By Rich Wagner
Firewalls are typically the key component in providing network security. This article will help estimate the cost of deploying and maintaining firewalls in your network environment.
The most important step in adding a firewall to your network is to create a detailed security plan. This plan will allow IT professionals to determine the number of firewalls needed and the architecture required. For example, organizations concerned only with outgoing user traffic from their network would likely select a fairly straightforward firewall implementation.
Your organization may have an e-business component or you may be planning such a project. This factor would require sophisticated firewall placement to ensure the security of company equipment and resources. In this case, capacity planning may be difficult as the e-business initiative grows or fluctuates, and deployment costs may be high.
A combination approach is becoming more popular. In this approach, your security plan addresses a combination of incoming and outgoing traffic.
The technical review
After you have completed your network security plan, you should prepare a technical review of your existing network architecture before deploying your firewall server(s). This review should include all areas in your network architecture including:
- Existing route tables.
- Current switch configurations.
- User authentication methods and servers.
- Data center equipment, cabling, and power.
- Current network addressing scheme.
The staff members conducting the review should determine the modifications needed in each area before and during deployment. All cost analyses for the technical review should include the following:
- The cost for time to prepare for deployment for each resource
- The cost of staff training
- The cost of adding staff, if needed
- The cost of preparing a deployment project plan
- The costs associated with any network downtime for your organization
Next, consider the costs of the actual deployment. Here is a summary of the costs associated with the deployment:
- Costs of data center equipment, such as power runs, racks or shelves, and network cables
- Costs of building and installing servers and equipment, if necessary
- Costs of installing and configuring firewall software
- Costs of network modifications in routers, switches, and/or servers
- Costs of any network downtime for your organization
- Costs of IT staff and/or end-user testing
- Costs of end-user training, if necessary
Finally, IT staff should test for functionality to ensure rules and policies are followed as anticipated. If any changes occur in the way end users access network resources, you’ll need to add associated training costs for end users.
Estimating firewall maintenance costs will depend on your firewall architecture and how the firewall is used in your organization. As mentioned above, firewalls can be deployed in an organization to serve several scenarios (i.e., a firewall for outgoing employee traffic to external resources such as the Internet, firewalls for incoming traffic-filtering data originating from external sources to your network, a combination firewall that covers both, and/or firewall(s) for your e-business or interaction with resources external to your organization such as business to business data transfers).
Let’s look at the first firewall scenario—a firewall for outgoing employee traffic from your network to the Internet. The amount of maintenance necessary for your organization will depend largely on your security policies. Your organization may allow equal access for all employees to all Internet resources or a user/group policy providing differing levels of access and limited allowable Internet resources. Your maintenance costs will increase proportionally with the level of security complexity in your organization. A complex security plan means more administration time in creating and maintaining users/groups, firewall rules and policy maintenance, and the configuration of authentication servers.
As e-business advances, many organizations' firewall needs have increased and are becoming more complicated. Estimating the cost of maintenance in organizations that have multiple firewalls and bidirectional (incoming and outgoing) network traffic can be a challenge. For example, firewalls may physically reside in multiple locations, meaning more IT staff need training to handle firewall administration at the different locations. Incoming traffic also introduces the threat of network attacks from the Internet, and persistent testing and security updates may be necessary.
Estimating firewall maintenance costs will be specific to your organization and it may be necessary to include:
- Hardware maintenance and/or equipment leases.
- Firewall software subscriptions for upgrades and patches.
- Phone or on-site support from software provider or third party.
- IT staff resources for administration (add/change/deletes of firewall policies or rules).
- IT staff resources for firewall performance monitoring and tuning.
- Firewall reporting software, staff report reviewing, and publication.
- Firewall backups and disaster recovery.
- Firewall intrusion detection software and testing.
- Ongoing IT staff training.
Avoiding unplanned expenses
Cost estimates will be most accurate if you prepared a thorough security plan before deploying firewalls. As indicated above, this security plan should have included researching industry best practices, firewall capacity and scalability planning, and key business personal involvement to determine business network needs.
Costs can be significantly increased if firewalls become a network bottleneck and resizing and redeployment is necessary. Cost increases will also occur if ongoing rule and policy modification is necessary. You’ll lose out on savings from economy of scale if incremental increases in the number of firewalls, support, and/or maintenance contracts are needed.
On the other hand, deployment and ongoing maintenance costs will be reduced if you have planned for properly sized firewall servers because it reduces IT staff involvement in deployment and day-to-day operations such as performance tuning. You’ll also reduce costs if firewall rules and policies are accurate and comprehensive at the time of install.
Rich Wagner is the network and technology manager for Borden Chemical, Inc. in Columbus, OH. In this role, he has completed the process of determining firewall architecture and implementing firewalls, determining total cost of ownership, and capacity planning. He is Microsoft, A+, and Novell certified.Did firewall deployment cost much more than you anticipated? Have maintenance costs gone over budget? Warn other IT managers about what pitfalls they should look for by posting a comment to this article or by sending us a letter.