Return on Investment vs. Return on Availability

Stephen Gates
By | February 11, 2015

Posted in: Network Security Trends , Hosting Provider DDoS Protection

In my discussions with organizations looking to protect their business from the wrath of DDoS attacks, I often hear the same question, “How do we obtain a Return on Investment (ROI) on a DDoS protection solution?”  Years ago I would attempt to delineate a potential ROI model, often on the fly.  On several occasions, I worked tirelessly into the night attempting to create a system of spreadsheets that demonstrated how an organization could obtain an ROI for a DDoS solution. None of my attempts created a model that worked in every situation.

When asked the same question today, I have a very different point of view.  Do organizations really look to obtain an ROI figure when choosing investments in bandwidth, firewalls, switches, routers, cables, employees, etc.?  Most will respond with yes, but as the business begins to grow, creating an ROI model on these necessary infrastructure tools proves difficult to calculate and substantiate.

Measuring ROI for network infrastructure, upgrades, and improvements, (not to mention people) in order to maintain operations is no simple task.  Reams of calculations, models, spreadsheets, and wizards have attempted to measure and project ROI in network infrastructure, with no real outcome that anyone can hang a hat on.

Return on Availability (ROA)

In today’s Internet connected world, can anyone put a price tag on availability? How much would it cost your organization if it went down for an extended period of time - or even for a few minutes?  What happens to SLAs when customers are affected by an outage? Since your organization thrives on Internet availability what choice do you have with regards to uptime and the effects of a DDoS attack?  You must protect your availability at all costs in order to maintain your revenue stream.  That’s your Return on Availability (ROA) and when availability goes away you know what comes next.

Coming to Terms

All over the world Hosting Providers, Service Providers, and the Online Enterprise are beginning to come to terms with reality and agree that the investment in real-time DDoS defenses are just a part of doing business. Today they simply cannot operate without them, they are dependent on availability. If these organizations experienced a service outage, it would equate to considerable losses of income in every case – regardless of the length of the outage.

Sure everyone wants an ROI story, but real-time DDoS defenses must be considered part of every online organization’s infrastructure, protecting their “service availability” and their revenue stream. It’s hard to put a price tag on the losses that would incur without a DDoS solution in place. Regardless of how an anti-DDoS solution is deployed, if it can immediately eliminate DDoS attacks in real-time, protecting and sustaining your revenue stream, it’s worth its weight in gold!

Dually Noted

Several of the Corero Hosting Provider and Service Provider customers have recently fashioned a model whereby they have created a Return on Investment for the Corero solution; offering white label anti-DDoS services to their customer base.  They often label their anti-DDoS service as a premium service delivered by Corero technology, recouping their investments in Corero within just a couple months.  Corero has observed several companies doing just that.  However this approach in most cases in not the real focus.  Their Return on Investment in this case is a result of maintaining their Return on Availability.  ROI is not the driving factor.  ROA is.

You May Also Be Interested In: