MORE THAN JUST A PRICE TAG
While some costs are equal across products, these architectural differences have a strong impact in other areas, such as capital costs or operational expenses.
An analysis of those architectural aspects shows that based on the price of the vendors' product alone, service-based architectures are the cheapest to implement over a three-year period. Some of this can be attributed to the ability to distribute their costs, such as database support and maintenance, infrastructure, and testing, over a large number of customers.
In the TCO analysis, the most significant cost of Qualys' bid is the yearly licensing cost, which is based on the number of active IP addresses that are being scanned. Because of the Qualys design, there is very little internal expense incurred in implementing and supporting this solution. Based on our model, the supporting scanner cost for a very large-scale deployment is under $10,000 per year. In fact, the majority of the internal costs spent on the Qualys solution is the actual work of scanning and remediation. The appliances are such that installation only takes a few minutes, requiring very little labor.
Next are the appliance-based solutions, such as nCircle and Foundstone. Appliances provide a single, integrated solution carrying the server OS and the underlying hardware. They carry just slightly higher installation and maintenance costs than service-based solution. Still, these appliances take longer to set up and more effort to maintain than services such as Qualys.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
