Economic Validation: Analyzing the Economic Benefits of Google Chronicle Security Analytics Platform 4
© 2020 by The Enterprise Strategy Group, Inc. All Rights Reserved.
security analytics platforms use a data volume-based pricing model, and costs increase in direct relation to the ever-
growing volume of security telemetry, Google Chronicle uses employee-based pricing—the cost of the service is
dependent primarily on the number of employees in the organization. Decoupling costs from data volumes increases
budget stability and predictability and encourages the collection and analysis of all telemetry over longer timeframes,
ensuring a greater probability of identifying long-lived threats from temporally distant indicators of attack (IOA) and
indicators of compromise (IOC).
ESG Analysis
ESG leveraged information collected through vendor-provided material, publicly
available configuration guides and pricing, and industry knowledge of economics
and technologies to create a three-year TCO/ROI model that compares the costs
and benefits of Google Chronicle with two cloud-based and one on-premises
security analytics platforms. The model compared the costs that would be
expected when deploying each solution in an enterprise environment with a goal
of quantifying the expected cost savings that are made possible through Google
Chronicle’s pricing model and Google’s economies of scale.
ESG modeled the deployment and operation of a security analytics platform for
two different sized organizations:
• Medium enterprise—15,000 employees, generating 1.5 TB of security
telemetry data per day
• Large enterprise—125,000 employees, generating 12.5 TB of security
telemetry data per day
ESG modeled employee growth using the average employee growth rate of
Fortune 1000 companies, and security analytics data growth rate using information
from ESG research surveys of CISOs, cybersecurity managers, and cybersecurity
practitioners.
ESG research surveys indicate that a majority of medium and large enterprises
retain security telemetry data for 12 months or more. Thus, the economic model
accounts for 12 months of telemetry data retention.
The model calculated and reported the expected costs that would be incurred for an on-premises deployment of a security
analytics platform, including the cost of hardware acquisition, power/cooling/floor space, support/maintenance, and
administration over a three year period. For cloud-based security analytics platforms, the model calculated and reported
costs incurred for software licenses and data retention using the lowest cost geographical region.
ESG Modeled Scenario: Medium Enterprise
ESG’s economic model calculated the expected costs over three years for a typical medium-sized organization with 15,000
employees generating 1.5 TB/day of security analytics data. The model showed that an organization deploying Google
Chronicle would expect to spend $1,565,000 over three years (see Figure 3 and Table 1). The two cloud platforms would
cost between 2.4 and 4 times more, and the on-premises platform would cost 3.5 times more.
Why This Matters
Security budgets can’t keep pace
with the increasing volume of
sophisticated threats and the
growing attack surface area, and
organizations continue to give
CISOs and security teams the
mandate to “do more with less.”
Google Chronicle provides
unlimited scalability while
eliminating on-premises
infrastructure and operations
overhead. Employee-based
pricing decouples costs from data
volume and velocity, ensuring
organizations can predict their
costs and encouraging the
collection, storage, and analysis
of any and all security
telemetry—collecting more data
over longer timeframes provides
a greater probability of identifying
long-lived threats.