

As an organization expands, it needs infrastructure to support the business. It needs buildings to hold people, equipment to service customers, networking, and telecommunication. And, of course, it must have security to protect applications and information.

The traditional model for building out infrastructure is to purchase it, which comes along with other ancillary costs, such as maintenance, upgrades, and the cost to retire the asset. These capital expenditures need to be planned in anticipation of needs over the entire usable life of the asset. Those needs greatly affect how the organization spends its money and can be particularly tricky during periods of growth.

Suppose a business is entering a new territory and opens an office with five employees, but expects to expand to 50 employees within five years. If the usable life of a network appliance is five years, should IT spending be based on the needs of five people, 50 people, or something in between? These considerations drive spending concerns because it isn’t an optimal use of capital to purchase capacity that isn’t needed.

Businesses change in unpredictable ways, as well. An acquisition could change a company’s infrastructure requirements overnight. One hit product could exponentially accelerate a company’s growth. Executive strategies may require entering new markets while exiting others. All these events can alter how much infrastructure is needed in a particular area.

Operational expenses are also hard on budgets. That’s because they can be forecasted, but the actual spend isn’t usually realized until incurring the actual expense. Unplanned needs may drive spending far in excess of the original budget.

In terms of both capital and operational expenditure, traditional infrastructure suffers from imperfect information about future needs and inflexibility to change. In many situations, it would be far easier to make decisions based on near-term consumption requirements rather than long-term capacity forecasts. This kind of flexibility is precisely what makes the cloud a practical platform for the delivery of services, including security.

In the case of security, Palo Alto Networks GlobalProtect cloud service and Logging Service help organizations deploy the security their remote networks and mobile users need, on security infrastructure managed by Palo Alto Networks. It uses a simple, predictable licensing model that replaces Capex with predictable Opex so organizations can subscribe based on need. If needs change in the future, security teams can easily expand capacity.

Learn more:

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS