In the cyber world, the need for robust security measures is paramount. The Essential Eight cybersecurity framework, designed by the Australian Cyber Security Centre (ACSC), is often adopted by businesses to protect against a range of threats. However, implementing this framework can be a costly affair, depending on the specific operating environment and company size. This article will delve into the costs associated with enforcing the Essential Eight compliance levels across 3 different IT environment scenarios, which are common for medium size organisations, such as Windows, Chrome OS, and macOS, specifically for mid-sized companies with around 50 devices.
In this analysis, we have taken into account three different scenarios, each representing a typical mid-sized business setting. These scenarios aim to provide a broad spectrum of environments that businesses may find themselves operating within, thereby helping them to make an informed decision regarding the implementation of Essential Eight cybersecurity strategies. The tools and automation as described below contains Antivirus Softwares, Remote Monitoring and Management tools, Backup tools, Spam filters, Device Management tools, Security Monitoring tools etc.
Scenario 1: Hybrid Environment (Windows and macOS)
The first scenario represents a company that uses a mix of 30 Windows devices and 20 macOS devices. This diverse environment is not uncommon in mid-sized businesses where various departments may have different operational needs that necessitate the use of different operating systems. For instance, the design team might prefer macOS for its superior graphic handling, while the administrative department might be more comfortable with the familiar interface of Windows. Other devices could represent specialty software that runs on Linux or Unix. Here, we’ve considered that the direct and indirect costs would be higher due to the complexities of managing and securing multiple operating systems.
- Direct Costs: For the tools and automation, we estimate $35 AUD per user per month.
- Indirect Costs: Assuming an IT professional’s 25% time, the labour cost is estimated to be around $2250 AUD per month. [Please note that the higher cost is based on the cost of internal IT staff, not 3rd party like OnsiteHelper]
- Time: To implement the above, it could take 100 hours initially for the Essential Eight Baseline Level 1 and 20 hours per month to monitor and maintain this level.
Scenario 2: Chromebook Devices
- Direct Costs: For the tools and automation, the cost is estimated to be $10 AUD per user per month.
- Indirect Costs: Assuming an IT professional’s 10% time, the cost is estimated to be $900 AUD per month. [Please note that the higher cost is based on the cost of internal IT staff, not 3rd party like OnsiteHelper]
- Time: To implement the above, it could take 50 hours initially for the Essential Eight Baseline Level 1 and 10 hours per month to monitor and maintain this level.
The second scenario is a mid-sized company that exclusively uses 50 Chromebook devices. Chromebooks have seen increased adoption in the business sector due to their lower cost, ease of use, and seamless integration with Google Workspace. This scenario represents a company that has opted for a streamlined, uniform IT infrastructure. The costs in this scenario are generally lower, both directly and indirectly, due to the lower cost per device and the lessened complexity of managing a single type of device across the organisation.
Scenario 3: Windows Only Devices
The third scenario represents a mid-sized company with 50 Windows devices. This is reflective of businesses that, due to legacy software requirements, industry-specific applications, or company preference, operate solely on Windows devices. As with the Hybrid Environment, costs here are generally higher due to the higher cost per device and the indirect costs associated with managing a more complex operating system.
- Direct Costs: For the tools and automation, we estimate $30 AUD per user per month.
- Indirect Costs: Assuming an IT professional’s 20% time, the labour cost is estimated to be around $1800 AUD per month. [Please note that the higher cost is based on the cost of internal IT staff, not 3rd party like OnsiteHelper]
- Time: To implement the above, it could take 80 hours initially for the Essential 8 Baseline Level 1 and 20 hours per month to monitor and maintain this level.
Note: All cost estimates provided in this article are approximate and may vary based on the specific needs, vendor pricing, and other factors related to each organisation.
By examining these three scenarios, we aim to provide a comprehensive view of the potential costs associated with implementing the Essential Eight cybersecurity strategies. These costs can vary significantly based on the nature of the IT environment, with more complex environments typically incurring higher costs. However, the investment in these strategies can significantly enhance the cybersecurity posture of an organisation, making it well worth considering for any mid-sized business.
Comparative table
With the cost figures, the Chromebook Devices scenario remains the most cost-effective in terms of both direct and indirect costs. The Windows Only and Hybrid scenarios have higher costs due to the implementation of security and monitoring being difficult. The indirect costs still vary based on the complexity of the environment and the corresponding time commitment required from IT personnel.
Conclusion
Implementing the Essential Eight framework across different operating environments involves various costs, including both direct and indirect expenses. While Windows and macOS environments can be more costly due to the need for additional security software and extensive man-hours for management, Chrome OS with Google Workspace offers an integrated, cost-effective solution.
These costs can vary significantly based on the unique requirements and circumstances of each organisation. Therefore, it is crucial to evaluate your organisation’s needs and resources carefully when choosing the path to Essential Eight compliance. For more information about achieving Essential Eight compliance, refer to our previous articles on Understanding Compliance options for IT security, the Path to Essential Eight: Direct or Gradual , and Achieving Essential Eight Compliance with Google Workspace. Remember, regardless of the operating environment or the chosen path, the ultimate goal is to strengthen the organisation’s cybersecurity posture and minimise the risk of cyber threats.
If you would like more information or are interested in implementing the Essential 8 for your organisation or would like to discuss the best options for your current environment, then please get in touch with us via email [email protected] or call 1300 889 839.