Analyzing the Economic Benefits of the Cloud-Native Endpoint Management Solution
ESG Economic Validation Report
By Aviv Kaufmann, Senior ESG Validation Analyst; and Luz Andrea Vasquez, Consulting Analyst; June 2022
As organizations look to modernize, their IT environments are more complex than ever before. The surface of IT operations has expanded to include the data center, edge, and cloud environments. The quantity and diversity of devices that must be deployed, inventoried, updated, protected, configured, and monitored has skyrocketed as have the number of internal and external threats. The legacy tools still in use by many organizations are complex, costly, and offer limited functionality and visibility.
ESG validated that the Automox endpoint management solution greatly simplifies management of on-premises and remote endpoints for organizations while reducing cost and operational complexity, greatly improving visibility, and reducing risk to the organization. Automox users were able to automate patching and configuration, reducing exposure to vulnerabilities by up to 80%. ESG’s models predicted that Automox’s cloud-native endpoint management solution could lower the total cost of patch and configuration management for an organization by up to 4.9x compared to legacy on-premises tools. This included up to a 91% lower cost of administration and operations, freeing up resources to better focus on the needs of the business.
Simplified deployment and scalability – ESG validated that, since Automox runs in the cloud, it can be deployed for the first time in less than 30 minutes with a simple agent installed on each device, regardless of device location. Customers shared that on-premises solutions took weeks to purchase, deploy, configure, and test (servers, switches, storage, VPNs, and patch management software) at each physical location and required time consuming manual configuration for each device. They added that legacy solutions were complex to scale because they often required multiple solutions, were tied to the infrastructure capabilities at each location, and required devices to be on the corporate network. Automox provided built-in cloud scalability for all devices, OS, and applications through a single interface regardless of the number of sites and location of devices, making it easy to grow and scale. A customer shared with us that: “The Automox integration with Crowdstrike was seamless and painless. Using a pre-built script developed by Automox, we were able to deploy and bring 900 endpoints into compliance, saving us at least two months of manual installations.”
Lower operational cost through automation – Automox helped customers reduce their cost of operations by automating manual and error-prone tasks while increasing the speed, efficiency, and accuracy of their patching and endpoint management strategy. Customers shared that traditional patch management used to be very time consuming and consisted of many repetitive and manual tasks that were performed across a variety of interfaces (for different OSes, applications, VPN interfaces, etc.) by multiple individuals at different sites, resulting in larger team sizes and operational inefficiency. Customers added that Automox enabled their IT admins to easily create and enforce any custom task using their built-in policies and tools as well as Automox Worklets. They were able to execute and automate workflows across managed devices irrespective of location or domain membership. In legacy solutions, this level of flexible automation would have to be developed and maintained by experts through customized code.
"One of the benefits that we saw right away was the reduction in manual labor. With Automox, we were able to automate patch management for our clients, and now everything is done automatically. Only a few patches or reboots must be done manually. This includes third-party patching, which was not even done before."
Less technical expertise required – Customers reported that Automox was simpler to manage, and tasks could be executed by IT generalists compared to on-premises solutions, which take longer to manage and require skilled and certified admins–all resulting in higher operational cost. Many organizations freed up skilled staff to do more strategic work and also found it easier to hire talent.
Simplified integration with existing solutions – Customers commented that they had to manage multiple tools for different endpoints, each one with its own interface, which introduced delays when trying to integrate the tech stack. ESG verified that Automox’s rich APIs allowed customers to reach new levels of efficiency by integrating and leveraging their existing internal tools and technologies where integrations did not exist. Customers could take advantage of ready-made integrations with collaboration tools like Splunk or Freshworks and endpoint security tools like Crowdstrike and Rapid7. By integrating tools to seamlessly work together, Automox allows customers to save valuable time, without the need for special expertise or additional cycles.
"With Automox, we feel comfortable that someone with less experience like our helpdesk guys right out of college can keep things up to date. We can give them a basic document and they can figure things out themselves. Automox makes it easy."
Customers that we spoke with felt that Automox helped them maintain complete endpoint visibility and inventory of their IT environment from a single pane of glass, improving cybersecurity, using resources more efficiently, and enhancing communication within the company.
Worldwide visibility across the entire deployment – Customers felt that the Automox cloud-native endpoint management solution offered continuous global visibility of their entire IT environment independent of platform, application, device type, or location, all from a single console without the need for VPNs. Using legacy systems, customers had a fragmented and limited picture of their environment. They could only see and manage their corporate network using systems that focused on only one OS to do patch management. Customers did not have visibility into applications and configurations, draining resources and time to collect and consolidate information from different systems while never achieving a true real-time view of the data.
"I like that I can give my help desk guys access to Automox, which gives them visibility and access to stuff that they didn’t have in the past years. That way they can help troubleshoot a lot more before it gets to me, before it gets to our side. That has been really good."
Single platform of record – ESG noted that Automox provided an inventory of customers’ entire environment, including devices, application inventory, and configuration settings. Customers reported that Automox acted as the single platform of record needed to effectively manage patches, mitigate risks, and make endpoint security decisions faster. On-premises solutions required manual queries and information to be collected from multiple systems and lacked the tools necessary to collect much of the required information around application inventory and configuration status.
Fully managed compliance – Customers mentioned that on-premises solutions required manual analysis to see which devices, systems, software, or applications were not compliant or had software that was out of date. Automox offers its customers an easier way to identify out-of-compliance devices and configurations, helping them automate corporate policy enforcement.
"Automox helped us stay in compliance. Without Automox, we risk big real-world revenue implications; we could lose our contracts."
Fully managed compliance – Customers mentioned that on-premises solutions required manual analysis to see which devices, systems, software, or applications were not compliant or had software that was out of date. Automox offers its customers an easier way to identify out-ofcompliance devices and configurations, helping them automate corporate policy enforcement.
Real-time insights and reporting – Customers shared that Automax offers up-to-date status and information on all endpoints, activities, and configurations made available through pre-built and/or customizable reports. Customers stated that on-premises solutions’ insights and reporting were manual, time-consuming, and labor-intensive, and at best were only able to provide an outdated view of their environment.
"Having worldwide visibility from one pane of glass is a great improvement for us—if somebody from management asks for or needs information, we can show them the dashboard with up-to-date information."
Proactive attention to issues and faster time to resolution – Automox customers claimed that automation and policy enforcement helped to avoid potential issues before they could occur. Automox enabled immediate identification and correlation between potential root causes and made it simple to remediate issues, all from the same console.
"After installation, Automox began to scan the systems and identified more than 300 missing security patches. With this visibility into the status of its systems, our customer was able to comfortably determine how to approach patching its systems, with a clear focus on prioritizing the most critical issues flagged by Automox and tackling them in a systematic fashion."
To reduce the risk of data breaches, ransomware, viruses, malware, financial penalties, and revenue impact, organizations must patch systems correctly, configure devices and applications, and eliminate risky software. Automox users claimed that they were able to reduce vulnerabilities in hours instead of months compared to their legacy on-premises solutions. One user commented, “Being able to meet modern IT demands without compromising security management allows us to be more flexible and agile, enabling innovation.”
Reduced exposure to vulnerabilities – On-premises solutions have slow, manual processes around patch management for their many endpoints, which increases their exposure to attacks. According to users, Automox significantly reduced the time-to-patch window, closing the aperture of attacks by 80% compared to alternative solutions.
"Before Automox, our biggest issue was getting patches installed at all. Our legacy solution wasn’t efficient enough, and it took too much time. We did a study and realized that we had a lot of vulnerabilities that would be solvable by installing patches, but we did not have the toolkit to get it done. We had lot of people working on this manually over the weekends, but we were still not protected properly."
Safe and secure cloud platform with authentication requirements – The Automox platform and API were designed with security front-and-center, with fully encrypted data transfer, secure payment processing, role based access policies, and mandatory logging of all activities. Automox users can have peace of mind that their systems and information are protected at every level.
Reduced risk of downtime – ESG confirmed that the Automox cloud-native endpoint management solution provided no single point of failure and ensured continuous operations without the need for additional infrastructure, effort, or expertise. Customers noted that for them to maintain a highly available on-premises solution they were required to have complex IT infrastructure, maintenance, operations built with redundancy, backup solutions, and disaster recovery in mind at all locations. In addition, an endpoint management solution must be run continuously to provide effective endpoint protection to the entire organization.
ESG leveraged the information collected through vendor-provided material, public and industry knowledge of economics and technologies, and the results of customer interviews to create a three-year TCO/ROI model that compares the costs and benefits of using Automox cloud-native endpoint management solution to that of legacy appliance-based endpoint management solutions. ESG’s interviews with customers who had recently made the transition, combined with experience and expertise in economic modeling and technical validation of patch and endpoint management solutions, helped to form the basis for our modeled scenario.
ESG assumed our modeled organization managed a total of 10,000 endpoints across 2 data centers, 6 secondary locations, and a growing number of edge locations to support an increasingly remote workforce. We assumed a total of 8,000 workstations/desktops/laptops (80% of which were Windows-based and 20% of which were macOS, Linux, or other) and 2,000 physical and virtual servers (80% Windows, 20% Linux). In addition, the modeled organization wanted to identify and ensure protection and compliance for 5,000 unmanaged endpoints being used for production at remote locations.
For the legacy on-premises appliance-based solution, ESG modeled both a greenfield scenario (purchasing new hardware in year 1) and a brownfield scenario (using and maintaining existing hardware only). Our models predicted that the Automox solution could lower the total expected cost by 4.8x to 4.9x. The detailed results can be seen in Figure 4.
What the Numbers Mean
100% elimination of on-premises infrastructure – The Automox cloud-native endpoint management solution required no physical or virtual resources to run appliances on-premises, while the legacy solutions require the purchase and refresh of redundant and highly available physical or virtual servers, network, and protected storage. In addition to the purchase of the hardware for the legacy solutions, costs for power, cooling, floorspace, hardware maintenance and support contracts should also be factored in. This hardware must be deployed, managed, and maintained (the cost of this was included in administration costs).
72% lower cost of software, licenses, and subscriptions – The annual costs for the on-premises solutions included the expected cost for SCCM, SQL Server (required for SCCM database), client access licenses totaled roughly $127k per year for each of the 8 sites, and the monthly subscription for an alternative solution to handle Linux, macOS, and other clients was priced at $22/month/device. Finally, for remote devices to be managed by these systems, the required VPN service was priced at $12/device/month. The cost of Automox was a low $5/month/device with no VPN service required.
34% to 63% lower cost of power, cooling, and floorspace –The 8U HPE dHCI configuration required 43% to 67% less rack space than the 14U and 24U alternative HCI configurations and consumed 15% to 55% fewer total watts. ESG leveraged vendor power calculators and assumed conservative assumptions of 70% CPU utilization, $0.12/kWh, and $75/RU/month floorspace cost.
91% lower cost of administration and operations – ESG’s model assumed that the legacy environment currently required 10 full time employees (FTEs) to manage patch management, security, and compliance for SCCM across the 8 sites and an additional 4 more FTEs to handle the devices under control of the alternative appliance-based patch management solution. We assumed each FTE spent roughly 30 hours/week on patch management with SCCM (Automox customers reported spending only 1 hour/week) and the remainder of the time managing the infrastructure (no time on Automox), device discovery and deployment, monitoring and reporting, and configuration-related security and compliance activities.
Issues to Consider:
While no modeled scenario could ever accurately represent the economics behind every deployment, ESG encourages organizations to perform their own analysis to see how much they can save.
Even though they are not included in our model, ESG noted a few additional areas in which organizations could potentially save with Automox, including less impact to productivity due to endpoint disruption and lower risk of successful ransomware attacks, data breaches, and compliance fines due to shrinking of vulnerability windows and automated enforcement of compliance for software and device configurations. These savings are hard to quantify for an organization but could easily add up to millions of dollars per year.
The Bigger Truth
As organizations look to modernize and become more agile to support an increasingly remote workforce, endpoint and patch management presents a critical opportunity for process and operational efficiency improvements. Legacy patch management was simply not designed well to scale outside of the data center. Legacy endpoint and patch management have become extremely costly and complex, and the lack of agility, scalability, and visibility is extremely risky to organizations. If systems cannot be patched, configured, or kept in compliance in a timely manner, organizations are opening their doors to potential disaster. ESG validated that Automox can help lower costs by up to 4.9x for organizations while freeing up to 91% of time spent dealing with the patch management process. This enables smaller teams to operate far more efficiently and effectively, keeping endpoints up-to-date, secure, and in compliance while reducing the exposure to vulnerabilities by up to 80% across a rapidly expanding attack surface. One customer summed it up well during an interview:
"I love Automox, it’s been a fantastic tool for us, we have been able to utilize it well. I really like the Automox community. The Worklets, the stuff that they've done, their customer support has been great. All in all, the experience has been fantastic, and it's been a really good tool, I'm glad that we invested in it."
If your team is tasked with keeping an ever-increasing volume and variety of devices connected and protected across the data center, cloud, edge, and remote locations and would benefit from reduced cost, reduced risk, and significantly improved operational efficiency, ESG suggests you consider Automox.
We provides a 100% CloudNative IT Endpoint operations platform for modern organizations. As a comprehensive EndPointManagement Platform, it has advanced SoftwareManagement for PatchManagement, Adding, Removing, and Updating Software, Changing and Configure Settings along with PolicyManagement on any device or operating system located anywhere in the world and at any time. With the push of a button, ITAdministartors can fix CriticalVulnerabilities faster, slash cost and complexity, and win back hours in the day.If you want to know more kindly Click here