TotalEconomicImpactStudyOfSymantecProtectionSuiteEnterpriseEdition DaiNA Cta57149

8/13/2019 TotalEconomicImpactStudyOfSymantecProtectionSuiteEnterpriseEdition DaiNA Cta57149

1/28

A Forrester Total Economic Impact Study Prepared For Symantec

The Total Economic Impact Of Symantec ProtectionSuite Enterprise Edition

Project Director: Sadaf Roshan Bellord

December 2011


2/28

Forrester Consulting

The Total Economic Impact Of Symantec Protection Suite Enterprise Edition

Page 1

TABLE OF CONTENTS

Executive Summary ................................................................................................................................................................................. 2Improvement In Vendor Management And Productivity Savings .......................................................................................... 2Factors Affecting Benefits And Costs ............................................................................................................................................. 5Disclosures ........................................................................................................................................................................................... 5

TEI Framework And Methodology ...................................................................................................................................................... 6Analysis ...................................................................................................................................................................................................... 7

Interview Highlights .......................................................................................................................................................................... 7Costs .................................................................................................................................................................................................... 10Benefits ............................................................................................................................................................................................... 13Flexibility............................................................................................................................................................................................ 19Risk ...................................................................................................................................................................................................... 20

Financial Summary ................................................................................................................................................................................ 22Symantec Protection Suite Enterprise Edition: Overview .............................................................................................................. 23Appendix A: Composite Organization Description ....................................................................................................................... 23Appendix B: Total Economic Impact Overview ............................................................................................................................ 24Appendix C: Glossary ........................................................................................................................................................................... 25Appendix D: Endnotes .......................................................................................................................................................................... 26 2011, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources.

Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar, and Total

Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional

information, go to www.forrester.com.

About Forrester Consulting

Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in

scope from a short strategy session to custom projects, Forresters Consulting services connect you directly with research analysts who apply

expert insight to your specific business challenges. For more information, visit www.forrester.com/consulting.


3/28



Page 2

Executive Summary

In May 2011, Symantec commissioned Forrester Consulting to examine the total economic impact and potential return

on investment (ROI) enterprises may realize by deploying Symantec Protection Suite Enterprise Edition. The purpose

of this study is to provide readers with a framework to evaluate the potential financial impact of the Symantec

Protection Suite Enterprise Edition on their organizations.

The organizations interviewed noted that through the use of Symantec Protection Suite Enterprise Edition, they have

reduced vendor management costs, improved end user and IT administrative productivity, and enhanced reallocation

of IT human resources. In addition, by using Symantec Workflow, they have eliminated repeatable tasks that led to

additional IT administrative productivity improvement. The risk-adjusted ROI for our composite company with 750

users (see Interview Highlights section for detailed description of customers) is 152%, with a breakeven point (payback

period) after deployment of 15.5 months (see Figure 1).

Improvement In Vendor Management And Productivity SavingsForrester conducted a series of in-depth interviews with four existing Symantec customers. The purpose of these

interviews was to fully understand the challenges that these organizations were facing that led to consolidation of their

security vendors. These organizations varied in size, number of employees, and industries; therefore, we aggregated the

data collected. However, it is important to note that while these customers were doing business across government,

healthcare, and financial services industries, they share common challenges that needed to be addressed due to strict

regulations and compliance requirements applicable to their specific line of business.

Interviews with representative organizations revealed:

In the prior environment, these organizations were using Web, messaging, and endpoint security solutions tocontrol threats and manage incidents. However, the lack of integration across these systems required significant

day-to-day management to address actual incident response.

After implementation, these organizations identified a number of factors that led to IT and end user savings:o Improvement in the number of malicious spam emails reaching the corporate network and decline in

infections caused by users opening infected files or messages.

o Reduction in infected client devices, including decrease in the initial infections and decline in the spread ofan infection to other endpoints.

o Decrease in network traffic spikes and decline in number of infections resulting from users accessingexternal malware sites.

The integration offers protection that extends beyond using Web, messaging, and endpoint separately. During the in-

depth interviews, Forrester used a number of metrics to quantify the financial impact of using Symantec Protection

Suite Enterprise Edition. For the analysis, the following metrics were considered:

The difference in staff allocation to vendor management activities before and after consolidation.


4/28



Page 3

Improvement in end user downtime. Improvements in IT support efficiency and overall cost of protection.

In addition to the quantified benefits noted above, several organizations noted improvement and leverage in contractnegotiations and support escalation as a major factor that played a key role in their investment decision. Depending on

industry and extent of a breach, the potential cost of these incidents can easily escalate to millions of dollars.

Based on in-depth interviews with four Symantec customers and subsequent financial analysis, we created a composite

organization to model the financial impact of this implementation. We estimated the license and support costs for an

organization with 750 users (see Interview Highlights section for detailed description of customers). Please note that

total benefits and costs are presented as present value (PV) and discounted by 10% (see Framework Assumptions). The

net present value (NPV) calculates the difference in cost and benefits. See Appendix A for a description of the

composite organization. Numbers are rounded throughout the study. Risk-adjusted ROI, costs, and benefits are

illustrated in Table 1.

Table 1

Composite Organization Three-Year Risk-Adjusted ROI1

ROIPaybackperiod

Total benefits(PV)

Total costs(PV)

NPV

152% 15.5 months $434,476 ($172,273) $262,203

Source: Forrester Research, Inc.

Benefits.The composite organization experienced the following benefits that represent those experienced by theinterviewed companies:

o Vendor management cost savings.This benefit represents the reduction in management costs associatedwith running multiple vendors security products.

o IT productivity cost savings.This benefit represents reduction in help desk administrators efforts whenrestoring infected users machines.

o Reduced downtime for end users.This benefit represents improvement in end user productivity when thenumber of infections is controlled across Web, messaging, and endpoint.

o Cost avoidance resulting from reallocation of resources.This benefit represents the savings associated withreallocation of headcount.

o IT productivity gain resulting from Symantec Workflow.This benefit represents the IT productivitygained when using Symantec Workflow solution.


5/28



Page 4

Costs.The composite organization experienced the following costs:o Software license fees.This cost represents the investment in Symantec licenses and related annual support

fees.

o Internal implementation costs.This category represents IT resources allocated to discovery, testing, andimplementation.

o Training costs.This category represents training costs at initial implementation and Year 2.o Hardware costs.This category represents hardware necessary for implementation.

Table 2

Composite Organization Three-Year Risk-Adjusted Running Totals2

Category Initial Year 1 Year 2 Year 3

Costs ($163,926) ($163,926) ($174,026) ($174,026)

Benefits $113,455 $294,625 $536,345


Figure 1

Composite Organization Three-Year Risk-Adjusted Analysis


$0

$100,000

$200,000

$300,000

$400,000

$500,000

$600,000

Initial Year1 Year2 Year3

Costs

Benefits

Breakevenpointsat

15.5months


6/28



Page 5

Factors Affecting Benefits And CostsTable 1 illustrates the risk-adjusted financial results that were achieved by the composite organization. The risk-

adjusted values take into account any potential uncertainty or variance that exists in estimating the costs and benefits,

which produces more conservative estimates. The following factors may affect the financial results that an organization

may experience:

Standardizing on a single vendor has simplified integration and ongoing management tasks. Reducing the number of system security incidents as a result of receiving updates and patches accordingly has

been another factor resulting from better integration and communication among various IT groups managing

endpoint, Web, and messaging.

Using Symantec Workflow capabilities can help the organization eliminate repeatable tasks, which leads toadministrative productivity.

DisclosuresThe reader should be aware of the following:

The study is commissioned by Symantec and delivered by the Forrester Consulting group. Forrester makes no assumptions as to the potential ROI that other organizations will receive. Forrester strongly

advises that readers should use their own estimates within the framework provided in the report to determine the

appropriateness of an investment in Symantec Protection Suite Enterprise Edition.

Symantec reviewed and provided feedback to Forrester, but Forrester maintains editorial control over the studyand its findings and does not accept changes to the study that contradict Forresters findings or obscure the

meaning of the study.

The customer names for the interviews were provided by Symantec.


7/28



Page 6

TEI Framework And Methodology

Introduction

From the information provided in a series of in-depth interviews with four existing Symantec customers, Forrester hasconstructed a Total Economic Impact (TEI) framework for those organizations considering implementing Symantec

Protection Suite Enterprise Edition. The objective of the framework is to identify the cost, benefit, flexibility, and risk

factors that affect the investment decision.

Approach And Methodology

Forrester took a multistep approach to evaluate the impact that Symantec Protection Suite Enterprise Edition can have

on an organization (see Figure 2). Specifically, we:

Interviewed Symantec marketing and sales personnel and Forrester analysts to gather data relative to SymantecProtection Suite Enterprise Edition and the marketplace for application security.

Interviewed four organizations currently using Symantec Protection Suite Enterprise Edition to obtain data withrespect to costs, benefits, and risks.3

Designed a composite organization based on characteristics of the interviewed organizations (see Appendix A). Constructed a financial model representative of the interviews using the TEI methodology. The financial model is

populated with the cost and benefit data obtained from the interviews as applied to the composite organization.

Figure 2

TEI Approach


Forrester employed four fundamental elements of TEI in modeling Symantec Protection Suite Enterprise Editions

service:

1. Costs.2. Benefits to the entire organization.3. Flexibility.4. Risk.

Design composite

organization

Construct financial

model using TEIframework

Write case

study

Perform due

diligence

Conduct

customerinterviews


8/28



Page 7

Given the increasing sophistication that enterprises have regarding ROI analyses related to IT investments, Forresters

TEI methodology serves the purpose of providing a complete picture of the total economic impact of purchase

decisions. Please see Appendix B for additional information on the TEI methodology.

Analysis

Interview HighlightsA series of in-depth interviews were conducted for this study, involving IT security managers, an IT director, and a CIO

from the following companies:

1. A regional healthcare provider with 400 private beds in six locations. The organization has about 3,000 endusers.

2. A financial institution in business and commercial lending. The bank has about 600 employees and morethan $600 million in revenue.

3. A municipality with a population of 19,000 residents. The organization has about 2,000 users.4. A technology solutions provider to midsize organizations.

The interviews revealed the following:

As the number of security threats exponentially increases, a number of interviewees indicated that it is critical toensure that there is an equal level of protection across the endpoint, messaging, and Web layer. As users increase

their access to information across multiple entry points and are more often working remotely, these

organizations find it essential to stop infections and potential threats early before they reach a client machine and

expose the enterprise network to potential breach.

Customers interviewed have been using Symantec for many years. Some mentioned that they initiated the vendorconsolidation evaluation program to replace Symantec with a less expensive alternative. However, halfway into

the evaluation, they decided to standardize on Symantec. One IT director mentioned that Symantec is more

expensive, but it is quite a bit better-quality in comparison to the alternative security solution that we were

evaluating. It is also user-friendlier. As another example, a CIO said that their CEO was very forceful initially in

encouraging IT to implement another alternative. They hosted an extensive test environment and agreed to

deploy the alternative; in less than three months, they decided to discard the entire effort and repurchase

Symantec. According to the customer interviewed, the organization had many infections, resulting in downtime

and enormous amounts of time spent addressing incidents.

The final point in their decision process was the ability to more quickly identify the threat and rectify it. Mostorganizations interviewed said that having the leverage of greater contract value has resulted in faster response

from the Symantec support team.


9/28



Page 8

In regard to vendor management, all organizations interviewed agreed that they have saved 20% to 40% of theireffort associated with managing multiple security vendors. As a result, these organizations have better leverage

when negotiating their contracts with Symantec. Those interviewed agreed that their prior environments with

multiple vendor solutions with less integration made those solutions less transparent, but now they receive timely

updates and support with their issues. The time they spend on communication and coordination across IT teams

has significantly decreased because the systems are better aligned.

Regardless of their industry or size of their organization, interviewees believed that the growth and complexity oftodays security threats are stretching IT resources and budgets. Another universal theme was the ability to

manage the rapid expansion of threats and sophistication of security management without the need to grow IT

staff resources. Organizations interviewed were aiming for new ways to increase the level of protection while

maintaining IT costs. The representative organizations agreed that the ability to allocate IT resources to strategic

initiatives by reducing the need to physically monitor security incidents was essential when they were evaluating

security providers.

Composite Organization

Based on a series of interviews with the four existing Symantec customers, Forrester constructed a TEI framework, a

composite company, and an associated ROI analysis that illustrates the areas financially affected. The composite

organization that Forrester created represents an organization with 750 end users. The organization had limited IT

resources, with only 17 IT professionals on staff, and it was managing multiple security service providers.4The IT team

was spending lots of effort communicating between Web, messaging, and endpoint security providers to ensure that the

systems were secure and resources were being effectively used. Prior to consolidation, the ongoing management for

messaging, Web, and endpoints consumed total of 15% man-hours per each of the three employees that were managing

Web, messaging, and endpoint systems.

This consolidation offered better integration across its Web, messaging, and endpoint security; reduced ongoing

management efforts for tracking and monitoring security incidents; and provided greater leverage in contract

negotiations. The customers interviewed were in highly regulated industries. IT resource allocation also played a role in

selecting the best security option that allowed the organization to free up its staff so that they could focus on strategic

initiatives.

Framework Assumptions

Table 3 provides the model assumptions that Forrester used in this analysis.


10/28



Page 9

Table 3

Model Assumptions

Ref. Metric Calculation Value

A1 Hours per week 40

A2 Weeks per year 52

A3 Hours per year (M-F, 9-5) 2,080

A4 Average fully loaded salary of an end user $100,000

A5 Fully loaded hourly rate of an end user (A4/A3) $48

A6 Average fully loaded salary for IT manager $140,000

A7 Fully loaded hourly rate of IT manager (A6/A3) $67

A8Average fully loaded salary of securityarchitect

$105,000

A9 Fully loaded hourly rate of security architect (A8/A3) $50

A10Average fully loaded salary of emailadministrator

$90,000

A11Fully loaded hourly rate of an emailadministrator

(A10/A3) $43

A12

Average fully loaded salary of security

administrator $100,000

A13Fully loaded hourly rate of securityadministrator

(A13/A3) $48

A14Average fully loaded salary of desktopengineers

$62,000

A15Fully loaded hourly rate of desktopengineers

(A15/A3) $30

A16Average hourly rate for members whoparticipated in planning and testing

([A6+A7+A8+A9+A10*2]/6)A3 $45

A17Average hourly rate for members whoparticipated in implementation

([A7+A10*2]/3)A3 $37



11/28



Page 10

The discount rate used in the PV and NPV calculations is 10%, and time horizon used for the financial modeling is

three years. Organizations typically use discount rates between 8% and 16% based on their current environment.

Readers are urged to consult with their respective companys finance department to determine the most appropriate

discount rate to use within their own organizations.

CostsThe costs related to planning, testing, and implementing Symantec Protection Suite Enterprise Edition for the

composite organization over a three-year period are based on aggregated findings from the customers interviewed for

this TEI study. All costs are based on list prices and do not include any negotiated discounts. The following cost model

can serve as a framework for readers.

Software License And Support Costs

For the composite organization, this category presents 50% of the overall investment. It includes the upfront costs for a

three-year investment in Symantec Protection Suite Enterprise Edition. The fee of $112 per user includes license,content and version updates, and 24x7 support and reflects a list price volume discount for the composite organization.

Readers should note that this fee does not take into account incremental standard discounts for upgrades from

Symantec Endpoint Protection or other contributing Symantec products as well as any competitive displacement

discounts. Table 4 presents the calculation.

Table 4

Software License And Support Fees

Ref. Metric Calculation Per period

B1 License and support fees $112

B2 Number of licenses 750

Bt Software license and support fees B1*B2 $84,000


Implementation Costs

The implementation costs include the internal resources required to plan, negotiate, test, and deploy the solution. This

category represents 21% of the overall investment. The roles involved in this phase include security operation, IT

management, desktop engineers, and the security infrastructure and architecture team. We estimated that these

individuals contributed 80 hours each to the discovery and analysis phase, at an average fully loaded hourly rate of $45.5

Our interviewed customers said that they had spent, on average, several weeks on planning and testing before

deployment to ensure that the business owners and IT were in full agreement. During the deployment phase, security

operation and desktop engineers contributed 20 hours per week for six weeks to deploy the solution across the

organization. This preparation resulted in successful implementations for the companies that we interviewed; they met


12/28



Page 11

their service-level agreements and provided better availability to their internal and external users. Table 5 provides the

calculations for this section.

Table 5

Implementation Costs


C1 Number of people who participated in planning and testing 6

C2 Number of hours spent per individual 80

C3 Average fully loaded hourly rate $45

C4 Number of people who participated in deployment 3

C5Average fully loaded hourly rate of people who participated indeployment

$37

C6 Number of hours per week 20

C7 Number of weeks 6

Ct Implementation costsC1*C2*C3+C4*C

5*C6*C7)$34,920


Training Costs

The training is the next component of cost and presents approximately 11% of the overall investment for the composite

organization. Customers interviewed attended Symantec training sessions twice during the three-year investment

period. Table 6 presents the calculation.

Table 6

Training Fees

Ref. Metric Calculation Initial Year 1 Year 2 Year 3

D1 Annual training costs $10,000 $10,000

Dt Training fees D1 $10,000 $10,000



13/28



Page 12

Hardware Costs

Another category of cost is the investment in hardware, which represents 19% of the overall investment. Some of the

organizations interviewed had to purchase additional hardware, as their security vendor consolidation coincided with

their hardware refresh and upgrade cycle. These organizations were able to attribute some of their hardware investment

to this consolidation. For the composite organization, we attribute the investment of four servers at a cost of $8,000 per

server to this investment. This investment could vary depending on the organizations infrastructure and virtualization

strategy. The organizations interviewed did not cite any challenges with virtualization of their messaging and Web

gateways. Table 7 presents this calculation based on implementing four physical servers.

Table 7

Hardware Costs


E1 Number of servers purchased 4

E2 Average cost per unit $8,000

Et Hardware costs E1*E2 $32,000


Total Costs

Table 8 summarizes costs associated with the implementation of Symantec Protection Suite Enterprise Edition. Figure 3

illustrates the breakdown of costs.

Table 8

Total Costs Non-Risk-Adjusted

Costs Initial Year 1 Year 2 Year 3 Total PV

Software license and support fees ($84,000) ($84,000) ($84,000)

Implementation costs ($34,920) ($34,920) ($34,920)

Training fees ($10,000) ($10,000) ($20,000) ($18,264)

Hardware costs ($32,000) ($32,000) ($32,000)

Total costs ($160,920) ($10,000) ($170,920) ($169,184)



14/28



Page 13

Figure 36

Total Costs Breakdown Non-Risk-Adjusted


BenefitsThe benefits for which we had sufficient data to quantify financially are operational savings and productivity gains.

There are five quantifiable benefits that represented a three-year risk-adjusted PV of $434,476. These benefits include

vendor management cost savings, IT productivity gains, reduced downtime for end users, and cost avoidance from

reallocation of resources. We also quantified a benefit based on the feedback from interviewees who deployed theSymantec Workflow solution. While there are many ways for organizations to automate their processes using Symantec

Workflow, we have created the TEI framework to offer some guidance to quantify this benefit.

Vendor Management Cost Savings

Customers interviewed for this study have been using some component of Symantec Protection Suite Enterprise

Edition over the years. In the past three years, these organizations had consolidated their security solutions and

standardized on a single vendor: Symantec. This consolidation provided the opportunity for organizations to realize

vendor management cost savings by having a single point of contact for their entire security infrastructure. Specific

tasks included the cost of interfacing with the vendor for updates and product upgrades, tracking security threats and

incidents, monitoring vendor support, and overall account maintenance.

To calculate this benefit, we estimate that the composite organization prior to consolidation had three administrators,

each spending roughly 15% of their time managing the vendor relationship. Based on migrating to a single-vendor

environment, the organization can reduce the time spent on vendor management by roughly 30%.7To remain

conservative, we assume that the organization realized 75% of benefit in Year 1 and 100% in Year 2 and Year 3. This

benefit represents 16% of the overall benefit. Table 9 illustrates the calculation.

Softwarelicensefees50%

Implementation costs21%

Trainingfees11%

Hardwarecosts19%


15/28



Page 14

Table 9

Vendor Management Cost Savings

Ref. Metric Calculation Year 1 Year 2 Year 3

F1 Number of people prior to consolidation 3

F2Average time allocated to vendormanagement prior to consolidation

15%

F3 Number of people after consolidation 1

F4Average time allocated to vendormanagement after consolidation

15%

F5 Average fully loaded salary security architect $105,000

F6 Percent of benefit realized 75% 100% 100%

Ft Vendor management cost savings(F1*F2-

F3*F4)*F5*F6$23,625 $31,500 $31,500


IT Productivity Gains

The interviewed customers estimated that when an organization proactively maintains its security infrastructure and

ensures that the clients and servers have the patches necessary, the organization can see between 70% and 80%

reduction in the number of security incidents annually. This means 70% to 80% of all malware can get stopped at the

gateway and never reaches inside the corporate network. This improvement results in:

Reduction in the direct costs of protection because IT staff dont need to reactively seek a solution. A decline in the number of infected machines resulting from a security incident. A decrease in the number of calls to the tier one support team resulting from a security infection.

The combination of these activities reduced total IT man-hours spent per machine by 80%. In the prior environment,

these organizations were forced to escalate troubleshooting to tier one support. Therefore, these expensive resources

were spending hours or maybe days trying to rectify security issues.

Interviewees agreed that, compared with their prior environment, Symantec offered better protection as a singlecomponent and as a suite. These benefits are captured by tracking the customers environment before and after

migration to Symantec. After implementation of Symantec, these organizations identified a number of factors that led

to IT and end user savings:

Improvement in the number of malicious spam incidents reaching the corporate network and decline ininfections caused by users opening infected files or messages.


16/28



Page 15

Reduction in infected client devices, including decrease in the initial infections and decline in the spread of aninfection to other endpoints.

Decrease in network traffic spikes and decline in number of infections resulting from users accessing externalmalware sites.

We estimate that prior to the investment 125 users at the composite organization were infected per year and that it took

the organization approximately 8 hours to clean and rebuild each client. After deployment of Symantec, the number of

security incidents decreased by 75%. At an hourly fully loaded rate of $30, we estimate the total annual savings to be

$16,875 for Year 1 and $22,500 for Years 2 and 3. Table 10 illustrates the calculation. This section represents 11% of the

overall gain.

The fully loaded hourly rate for IT support for various support tiers may be greater than $30. The increase in the hourly

rate of support personnel can increase the benefit and the calculated ROI. Readers should adapt this framework for

their organization.

Table 10

IT Productivity Gain


G1Number of users infectedresulting from a securityoutbreak

125

G2Percent of security incidentsbeing stopped at the gateway

75%

G3Number of hours required toremedy each client

8

G4 Average fully loaded hourly rate $30

G5 Percent of benefit realized 75% 100% 100%

Gt IT productivity gain G1*G2*G3*G4*G5 $16,875 $22,500 $22,500


Reduced Downtime For End UsersThe efficiencies in IT productivity resulting from reduction in the number of security incidents also affect end user

productivity. This section measures the decrease in end user downtime when the number of security incidents is

reduced and an infection spread is controlled. There are various ways to estimate the reduction in end user downtime.


17/28



Page 16

According to the interviewed organization, IT often does not have the ability to store spare parts and machines to

support users when their systems are being repaired and restored. Therefore, users often remain idle. For the composite

organization, we estimate that the number of users infected prior to investment was 125. We estimate that after

deployment of Symantec the number of security incidents decreased by 75%. These incidents required 8 hours to rectify

at a fully loaded hourly rate of an end user of $48. We calculate the savings of $27,000 in Year 1 and $36,000 in Years 2

and 3. This benefit represents 18% of the overall investment.

The organizations interviewed believed that the sophistication of attacks varies for various organizations. For example,

a healthcare provider would see a significant number of attacks in search of resalable black-market data such as patient

lists and credit card information. Therefore, these productivity benefits for IT and end users are a small but

measureable part of the overall savings. Readers should measure the expected risk of loss for their organization.

Table 11

Reduced Downtime For End Users


H1Number of users infected resultingfrom a security outbreak

125

H2Percent of security incidents beingstopped at the gateway

75%

H3Number of hours required toremedy each client

8

H4Average fully loaded hourly rate ofan end user

$48

H5 Percent of benefit realized 75% 100% 100%

Ht Reduced downtime for end users H1*H2*H3*H4*H5 $27,000 $36,000 $36,000


Cost Avoidance From Reallocation Of Resources

According to our interviewees, the consolidation allowed them to reallocate resources to strategic tasks and restructure

their hiring needs. A key driver for the interviewed organizations standardizing on Symantec security was to reduce the

burden on IT staff while increasing the protection across the client environment. According to interviewees, as a resultof standardizing on Symantec security, their organizations have been able to address security challenges proactively and

control demand of their most expensive and experienced resources.

We estimate that before consolidation the composite organization had to increase headcount by two full-time staff in

three years to manage ongoing security challenges and coordinate across Web, endpoint, and messaging groups. After

the consolidation to Symantec Protection Suite, our interviewees were able to eliminate the need to expand their


18/28



Page 17

headcount and have been able to efficiently manage their security environment with existing resources. The ability to

proactively monitor security activities allowed these organizations to effectively allocate staff and free up IT security

personnel. As a result, these organizations were able to deploy their experienced staff to strategic and innovative

initiatives.

For the composite organization, we estimated that the average annual fully loaded salary is $62,000 for staff. To remain

conservative, we assume that 75% of time is captured in Year 1 and 100% in Year 2 and Year 3. Table 12 illustrates this

calculation. This benefit represents 39% of the overall benefit.

Table 12

Reallocation Of Resources


I1 The need to hire more staff 1 1.5 2

I2 Annual fully loaded salary of desktop engineer $62,000

I3 Percent of benefit realized 50% 75% 100%

It Cost avoidance from reallocation of resources I1* I2*I3 $31,000 $69,750 $124,000


IT Productivity Gain Resulting From Symantec Workflow Product

The final component of benefit is productivity savings resulting from the use of Symantec Workflow product. While

there are various ways to use Symantec Workflow, the organizations interviewed for this study cited password resetting

as one of the tasks they used Workflow to automate. Today, organizations offer multiple password-protected

applications to their employees. Often, employees lock themselves out of certain applications by using a password

wrongly or forgetting to update their password in time.

To estimate this benefit, we assume that 500 employees annually submitted a password-reset request. Typically,

organizations interviewed needed about an hour to reset and change the password in various systems. Government and

financial organizations required more wait time. We estimate that not only did this activity occupy the IT staffs, it also

required the end user to remain idle while the password resetting took place. Based on the fully loaded hourly rates for

an end user and a desktop technician, we estimate the annual savings in Table 13. To remain conservative, we assume

that 50% of benefit is realized in Year 1, 75% in Year 2, and 100% in Year 3. This savings presents 16% of overall benefit.


19/28



Page 18

Table 13

IT Productivity Gain From Workflow


J1 Number of users requesting password reset 500

J2 Number of hours IT needed to reset each password 1

J3 Average fully loaded hourly rate of an end user $48

J4Average fully loaded hourly rate of a desktoptechnician

$30

J5 Percent of benefit realized 50% 75% 100%

JtIT productivity gain resulting from Symantec

WorkflowJ1*J2*J3*J4*J5 $19,500 $29,250 $39,000


Total Benefits

Table 14 summarizes the total quantified benefits of standardizing on Symantec Protection Suite Enterprise Edition.

Table 14

Total Benefits Non-Risk-Adjusted

Benefits Year 1 Year 2 Year 3 Total PV

Vendor management cost savings $23,625 $31,500 $31,500 $86,625 $71,177

IT productivity gain $16,875 $22,500 $22,500 $61,875 $50,841

Reduced downtime for end users $27,000 $36000 $36,000 $99,000 $81,345

Cost avoidance from reallocation of resources $31,000 $69,750 $124,000 $224,750 $178,989

IT productivity gain resulting from Symantec Workflow $19,500 $29,250 $39,000 $87,750 $71,202

Total benefits $118,000 $189,000 $253,000 $560,000 $453,553



20/28



Page 19

Figure 4

Total Benefits Breakdown Non-Risk-Adjusted


FlexibilityFlexibility, as defined by TEI, represents an investment in additional capacity or capability that could be turned into

business benefit for some future additional investment. This provides an organization with the right or the ability toengage in future initiatives but not the obligation to do so. There are multiple scenarios in which a customer might

choose to implement various components of Symantec Protection Suite Enterprise Edition that it is not being currently

used and later realize additional IT and business benefits. Flexibility would also be quantified when evaluated as part of

a specific project (described in more detail in Appendix B).

For this study, organizations interviewed were using majority of the components of Symantec Protection Suite

Enterprise Edition. However, for organizations that are looking to investigate the value flexibility, we have created Table

15 to illustrate the metrics used to measure flexibility as described by Forrester. For example, if a customer decides to

implement some components of Symantec Protection Suite Enterprise Edition that is not currently being used to drive

additional benefits, we can estimate the incremental value driven from the new investment if the following metrics are

available: the asset value by measuring the benefits (i.e., costs avoided or saved, revenue generated, and/or capitalsaved), the costs to acquire the solution, and the number of years to measure the investment. We can estimate the

flexibility option by using Black-Scholes option pricing model.

Vendormanagementcost

savings16%

ITproductivitygain11%

Reduceddowntimeforendusers

18%

Costavoidancefromreallocationof

resources39%

ITproductivitygainresultingfromWorkflow

16%


21/28



Page 20

Table 15

Flexibility Benefit Framework

Metric Calculation

Asset value (benefit) IT or business costs avoided, revenue generated, capital saved

Cost to acquire optionPlanning and discovery, subscription, and annual maintenance are examples ofcosts to consider.

Expiration Time to expire, in years

Flexibility Black-Scholes option pricing model8


RiskForrester defines two types of risk associated with this analysis: implementation risk and impact risk. Implementation

risk is the risk that a proposed investment in Protection Suite Enterprise Edition may deviate from the original or

expected requirements, resulting in higher costs than anticipated. Impact risk refers to the risk that the business or

technology needs of the organization may not be met by the investment in Protection Suite Enterprise Edition, resulting

in lower overall total benefits. The greater the uncertainty, the wider the potential range of outcomes for cost and

benefit estimates.

Quantitatively capturing investment and impact risk by directly adjusting the financial estimates results in more

meaningful and accurate estimates and a more accurate projection of the ROI. In general, risks affect costs by raising

the original estimates, and they affect benefits by reducing the original estimates. The risk-adjusted numbers should be

taken as realistic expectations, as they represent the expected values considering risk.

The following implementation risks that affect costs are identified as part of this analysis:

Depending on the environment, the implementation may vary for the composite organization. Someorganizations may require additional testing time depending on their infrastructure and the magnitude of the

rollout.

Relying on a single vendor to supply different IT security solutions would make the organization moresusceptible to vendor impact. If the vendor fails to maintain the best-of-breed position in any of its technology

products, the company will have less flexibility to move to another vendor.

The following impact risks that affect benefits are identified as part of the analysis:

Vendor management cost savings may vary due to the number of products being consolidated. Overall IT costs savings may vary from the companies that participated in interviews.


22/28



Page 21

Table 16 shows the values used to adjust for risk and uncertainty in the cost and benefit estimates. The TEI model uses a

triangular distribution method to calculate risk-adjusted values. To construct the distribution, it is necessary to first

estimate the low, most likely, and high values that could occur within the current environment. The risk-adjusted value

is the mean of the distribution of those points. Readers are urged to apply their own risk ranges based on their own

degree of confidence in the cost and benefit estimates.

Table 16

Cost And Benefit Risk Adjustments

Costs LowMostlikely

High Mean

Software license fees 98% 100% 105% 101%

Implementation costs 100% 100% 115% 105%

Training fees 98% 100% 105% 101%

Hardware costs 98% 100% 105% 101%

Benefits LowMostlikely

High Mean

Vendor management cost savings 80% 100% 103% 94%

IT productivity gain 90% 100% 105% 98%

Reduced downtime for end users 90% 100% 105% 98%

Cost avoidance from reallocation of resources 80% 100% 103% 94%

IT productivity gain resulting from Workflow 90% 100% 105% 98%



23/28



Page 22

Financial Summary

The financial results calculated in the Costs and Benefits sections can be used to determine the ROI, NPV, and payback

period for the organizations investment in Symantec Protection Suite Enterprise Edition. For the organizations

interviewed, several factors have affected the ROI:

Consolidating into a single vendor environment has improved integration and ongoing management tasks. Proactively receiving and accordingly updating security patches has decreased the number of system security

incidents. This is resulting from better integration and communication among various IT groups managing

endpoint, Web, and messaging.

Symantec Workflow capabilities can allow organizations to eliminate repeatable tasks, resulting in ITadministrative productivity gain.

These are shown in Table 17 below.

Table 17

Cash Flow Non-Risk-Adjusted

Categories Initial Year 1 Year 2 Year 3 Total PV

Costs ($160,920) ($10,000) ($170,920) ($169,184)

Benefits $118,000 $189,000 $253,000 $560,000 $453,553

Net benefits ($160,920) $118,000 $179,000 $253,000 $389,080 $284,369

ROI 168%

Payback period 14.9 months


Table 18 below shows the risk-adjusted ROI, NPV, and payback period values. These values are determined by applying

the risk-adjustment values from Table 16 in the Risk section to the cost and benefits numbers in Tables 8 and 14.


24/28



Page 23

Table 18

Cash Flow Risk-Adjusted

Categories Initial Year 1 Year 2 Year 3 Total PV

Costs ($163,926) ($10,100) ($174,026) ($172,273)

Benefits $113,455 $181,170 $241,720 $536,345 $434,476

Net benefits ($163,926) $113,455 $171,070 $241,720 $362,319 $262,203

ROI 152%

Payback period 15.5 months


Symantec Protection Suite Enterprise Edition: Overview

According to Symantec, Symantec Protection Suite Enterprise Edition is powered with Symantec Insight and protects

with fast, effective endpoint security, combined with innovative messaging protection and web security for physical and

virtual environments. Powerful, centralized visibility and control are achieved with Symantec Protection Center

enabling policy enforcement, consolidated reporting, and real-time intelligence to increase security posture while

reducing upfront and on-going costs.

http://www.symantec.com/content/en/us/enterprise/fact_sheets/b-

symc_protection_suite_ent_edition_DS_20024156-3.en-us.pdf

Appendix A: Composite Organization Description

For this TEI study, Forrester has created a composite organization to illustrate the quantifiable costs and benefits of

implementing Symantec Protection Suite Enterprise Edition. The composite company is intended to represent an

organization with 750 end users and is based on characteristics of the interviewed customers.

The composite organization has a total of 17 IT professionals on staff. With limited IT resources, the organization was

managing multiple security service providers. The IT team spent a lot of time and effort communicating between Web,

email, and endpoint providers to ensure that the systems were secure and resources were being effectively used. This

effort consumed about 15% man-hours per each of the three administrators managing Web, messaging, and endpoint.

The organization reviewed its existing contracts and decided to consolidate to its most effective options.

In consolidating its multivendor security solutions to Symantec Protection Suite Enterprise Edition, the composite

company has met the following objectives:


25/28



Page 24

Create a better integration across its Web, email, and endpoint with centralized security intelligence backed bythe largest commercial security network.

Reduce ongoing management efforts and communication while increasing IT and end user productivity. Reduce ongoing and equipment, software, and administration costs and increase leverage in contract negotiation.

Appendix B: Total Economic Impact Overview

Total Economic Impact is a methodology developed by Forrester Research that enhances a companys technology

decision-making processes and assists vendors in communicating the value proposition of their products and services

to clients. The TEI methodology helps companies demonstrate, justify, and realize the tangible value of IT initiatives to

both senior management and other key business stakeholders.

The TEI methodology consists of four components to evaluate investment value: benefits, costs, risks, and flexibility.

Benefits

Benefits represent the value delivered to the user organization IT and/or business units by the proposed product

or project. Often product or project justification exercises focus just on IT cost and cost reduction, leaving little room to

analyze the effect of the technology on the entire organization. The TEI methodology and the resulting financial model

place equal weight on the measure of benefits and the measure of costs, allowing for a full examination of the effect of

the technology on the entire organization. Calculation of benefit estimates involves a clear dialogue with the user

organization to understand the specific value that is created. In addition, Forrester also requires that there be a clear line

of accountability established between the measurement and justification of benefit estimates after the project has been

completed. This ensures that benefit estimates tie back directly to the bottom line.

Costs

Costs represent the investment necessary to capture the value, or benefits, of the proposed project. IT or the business

units may incur costs in the form of fully burdened labor, subcontractors, or materials. Costs consider all the

investments and expenses necessary to deliver the proposed value. In addition, the cost category within TEI captures

any incremental costs over the existing environment for ongoing costs associated with the solution. All costs must be

tied to the benefits that are created.

Risk

Risk measures the uncertainty of benefit and cost estimates contained within the investment. Uncertainty is measured

in two ways: 1) the likelihood that the cost and benefit estimates will meet the original projections, and 2) the likelihoodthat the estimates will be measured and tracked over time. TEI applies a probability density function known as

triangular distribution to the values entered. At minimum, three values are calculated to estimate the underlying

range around each cost and benefit.


26/28



Page 25

Flexibility

Within the TEI methodology, direct benefits represent one part of the investment value. While direct benefits can

typically be the primary way to justify a project, Forrester believes that organizations should be able to measure the

strategic value of an investment. Flexibility represents the value that can be obtained for some future additional

investment building on top of the initial investment already made. For instance, an investment in an enterprisewide

upgrade of an office productivity suite can potentially increase standardization (to increase efficiency) and reduce

licensing costs. However, an embedded collaboration feature may translate to greater worker productivity if activated.

The collaboration can only be used with additional investment in training at some future point in time. However,

having the ability to capture that benefit has a present value that can be estimated. The flexibility component of TEI

captures that value.

Appendix C: Glossary

Discount rate:The interest rate used in cash flow analysis to take into account the time value of money. Although theFederal Reserve Bank sets a discount rate, companies often set a discount rate based on their business and investment

environment. Forrester assumes a yearly discount rate of 10% for this analysis. Organizations typically use discount

rates between 8% and 16% based on their current environment. Readers are urged to consult their respective

organization to determine the most appropriate discount rate to use in their own environment.

Net present value (NPV):The present or current value of (discounted) future net cash flows given an interest rate (the

discount rate). A positive project NPV normally indicates that the investment should be made, unless other projects

have higher NPVs.

Present value (PV):The present or current value of (discounted) cost and benefit estimates given at an interest rate

(the discount rate). The PV of costs and benefits feed into the total net present value of cash flows.

Payback period:The breakeven point for an investment. The point in time at which net benefits (benefits minus costs)

equal initial investment or cost.

Return on investment (ROI):A measure of a projects expected return in percentage terms. ROI is calculated by

dividing net benefits (benefits minus costs) by costs.

A Note on Cash Flow Tables

The following is a note on the cash flow tables used in this study (see the example table below). The initial investment

column contains costs incurred at time 0 or at the beginning of Year 1. Those costs are not discounted. All other cash

flows in Years 1 through 3 are discounted using the discount rate (shown in Framework Assumptions section) at the

end of the year. Present value (PV) calculations are calculated for each total cost and benefit estimate. Net present value

(NPV) calculations are not calculated until the summary tables and are the sum of the initial investment and the

discounted cash flows in each year.


27/28



Page 26

Appendix D: Endnotes

1Forrester risk-adjusts the summary financial metrics to take into account the potential uncertainty of the cost and

benefit estimates. For more information on risk, please see page 14.

2This table illustrates the risk-adjusted running totals for costs and benefits to provide a visual view of the breakeven

period.

3The intent in the analysis is to understand in detail how organizations justified the investment and measuring value

after implementation. Our experience has shown that targeting four customers to do in-depth quantitative interviews

allows us to understand the drivers behind a given investment and the impact these investments have on theorganization. These interviews give us a chance to understand where there are common drivers, costs, and benefits

across the customers interviewed and to provide a compelling story of the impact of the investment. One key

distinction around the Forrester TEI process is the use of in-depth interviews versus broader survey-based data

collection. Our intent with the interviews is to gain a deep understanding of where customers are receiving value, which

a broader survey could not provide. We are not looking for a statistically relevant data sample to construct the ROI but

rather a way of understanding how organizations make the case for the investment and the types of metrics and values

they use to make that case.

4The customers interviewed had IT-to-end-user ratio of 42 to 1 to 50 to 1. The 17 IT professionals cited for the

composite organization includes total IT staff including management and administrative, and it is not limited to IT

security staff.

5This is an average hourly rate for six different users based on the following roles: email operation, IT management,

desktop engineers, and security infrastructure and architecture. The interviewed organizations estimated the following

range of fully loaded salaries: $140,000 for IT management, $105,000 for security architecture, $90,000 for email

operation plus $100,000 for security operation, and $62,000 for desktop engineers. They are estimated fully loaded

salaries and may vary across geographies and sectors.

6In figure 3, software license fees presents 49.65%, implementation costs is 20.64%, training fees is10.80%, and

hardware costs is 18.91%. In double digit format, they add up to 100%. When the decimal points are rounded, because

they are greater than .50, the results change to 50%, 21%, 11%, and 19%, respectively. These numbers present a sum of

101%.

7An IT administrator used to spend 15% of his or her time or 6 hours (40 hours per week times 15%) per week on

ongoing management. After consolidation, two of three administrators time can be reallocated to other security

initiatives, meaning it reduces time by 6 hours per person on a weekly basis. For two people, this translates to 12 hours

or a 30% reduction (12 hours/40 hours per week).


28/28

Documents

TotalEconomicImpactStudyOfSymantecProtectionSuiteEnterpriseEdition DaiNA Cta57149