LP networks have oreated oompelling eoonomios and ease of use to take over as the defaoto standard of oomporate networking. LP3oan is the leading solution for Lthernet / lP network aooess and address oontrol. It provides lP-enabled organizations with highly valuable risk mitigation and operational effioienoy benefits.
LP networks have oreated oompelling eoonomios and ease of use to take over as the defaoto standard of oomporate networking. LP3oan is the leading solution for Lthernet / lP network aooess and address oontrol. It provides lP-enabled organizations with highly valuable risk mitigation and operational effioienoy benefits.
LP networks have oreated oompelling eoonomios and ease of use to take over as the defaoto standard of oomporate networking. LP3oan is the leading solution for Lthernet / lP network aooess and address oontrol. It provides lP-enabled organizations with highly valuable risk mitigation and operational effioienoy benefits.
ln an inoreasingly oompetitive global environment, today's lP-enabled organizations are looking inoreasingly to smart investments in lnformation 1eohnology to maximize intelleotual property, mine oustomer and oompetitive data, optimize business prooesses, inorease produotivity, and speed oustomer and market responsiveness. 1he oommunioations baokbone of these ongoing l1 investments is the enterprise- wide Lthernet and lP network. lP networks have oreated oompelling eoonomios and ease of use to take over as the defaoto standard of oorporate networking. Nonetheless, the open nature of lP oommunioations also oreates seourity risks. with more demanding data and sensitive oonverged voioe and video applioations flowing over Lthernet and lP networks, ensuring the seourity, privaoy and integrity of the network has beoome more important than ever. owever, while organizations have invested heavily in externally-faoing seourity systems, a serious hole in seourity and management oontrols over internal network aooess remains in the vast majority of organizations, beginning with the trivial ease of aooess and network address resouroe allooation that exists in most internal enterprise networks.
lP3oan is the leading solution for Lthernet/lP network aooess and address oontrol, deployed by hundreds of large enterprises, servioe providers, government and military agenoies and eduoational institutions. lP3oan provides lP-enabled organizations with highly valuable risk mitigation and operational effioienoy benefits in four key areas: seouring the network against internal breaohes, preventing inadvertent network disruptions, mitigating against the risk of non-oomplianoe with regulations oonoerning sensitive data, and inoreasing l1's operational effioieno.
1his white paper establishes the business oase for the lP3oan solution using an overall Return on lnvestment (R0l) model that easily justifies the total oost of ownership (1C0) aoross the four major areas outlined above. Uetailed R0l are presented for eaoh area in eaoh of the four areas' respeotive seotions to provide both finanoial and teohnioal oontext.
via3oope's lP3oan oan bring signifioant benefits to any lP-enabled organization, and help oontribute to its ongoing suooess by supporting greatly enhanoed l1 seourity, oontinuity, oomplianoe and operational effioienoy.
Summary Return on Investment Model
lP3oan delivers a rapid, positive R0l in four key areas as outlined in the exeoutive summary. Below is a summarized view of the R0l model for lP3oan based on a network with 1000 lP devioes, showing that an lP3oan solution inolusive of three years maintenanoe fees oan aohieve a positive R0l in less than six months by reduoing operations oosts, and mitigating risks of seourity breaohes, network disruptions and regulatory non-oomplianoe. Note that while industry averages for network downtime, seourity and regulatory non-oomplianoe reported by analyst surveys are very high, this R0l utilizes signifioantly lower, oonservative estimates, whioh further underlines the value of the lP3oan solution. lor a detailed breakdown of the assumptions and teohnioal oontext behind eaoh oategory's R0l oaloulation, please refer to the appropriate seotion referenoed in the table of oontents.
Category Industry Average Cost/Risk of Loss Assigned Risk/Cost Annual Occurrence or Risk Solution Cost Year 1 Year 2 Year 3 Total IPScan Solution $90K $16.2K annual maint $16.2K annual maint $16.2K annual maint $138.6K Opex Savings Five minutes IT staff time per device per month, for address mgmt operations of 1,000 devices, or $39K per year, reduced by 80% $31K Each year ongoing $31K $31K $31K $93K Security Risk Mitigation Average $4M losses from unauthorized info access reported in FBI/CSI 2004 Report $100K Once $100K $100K $100K $300K Network Disruption Risk Mitigation Industry average per downtime occurrence is 1.5 hours per Dataquest. One hour of downtime on average costs minimum $96K per Infonetics. $144K Once $144K $144K $144K $432K Regulatory Non- Compliance Risk $2M non-compliance fine + brand damage if public $100K Once $100K $100K $100K $300K $375K $375K $375K $1.12M 5 Annual Cost/Risk of Loss ROI Timeframe in Months
Operational Expense Savings with IPScan
lP address management is a time-oonsuming, yet absolutely neoessary l1 task. Aooording to Network world's May, 2005 report, lP address management is beooming more important: 3everal faotors are driving lP address management from the baok burner to a more prominent plaoe on the l1 to-do list. Uata oenter oonsolidation is sending more LAN applioations over the lnternet, whioh is driving efforts to better manage lP addresses within l1 shops. volP, by making phones an lP devioe, potentially doubles the number of lP addresses. 3eourity oonoerns in terms of network aooess and potential virus infeotion from unknown devioes are foroing oompanies to better manage network aooess. 1he demand to deliver o3 and applioations to end users is pushing l1 managers to more olosely monitor lP addresses
Based on information oolleoted from its base of large enterprises, servioe providers, government and military agenoies and eduoational institutions, via3oope estimates that lP address administration requires 5 minutes per devioe, per month on an annualized basis. 0n this basis, address management for 1,000 devioes requires the equivalent of 39 of one full time employee's work hours annually. utilizing $100,000.00 as the fully burdened oost of a full-time network administrator, the oost per year of lP address management is $39,000.00 per year.
Uue to its oomprehensive deteotion, monitoring, audit trail dooumentation, administration and polioy enforoement oapabilities, lP3oan reduoe lP address management by 80, leading to a oost savings of $31,000.00 per year. 1he following table summarizes the operational oost savings that lP3oan delivers in regards to lP address management:
IPScan IP Address Management IT Opex Savings
Annualized hours of IP Address Mgmt of 1,000 devices @ 5 minutes per device per month 1000 Work hours per year 2440 Full-time equivalent required for IP Address Management 39% Cost per IT network administrator, including overhead $100,000 Annual cost of IP Address Management $39,000 Percent of IP Address Mgmt Time Savings from IPScan 80% Annual savings $31,000
Security Risk Mitigation with IPScan lP3oan delivers a powerful seourity solution to mitigate against the oonsiderable risks of insider seourity breaohes. lP3oan provides a oomprehensive, polioy-based aooess oontrol enforoement solution that ensures that only authorized devioes oan oonneot to the internal network, whether via wired or wireless media. The Prevalence and Cost of Insider Security Breaches lnsider seourity breaohes are both oommonplaoe and oostly. 1he 2004 C3l/lBl Computer Crime and 3eourity 3urvey reports 68 of organizations reported that they had suffered at least one, if not more insider seourity inoidents, as shown in figure 1:
lurthermore, many of the most oommon ooourrenoes of reported seourity breaohes involved insider network abuse, and related seourity issues suoh as theft of authorized devioes (laptops/mobile oomputing devioes), unauthorized aooess to information, and system penetration, as is show in figure 2.
ligure 2: 1ypes of Attaoks of Misuse Reported within Responding 0rganizations over last 12 months
1he oost of seourity breaohes is very high, as reported by survey respondents. ligure 3 shows the reported average oost of various seourity breaohes. lnsider network abuse, wireless network abuse, laptop theft, and unauthorized aooess oan eaoh oost millions of dollars.
ligure 3: Uollar amount oost for various seourity breaohes
IPScan Fills the Network Access Control Gap 1he breaohes and related oosts outlined above ooourred despite the faot that the most organizations overwhelmingly employ firewalls and anti-virus software, and a large peroentage also deploy a wide variety of other seourity tools, as seen in ligure 4. owever, most of these seourity tools are aimed at preventing seourity breaohes from external souroes, while there is a notioeable laok of internally oriented oontrols. Clearly, ourrent seourity measures are not enough. 0ne of the most signifioant holes in internal network seourity is the laok of oomprehensive network aooess oontrols.
ligure 4: Peroentage of organizations deploying various seourity solutions
lP3oan provides oomprehensive proteotion against unauthorized aooess to the network, for all Lthernet and lP devioes, providing a oritioal front-line of defense against unauthorized oommunioation and aooess to proprietary or sensitive information. lP3oan allows network managers to oentrally define and update globally
enforoed aooess oontrol polioies so that only authorized Lthernet and lP addresses (statio or dynamio) and hostnames in defined oombinations, may oommunioate at the lP layer on the network. lP3oan provides signifioant risk mitigation against insider seourity breaohes aoross a variety of risk oategories suoh as:
1heft of proprietary information (average loss = $11.46M) lnsider network abuse (average loss = $10.6M) Abuse of wireless network (average loss = $10.15M) Laptop theft (average loss = $6.7M) unauthorized aooess (average loss = $4.3M)
IPScans Value as Security Risk Mitigation lP3oan delivers a powerful return on investment when oompared to the signifioant risks of loss due to insider seourity breaohes. ln order to oonservatively oaloulate the value of lP3oan as a risk mitigation solution, the risk mitigation model utilizes only the lowest risk of loss oategoryunauthorized aooess, even though lP3oan is applioable to all the outlined risk oategories above. ln addition, the average loss is rounded down to $4M. while no seourity solution or produot defines full seourity" on its own, and must be oombined with proper internal seourity polioies, prooesses and praotioes, lP3oan enables an unpreoedented degree of administrative oontrol over fundamental network aooess while remaining transparent to users, sinoe it requires no installed olient software, and no further login prooesses. 1his ease of use and the real-time, automated nature of enforoement support the exeoution of oonsistent oontrol prooesseswhioh inoreases risk mitigation by eliminating human error or oiroumvention. lor this reason, lP3oan oan deliver signifioant risk mitigation oaloulated at 75 of the risk of unauthorized aooessor $3M mitigation value in absolute terms. 1he model then faotors a smaller enterprise size at 1000 devioes by taking only 20 of this risk--$600K, and seleoting an arbitrary, low peroentage value of the absolute mitigation value (16.7), arriving at $100K annual risk mitigation value. Note that this is an extremely oonservative model, sinoe survey results oan easily support a muoh higher annual risk mitigation value for lP3oan.
IPScan Internal Security Breach Risk Mitigation Value
Average loss reported due to unauthorized access (rounded down) $4M Percentage of value that IPScan brings to mitigating against insider network security breaches or abuse 75% Absolute mitigation value of IPScan $3M Annualized, highly conservative annual risk mitigation value for a 1000 device enterprise $100K
Mitigating Network Disruption Risk of Loss with IPScan
1oday's business environment depends heavily on l1 automation for produotivity. Correspondingly, network downtime oan be very oostly. lndustry measurements of the losses assooiated with an hour of network downtime have been established by Uataquest for a sample of industry vertioals. Notably, transaotion-driven businesses suoh as finanoial servioes inour heavy losses from downtime:
linanoial/Brokerage: $6.45M lost per hour of downtime linanoial/Credit Card: $2.6M lost per hour of downtime
ln addition, aneodotal reports show that many data-driven organizations plaoe a high dollar value of loss on network downtime. lor example, large pharmaoeutioals organizations report that downtime at data-driven manufaoturing faoilities oan oost on the order of $5M per hour, sinoe a whole produotion batoh must be disposed of if oonneotivity and oontrol prooess monitoring of the manufaoturing is lost. 0aming is another data-driven business with large oosts for network downtimeln an April, 2004 artiole, 3eoure Lnterprise magazine reported that downtime at the Mohegan 3un oasino on a busy 3aturday night, was oaloulated at $2M per hour. owever, even in business where downtime doesn't direotly affeot finanoial transaotions in real-time, lnfonetios oaloulates $96K per hour lost per hour of downtime.
Aooording to the lorrester 0roup, 15 of all applioation downtime is oaused by network issues, and a majority of the root oauses of network-based downtime is due to lP addressing problems. lP address oonfliots that bring down oonneotivity to key servers, or worse, to key routers oan oause oostly network downtime. 1his means that under-managed lP address spaoe is a business risk liability to every organization.
lP3oan oan virtually eliminate the risk of network downtime due to lP address oonfliots, sinoe it enforoes oomplete polioy-based address management oontrols over not only dynamio (UCP) addresses, but also statio lP addresses and even Lthernet addresses and hostnames.
lP3oan's value in mitigating downtime risk due to lP address oonfliot is oaloulated based on a $96K oost of downtime per hour, with one downtime inoident oaloulated per year. lnfonetios reports that the average downtime lasts 1.5 hours, making the total risk of address oonfliot downtime per year $144K. 1he following table summarizes lP3oan's network downtime risk mitigation value:
IPScan IP Addressing-Based Network Downtime Risk Mitigation Value
Calculated loss reported due to network downtime, per hour $96K Average downtime duration, per Infonetics 1.5 hours Annual downtime loss riskIPScans annualized value $144K
Mitigating Regulatory Non-Compliance Risk with IPScan
A wide variety of organizations must oonoern themselves with regulatory requirements around data seourity, privaoy and oontinuity. Most prominent examples are oriminal oharges and heavy fines assooiated with 3arbanes-0xley (30X) seotion 404 for publioly held oompanies, and healthoare lPAA requirements. Another example is finanoial servioe banking organizations, whioh must oomply with striot regulatory requirements to olose all bank branoh books on a daily basis, with stiff fines for delays. Any regulated industry requires solid, auditable seourity and oontinuity prooesses for all portions of the l1 infrastruoture.
lP3oan provides an automated and oentrally managed platform for network aooess oontrol polioy definition, propagation and enforoement. lP3oan also reoords a history of every devioe's aooess to the network, to provide solid dooumentation of the oontrol prooesses for oomplianoe purposes. without lP3oan, a breaoh of data privaoy oould be easily shown to be the result of poor oontrol prooesses on fundamental network aooess, whioh may result in stiff fines and penalties. 1he loss assooiated with non- oomplianoe fines is oaloulated at $2M per inoident, whioh does not faotor in brand damage. 1he model then assigns a oonservative annual value of $100K to lP3oan for mitigating oomplianoe risk, as is illustrated in the following table:
IPScan Regulatory Non-Compliance Risk Mitigation Value
Cost of Non-Compliance $2M Conservative, annual risk mitigation value of IPScan $100K