Published: 17 August 2020
Analyst(s): Peter Firstbrook
Security and risk management leaders should use these optimization best practices to reduce the cost of the endpoint protection platforms in their organizations.
Organizations often underestimate their leverage when negotiating with vendor sales representatives.
Vendor sales representatives are excellent at hiding their corporate insecurities, and buyers rarely exploit the increasing competitive market by seeking quotes from multiple vendors and resellers.
Users often focus their price negotiations on volumes and discounts; however, there is a need for other effective strategies to optimize costs, such as vendor consolidation and looking into lower-cost vendors.
The decision between on-premises and cloud-managed is often perceived to be architectural, which overlooks the cost-savings aspect.
Security and risk management leaders responsible for endpoint security should:
Use the “start early and finalize later” approach, and always negotiate with multiple vendors and resellers. Don’t let the preferred vendor take your business for granted.
Focus cost optimization efforts on the total cost of ownership, including the administration and operational expense, not just the subscription costs.
Investigate the utilization rate of licensed functions in endpoint protection platform suites, and talk to the business about current and future license volumes.
Take advantage of the relationships with their other strategic vendors by bundling EPP products into larger security or infrastructure contracts, when possible.
After COVID-19, Gartner estimates that worldwide spending on information security will reach $142 billion in 2020, which is an increase of 4.2% compared with 2019; however, this is down from pre-COVID-19 estimated growth of 9.1%. Endpoint protection spending is expected to experience a slight decline in 2020, with a return to moderate growth in 2021.
A Gartner survey conducted in March and April of 2020 shows that 51% of organizations have business operations discontinued or are severely restricted as a result of COVID-19. Even pre-COVID-19, roughly 80% of organizations were pursuing a security vendor consolidation strategy or planning to pursue one during the next two to three years.
In the endpoint protection platform (EPP) market, average prices were already increasing significantly, due to the addition of endpoint detection and response (EDR) and support capabilities. As a result, many post-COVID-19 organizations are likely to be working to reduce costs as much as possible.
The following best practices (see Figure 1) can help endpoint security buyers optimize the cost of endpoint protection.
The first step is to conduct an inventory of the current environment and determine the real future requirements. Security and risk management (SRM) leaders should review:
The types of OS or assets to be covered
Different geographical presences and their sizes
IT support structure
Threat exposure and threat models
Existing EPP license entitlements and volumes
Deployed EPP components and volumes
Integration with existing devices or technology — such as security information and event management (SIEM) systems or firewalls
Nature of workforce (remote or on-premises)
Gartner’s Adaptive Security Architecture (see ) provides a framework of 12 critical capabilities that a modern security architecture should encompass. Organizations can assess the features and functions provided by their current security solutions against these capabilities. These assessments will help organizations focus on current usage, entitlements and future needs, and better prepare for negotiations.
First, evaluate needs and map them with the different capabilities already available as a part of existing licenses. For example, Microsoft offers EPP capabilities as a part of the default and/or premium package/license. Some EPP suites provide additional licenses for encryption and data loss prevention (DLP) and licenses for exchange and storage in the suite. Ensure that the organization is using existing entitlements before buying new ones, and use those existing entitlements to influence negotiations.
This is a good time to evaluate the incumbent vendor’s position in the market.
If the vendor is publicly traded, review its published financial results from the latest quarter, as well as its future goals, to better understand how motivated the salesperson may be to make the deal. Underperforming vendors are under pressure to retain customers and to increase the installed base, leading to stronger discounting levels.
The days right before a vendor’s end of year and end of quarter are often good times to look for additional discounts or to drive a harder bargain, because sales people are scrambling to meet sales targets.
Review test scores (AV_test.org, AV_comparatives.org) and other evaluations (e.g.,Mitre) to see how they are doing relative to peers. Vendors that are struggling to show positive test scores or multiple awards are more likely to use price as an incentive over vendors that can more easily demonstrate value and positive market growth.
The average annualized list prices for EPP suites with equivalent functionality for 5,000 seats and a three-year term range from a high of $53 per seat per year to a low of $16 per seat per year. However, actual street prices (i.e., quotes) are often 25% to 35% lower than list prices. This means that an enterprise could save considerably by moving from the most expensive to the least expensive EPP suite.Not all solutions are equal in functions and value for the money. However, there are lower-cost providers that have functions that are similar to the more-expensive solutions, and not all organizations take advantage of the more advanced features of the premium solutions.
Take advantage of increasing free security functionality in the OS. Microsoft Defender (see ) and Macintosh XProtect provide no-cost, anti-malware protection. Microsoft BitLocker and Mac FileVault provide full disk and file and folder encryption, and are included with Windows licenses. They can replace most dedicated encryption products. At a minimum, the threat of migrating to OS-based tools should be used as a negotiating tactic.
Don’t just shortlist vendors identified as leaders in Gartner’s Magic Quadrant (see ), particularly during a highly evolving market and a period of new security spending. These vendors offer more advanced or complete solutions; however, some organizations could end up paying for premium functionality that they never fully exploit.
Switching to the lowest-cost provider is not without trade-offs. Lower-cost providers may lack advanced management and varying depth of protection. If nothing else, evaluating a low-cost provider may result in better justification for purchasing a higher-cost solution and a low price point to use in negotiations.
Review the overall endpoint protection strategy and the products that have been deployed. Organizations have a tendency to add layers of security based on specific events. Reevaluate what those are and whether they are still necessary. For example, a traditional AV product + an EDR + approved list + a clean-up tool can all be consolidated.
Multiple products from multiple vendors are more expensive to acquire due to the lack of suite and volume pricing, and they require more administration effort and training. The total cost of ownership (TCO) of a suite is often lower than equal point products, due to volume pricing, lower administration effort and vendor management. At the same time, the suites may offer better protection, due to the synergy among the products across different layers.
Keep in mind that suite packaging is in constant flux. Premium add-on features that initially cost extra are often included in subsequent packages, as vendors try to reduce the complexity of their pricing schemes and offer new customers more value. However, we often see resellers just offer renewing customers the same packages they already own. Check the vendor’s website for new packages, and ask resellers to quote relevant new packages as well.
Organizations may also be able to take advantage of their relationships with their other strategic vendors (such as Cisco, Microsoft, Symantec, Palo Alto Networks, FireEye, Dell and IBM) by bundling EPP products into larger infrastructure software/service contracts. This will increase the total contract value and may make additional discount levels available. In some instances, Gartner has seen endpoint products with discounts of more than 75%, when bundled with larger purchase orders.
Another opportunity for TCO savings is adopting cloud-delivered EPP. Almost all vendors are adopting a cloud-first product strategy. The cloud model, software as a service (SaaS), lowers costs by reducing:
The cost of hardware
Deployment and maintenance time and effort
The administration time of signature and version maintenance for off and on LAN devices
The SaaS-based approach delivers value through various aspects, such as:
Reduced switching costs, which, in turn, help in subsequent renewal negotiations
Lower performance impact on endpoints, which may contribute to extending the PC life cycle
Faster adoption of new capabilities, as per the vendor’s cloud-first strategy
Renewal negotiations should begin at least six months before the contract expiration date, to provide enough time for competitive bidding and migration planning. Late renewal negotiations shift the leverage to the existing vendor, because there is not enough time to seriously consider switching to an alternative.
Due to the operational costs associated with switching EPP, vendors will often offer “competitive replacement” discounts to compensate for migration costs. This price point is unlikely to be honored when the contract renewal arrives, unless there is an agreement not to increase the prices in subsequent years. We have seen some success at obtaining an agreement to limit subsequent renewal increases to a maximum of 2% to 5%.
Consider shopping with different resellers. Large volume resellers often get bigger discounts and incentive programs than smaller resellers, which they can pass on to valued clients.
When negotiating, keep in mind that discounts range from 25% to 35% off the list prices, depending on the situation; however, the list prices among solutions from different vendors are often significantly different. Evaluate and get quotes from at least one low-cost provider to use as leverage in negotiations.
Most vendors offer nonprofit organizations higher discounts (45% to 75%), so nonprofits should advise providers of their status upfront.
Always ensure that you are negotiating for the latest packages, and not just renewing existing entitlements. Vendors will often create new, more inclusive packages that can offer lower cost or more products than older packages. Check the website to determine which packaging deal is the most suitable for the organization. Don’t expect the vendor or value-added reseller (VAR) to suggest lower-cost or more-inclusive packages unprompted.
Once a contract has been signed and the base product has been deployed, the vendor’s incentive to offer discounts for additional licenses is drastically reduced. Contracts should be negotiated on a global basis, based on current needs. Negotiate a fixed price for future additional licenses that may be needed during the term.
List prices are typically based on bands (for example, 5,000 to 9,999; 10,000 to 14,999). Buyers that are near a band threshold should explore the cost of buying enough additional licenses to move into the next pricing band. However, do not overbuy. You can add new subscriptions during the term, often at the same price as the initial contract.
With a steady stream of new vendors bringing new products and approaches to the EPP market, Gartner expects pricing to decline. As a result, multiyear subscriptions should be kept to a maximum of three years and should get at least a 15% additional discount during a one-year term. Long-term subscriptions typically require upfront payment for all years. However, some resellers will finance longer-term subscriptions to enable equal annual payments, rather than multiple years upfront.
In the EPP market, subscription licenses (i.e., no residual license value past the term of the subscription) are becoming more popular than term or perpetual licenses (i.e., license cost for the term plus annual maintenance cost). Past the initial maintenance term, the residual value of perpetual licenses is often low. Subscription licenses should include no-cost migration to the latest versions of products.
Training and advance support are good areas to negotiate. Vendors want capable operators and satisfied customers, so they are often amenable to negotiations for these items.
Low-cost or free consumer products for employee home use or bring your own device (BYOD) are often available as an incentive.
Vendors often look for testimonials, case studies and customers who are willing to share their experiences. They may be willing to offer additional discounts in return for a commitment to be available for reference calls with the press, analysts and prospective customers, as well as for media testimonials. Larger companies and recognizable brands are more desirable to the vendor.
Contracts and proposals grow more complex every year. Vendors introduce new pricing, licensing models, maintenance options and audit clauses every day. Unless one has day-to-day market visibility, it is nearly impossible to keep up.
Gartner estimates that following these negotiation best practices can save enterprises as much as 40% off list prices on contracts.
Guiding Principles on Independence and Objectivity.