ESG Economic Validation Report
By Aviv Kaufmann, Senior ESG Validation Analyst; and Luz Andrea Vasquez, Consulting Analyst; June 2022
As organizations look to modernize, their IT environments are more complex than ever before. The surface of IT operations has expanded to include the data center, edge, and cloud environments. The quantity and diversity of devices that must be deployed, inventoried, updated, protected, configured, and monitored has skyrocketed as have the number of internal and external threats. The legacy tools still in use by many organizations are complex, costly, and offer limited functionality and visibility.
ESG validated that the Automox endpoint management solution greatly simplifies management of on-premises and remote endpoints for organizations while reducing cost and operational complexity, greatly improving visibility, and reducing risk to the organization. Automox users were able to automate patching and configuration, reducing exposure to vulnerabilities by up to 80%. ESG’s models predicted that Automox’s cloud-native endpoint management solution could lower the total cost of patch and configuration management for an organization by up to 4.9x compared to legacy on-premises tools. This included up to a 91% lower cost of administration and operations, freeing up resources to better focus on the needs of the business.
Introduction
This ESG Economic Validation focused on the quantitative and qualitative benefits organizations can expect by leveraging Automox, a cloud-native endpoint management solution. ESG validated savings and benefits with Automox customers and created a modeled scenario that compared the cloud-native endpoint management solution from Automox to legacy, on-premises appliance-based tools.
Challenges
Due to the increasing variety of threats and the diversity of users, operating systems, devices, and locations, an extremely effective patch, configuration, and remediation solution is vital to the security of modern organizations. ESG research shows that organizations believe that their IT environments are more complex to manage, maintain, optimize, and secure compared to two years ago. 1 In addition, nearly half (49%) of IT organizations point to the rise of remote workers as the biggest reason for growing IT complexity. Additional contributors to IT complexity include new data security and privacy regulations (compliance), an increase in the number and type of devices and applications (variety) used by employees, an increasing and/or changing cybersecurity landscape (security), and the need to use both on-premises data centers and public cloud providers (locations), amongst other reasons (see Figure 1).
To address these challenges around complexity, IT leaders have identified improving cybersecurity (44%) and increasing employee productivity (32%) as top considerations for justifying IT investments over the next 12 months.3 With more employees now working remotely, it is more challenging and more important than ever to be able to patch and configure devices and applications that span from the data center to the edge and cloud to ensure cyber hygiene and protect against a growing attack surface.
Running multiple legacy endpoint management solutions has become too complex, too costly, and too slow. Organizations and IT administrators are looking for a radical solution that can both cost-effectively improve security and increase operational efficiency. It is essential that a modern endpoint management solution is able to quickly gain control, provides global visibility, and automate operations and intelligence across on-premises, remote, and virtual endpoints without the need to deploy costly infrastructure or increase IT staffing. Failure to modernize an endpoint management solution and related processes could potentially result in higher operational costs, limited agility, significant legal penalties for noncompliance with regulations, and increased risk to an organization.
The Solution: Automox Cloud-Native Endpoint Management
Automox is an extremely efficient cloud-native endpoint management solution, which provides IT Operations (ITOps) and system administrators with a secure, fast, scalable, and cost-effective way to manage every endpoint, regardless of operating system (OS), software, or location through a single intuitive web-based console. Automox delivers continuous visibility and control for any laptop, desktop, and server in an IT environment—whether on-premises, in the cloud, or “on the go” (.i.e., laptops, tablets, and mobile devices). The solution has zero dependency on infrastructure and is not limited by the constraints imposed by legacy IT solutions designed to manage a single location. No maintenance is required, and no VPN is necessary to manage devices no matter where they are located.
Key benefits of the Automox platform that were validated by ESG include:
Cloud-native service with secure-by-design endpoint agent: The lightweight Automox agent inventories hardware, software, patches, and configurations while communicating with the Automox cloud service for timely insights.
Scalable IT operations automation: Customers can effortlessly initiate policies (automated repeated actions) across any Windows, Linux, or macOS device. They can patch operating systems and third-party applications, deploy software, enforce desired device configuration states, and report according to their needs.
Customize and extend as you wish: Automox Worklets allow customers to script, automate, and enforce any task across all endpoints, such as enforcing controls or deploying emergency patches. Dozens of Worklets are provided with the Automox platform and are ready to use as-is or can be customized.
ESG Economic Validation
ESG completed a quantitative analysis of Automox’s cloud-native endpoint management solution. Focus was placed on the economic benefits organizations can expect when leveraging Automox versus on-premises legacy solutions.
ESG’s Economic Validation process is a proven method for understanding, validating, quantifying, and modeling the economic value propositions of a product or solution. The process leverages ESG’s core competencies in market and industry analysis, forward-looking research, and technical/economic validation. ESG conducted in-depth interviews with end-users to better understand and quantify how Automox’s patch and endpoint management solution has helped organizations improve their IT environments’ cyber hygiene, reducing the time and complexity of their patching management process in comparison with previously deployed solutions. The qualitative and quantitative findings were used as the basis for a simple economic model comparing the expected costs of implementing and managing Automox versus legacy solutions at multiple locations.
Automox Economic Overview
ESG’s economic analysis revealed that Automox provided its customers with these benefits in the following categories:
Lower total cost of ownership (TCO): Automox reduced or eliminated the cost of hardware, software, licenses, and operational expenses associated with deploying, managing, and maintaining the customer IT environment.
Improved visibility: Automox provided improved visibility into all assets from a single pane of glass, providing timely insights, alerts, and reports. This saved significant time over switching between OS-specific tools.
Reduced risk: With Automox’s cloud-based tools, organizations were able to ensure that their endpoints across the cloud and on-premises infrastructure received critical security updates as quickly as possible. By reducing the time-to-patch window and enforcing security best practices, Automox minimized exposure to vulnerabilities across the organization’s entire attack surface.
Lower Cost of Ownership
Automox’s cloud-native endpoint management solution reduces customers’ TCO by offering a modern and simpler endpoint management model that grants users higher security and control of the IT environment without investment in infrastructure.
Elimination of hardware and licenses – Automox’s customers reported being able to avoid the upfront purchasing of servers, switches, storage, and software to manage and monitor their endpoints, which were required for legacy solutions. They shared that Automox’s cloud-native platform required zero physical infrastructure, and all software was included with a simple monthly subscription. Customers also did not have to buy additional licenses for virtualization, SQL databases, data protection, and management software required to operate and protect some of the on-premises appliances, as Automox manages all of these requirements for their software in the cloud.
"With our legacy patching solutions, the license was free but that didn’t account for the infrastructure needed for it. We needed power utilities, cooling, maintenance, and a large investment in hardware for each location."
Simplified deployment and scalability – ESG validated that, since Automox runs in the cloud, it can be deployed for the first time in less than 30 minutes with a simple agent installed on each device, regardless of device location. Customers shared that on-premises solutions took weeks to purchase, deploy, configure, and test (servers, switches, storage, VPNs, and patch management software) at each physical location and required time consuming manual configuration for each device. They added that legacy solutions were complex to scale because they often required multiple solutions, were tied to the infrastructure capabilities at each location, and required devices to be on the corporate network. Automox provided built-in cloud scalability for all devices, OS, and applications through a single interface regardless of the number of sites and location of devices, making it easy to grow and scale. A customer shared with us that: “The Automox integration with Crowdstrike was seamless and painless. Using a pre-built script developed by Automox, we were able to deploy and bring 900 endpoints into compliance, saving us at least two months of manual installations.”
Lower operational cost through automation – Automox helped customers reduce their cost of operations by automating manual and error-prone tasks while increasing the speed, efficiency, and accuracy of their patching and endpoint management strategy. Customers shared that traditional patch management used to be very time consuming and consisted of many repetitive and manual tasks that were performed across a variety of interfaces (for different OSes, applications, VPN interfaces, etc.) by multiple individuals at different sites, resulting in larger team sizes and operational inefficiency. Customers added that Automox enabled their IT admins to easily create and enforce any custom task using their built-in policies and tools as well as Automox Worklets. They were able to execute and automate workflows across managed devices irrespective of location or domain membership. In legacy solutions, this level of flexible automation would have to be developed and maintained by experts through customized code.
"One of the benefits that we saw right away was the reduction in manual labor. With Automox, we were able to automate patch management for our clients, and now everything is done automatically. Only a few patches or reboots must be done manually. This includes third-party patching, which was not even done before."
Less technical expertise required – Customers reported that Automox was simpler to manage, and tasks could be executed by IT generalists compared to on-premises solutions, which take longer to manage and require skilled and certified admins–all resulting in higher operational cost. Many organizations freed up skilled staff to do more strategic work and also found it easier to hire talent.
Simplified integration with existing solutions – Customers commented that they had to manage multiple tools for different endpoints, each one with its own interface, which introduced delays when trying to integrate the tech stack. ESG verified that Automox’s rich APIs allowed customers to reach new levels of efficiency by integrating and leveraging their existing internal tools and technologies where integrations did not exist. Customers could take advantage of ready-made integrations with collaboration tools like Splunk or Freshworks and endpoint security tools like Crowdstrike and Rapid7. By integrating tools to seamlessly work together, Automox allows customers to save valuable time, without the need for special expertise or additional cycles.
"“With Automox, we feel comfortable that someone with less experience like our helpdesk guys right out of college can keep things up to date. We can give them a basic document and they can figure things out themselves. Automox makes it easy."
Improved Visibility
Customers that we spoke with felt that Automox helped them maintain complete endpoint visibility and inventory of their IT environment from a single pane of glass, improving cybersecurity, using resources more efficiently, and enhancing communication within the company.
Worldwide visibility across the entire deployment – Customers felt that the Automox cloud-native endpoint management solution offered continuous global visibility of their entire IT environment independent of platform, application, device type, or location, all from a single console without the need for VPNs. Using legacy systems, customers had a fragmented and limited picture of their environment. They could only see and manage their corporate network using systems that focused on only one OS to do patch management. Customers did not have visibility into applications and configurations, draining resources and time to collect and consolidate information from different systems while never achieving a true real-time view of the data.
"I like that I can give my help desk guys access to Automox, which gives them visibility and access to stuff that they didn’t have in the past years. That way they can help troubleshoot a lot more before it gets to me, before it gets to our side. That has been really good."
Single platform of record – ESG noted that Automox provided an inventory of customers’ entire environment, including devices, application inventory, and configuration settings. Customers reported that Automox acted as the single platform of record needed to effectively manage patches, mitigate risks, and make endpoint security decisions faster. On-premises solutions required manual queries and information to be collected from multiple systems and lacked the tools necessary to collect much of the required information around application inventory and configuration status.
Fully managed compliance – Customers mentioned that on-premises solutions required manual analysis to see which devices, systems, software, or applications were not compliant or had software that was out of date. Automox offers its customers an easier way to identify out-of-compliance devices and configurations, helping them automate corporate policy enforcement.
"Automox helped us stay in compliance. Without Automox, we risk big real-world revenue implications; we could lose our contracts."
Fully managed compliance – Customers mentioned that on-premises solutions required manual analysis to see which devices, systems, software, or applications were not compliant or had software that was out of date. Automox offers its customers an easier way to identify out-ofcompliance devices and configurations, helping them automate corporate policy enforcement.
Real-time insights and reporting – Customers shared that Automax offers up-to-date status and information on all endpoints, activities, and configurations made available through pre-built and/or customizable reports. Customers stated that on-premises solutions’ insights and reporting were manual, time-consuming, and labor-intensive, and at best were only able to provide an outdated view of their environment.
"Having worldwide visibility from one pane of glass is a great improvement for us—if somebody from management asks for or needs information, we can show them the dashboard with up-to-date information."
Proactive attention to issues and faster time to resolution – Automox customers claimed that automation and policy enforcement helped to avoid potential issues before they could occur. Automox enabled immediate identification and correlation between potential root causes and made it simple to remediate issues, all from the same console.
"After installation, Automox began to scan the systems and identified more than 300 missing security patches. With this visibility into the status of its systems, our customer was able to comfortably determine how to approach patching its systems, with a clear focus on prioritizing the most critical issues flagged by Automox and tackling them in a systematic fashion."
Reduced Risk
To reduce the risk of data breaches, ransomware, viruses, malware, financial penalties, and revenue impact, organizations must patch systems correctly, configure devices and applications, and eliminate risky software. Automox users claimed that they were able to reduce vulnerabilities in hours instead of months compared to their legacy on-premises solutions. One user commented, “Being able to meet modern IT demands without compromising security management allows us to be more flexible and agile, enabling innovation.”
Reduced exposure to vulnerabilities – On-premises solutions have slow, manual processes around patch management for their many endpoints, which increases their exposure to attacks. According to users, Automox significantly reduced the time-to-patch window, closing the aperture of attacks by 80% compared to alternative solutions.
"Before Automox, our biggest issue was getting patches installed at all. Our legacy solution wasn’t efficient enough, and it took too much time. We did a study and realized that we had a lot of vulnerabilities that would be solvable by installing patches, but we did not have the toolkit to get it done. We had lot of people working on this manually over the weekends, but we were still not protected properly."
Safe and secure cloud platform with authentication requirements – The Automox platform and API were designed with security front-and-center, with fully encrypted data transfer, secure payment processing, role based access policies, and mandatory logging of all activities. Automox users can have peace of mind that their systems and information are protected at every level.
Reduced risk of downtime – ESG confirmed that the Automox cloud-native endpoint management solution provided no single point of failure and ensured continuous operations without the need for additional infrastructure, effort, or expertise. Customers noted that for them to maintain a highly available on-premises solution they were required to have complex IT infrastructure, maintenance, operations built with redundancy, backup solutions, and disaster recovery in mind at all locations. In addition, an endpoint management solution must be run continuously to provide effective endpoint protection to the entire organization.
ESG Analysis
ESG leveraged the information collected through vendor-provided material, public and industry knowledge of economics and technologies, and the results of customer interviews to create a three-year TCO/ROI model that compares the costs and benefits of using Automox cloud-native endpoint management solution to that of legacy appliance-based endpoint management solutions. ESG’s interviews with customers who had recently made the transition, combined with experience and expertise in economic modeling and technical validation of patch and endpoint management solutions, helped to form the basis for our modeled scenario.
ESG assumed our modeled organization managed a total of 10,000 endpoints across 2 data centers, 6 secondary locations, and a growing number of edge locations to support an increasingly remote workforce. We assumed a total of 8,000 workstations/desktops/laptops (80% of which were Windows-based and 20% of which were macOS, Linux, or other) and 2,000 physical and virtual servers (80% Windows, 20% Linux). In addition, the modeled organization wanted to identify and ensure protection and compliance for 5,000 unmanaged endpoints being used for production at remote locations.
Our model calculated the expected costs to deploy and operate servers, storage, and storage capacity to host two appliance-based patch management solutions (one for Windows and one for all other systems) at each of the 8 physical locations. In addition, we calculated the expected licensing or subscription costs for endpoint and patch management solutions, client access licenses (CALs), database software, and VPN service subscriptions to accommodate remote workers. For the Automox solution, the only cost associated was the monthly cost of $5 per endpoint device, regardless of physical location.
Finally, we modeled the expected cost to administer the endpoint management solutions, based on feedback from customers that had made the switch. Our administration model considered the expected time spent managing and maintaining on-premises infrastructure; performing initial device discovery and agent deployment; managing patch management operations, monitoring, and reporting (including asset management); and performing security- and compliance-related operations.
Why This Matters
Legacy endpoint management solutions were not designed for a modern distributed organization where many devices and applications are running in the cloud and/or at remote locations.
Continuing to run multiple appliance-based endpoint management solutions has become complex, costly, and less effective at protecting a rapidly- expanding attack surface.
Automox’s cloud-native endpoint management solution greatly reduces administrative complexity and increases visibility, helping to reduce exposure to vulnerabilities by up to 80% while lowering costs.
For the legacy on-premises appliance-based solution, ESG modeled both a greenfield scenario (purchasing new hardware in year 1) and a brownfield scenario (using and maintaining existing hardware only). Our models predicted that the Automox solution could lower the total expected cost by 4.8x to 4.9x. The detailed results can be seen in Figure 4.
What the Numbers Mean
100% elimination of on-premises infrastructure – The Automox cloud-native endpoint management solution required no physical or virtual resources to run appliances on-premises, while the legacy solutions require the purchase and refresh of redundant and highly available physical or virtual servers, network, and protected storage. In addition to the purchase of the hardware for the legacy solutions, costs for power, cooling, floorspace, hardware maintenance and support contracts should also be factored in. This hardware must be deployed, managed, and maintained (the cost of this was included in administration costs).
72% lower cost of software, licenses, and subscriptions – The annual costs for the on-premises solutions included the expected cost for SCCM, SQL Server (required for SCCM database), client access licenses totaled roughly $127k per year for each of the 8 sites, and the monthly subscription for an alternative solution to handle Linux, macOS, and other clients was priced at $22/month/device. Finally, for remote devices to be managed by these systems, the required VPN service was priced at $12/device/month. The cost of Automox was a low $5/month/device with no VPN service required.
34% to 63% lower cost of power, cooling, and floorspace –The 8U HPE dHCI configuration required 43% to 67% less rack space than the 14U and 24U alternative HCI configurations and consumed 15% to 55% fewer total watts. ESG leveraged vendor power calculators and assumed conservative assumptions of 70% CPU utilization, $0.12/kWh, and $75/RU/month floorspace cost.
91% lower cost of administration and operations – ESG’s model assumed that the legacy environment currently required 10 full time employees (FTEs) to manage patch management, security, and compliance for SCCM across the 8 sites and an additional 4 more FTEs to handle the devices under control of the alternative appliance-based patch management solution. We assumed each FTE spent roughly 30 hours/week on patch management with SCCM (Automox customers reported spending only 1 hour/week) and the remainder of the time managing the infrastructure (no time on Automox), device discovery and deployment, monitoring and reporting, and configuration-related security and compliance activities.
Issues to Consider:
While no modeled scenario could ever accurately represent the economics behind every deployment, ESG encourages organizations to perform their own analysis to see how much they can save.
Even though they are not included in our model, ESG noted a few additional areas in which organizations could potentially save with Automox, including less impact to productivity due to endpoint disruption and lower risk of successful ransomware attacks, data breaches, and compliance fines due to shrinking of vulnerability windows and automated enforcement of compliance for software and device configurations. These savings are hard to quantify for an organization but could easily add up to millions of dollars per year.
The Bigger Truth
As organizations look to modernize and become more agile to support an increasingly remote workforce, endpoint and patch management presents a critical opportunity for process and operational efficiency improvements. Legacy patch management was simply not designed well to scale outside of the data center. Legacy endpoint and patch management have become extremely costly and complex, and the lack of agility, scalability, and visibility is extremely risky to organizations. If systems cannot be patched, configured, or kept in compliance in a timely manner, organizations are opening their doors to potential disaster. ESG validated that Automox can help lower costs by up to 4.9x for organizations while freeing up to 91% of time spent dealing with the patch management process. This enables smaller teams to operate far more efficiently and effectively, keeping endpoints up-to-date, secure, and in compliance while reducing the exposure to vulnerabilities by up to 80% across a rapidly expanding attack surface. One customer summed it up well during an interview:
"I love Automox, it’s been a fantastic tool for us, we have been able to utilize it well. I really like the Automox community. The Worklets, the stuff that they've done, their customer support has been great. All in all, the experience has been fantastic, and it's been a really good tool, I'm glad that we invested in it."
If your team is tasked with keeping an ever-increasing volume and variety of devices connected and protected across the data center, cloud, edge, and remote locations and would benefit from reduced cost, reduced risk, and significantly improved operational efficiency, ESG suggests you consider Automox.