Usage-Based Security: the future of corporate cyber security
Many industries have moved towards usage-based payment models in recent years. Both companies and individuals are used to paying for things like data usage, cloud storage and web hosting based on how much they use them.
We have always believed that usage-based models are the future of cyber security. And when we opened discussions with our customers on this topic in 2018, we discovered that there was strong demand for this model, as modern businesses prioritized flexibility and simplicity when choosing a cyber security solution.
Usage-based security is more needed than ever
This conversation then took on another dimension during the pandemic as businesses scrambled to minimize their fixed costs: “The pandemic accelerated demand for subscription-based managed security services, and service providers who meet this demand will set their business up for the future,” said WithSecure Director of Product Management Niko Isotalo.
Demand for flexibility and usage-based pricing during the pandemic also came up in a recent Forrester study  : "During the pandemic, many clients became frustrated when vendors wouldn't lower license usage below baselines, even though the organization's usage had dropped off because of staff furloughs. Examine contracts and ask for flexibility to alter the licensing baseline under certain conditions and for the ability to carry forward unused license entitlements into the next year without additional charge".
Even though budgets are under pressure across all geographies and business sectors, cutting down on investment into cyber security is unfortunately more dangerous than ever. However, for a certain portion of companies, moving to a usage-based security model could be an operationally and financially prudent middle-ground.
We believe that usage-based security is the future, but we do also recognize that it is not right for all clients. We want to offer our clients flexibility and we will continue to offer traditional licensing as part of that.
What kind of companies will benefit from usage-based model?
- Companies that are in a period of fast growth don’t want to sign a contract for 50 licenses and then find out they need 100, or even 51. With a standard contract they would have to put in an extension order every time they exceeded their growth targets. And on the flip-side, if they don’t grow as fast as expected they would end up paying for licenses they don’t need. With usage-based security there’s no additional negotiation needed, you just pay for one additional endpoint as and when you add it, or one fewer.
- If a company is not sure what the extent of their security needs will be then you want to be able to add or take away services easily. WithSecure Elements is designed so you can pick and choose which solutions are installed on which devices and review it monthly.
- Businesses that want to minimize the administrative work of ordering and renewals. There is no need for this with usage-based security. You pay for what you’ve used every month, and that’s it.
- Companies that are worried about the effect of the current business environment on their bottom line need to be able to minimize fixed costs at short notice. WithSecure Elements is available with no up-front costs or long-term commitments.
- Companies that are already outsourcing all or most of their IT and want to focus on their core business. For these businesses the lack of up-front costs is attractive as it frees them up to invest in other areas.
At WithSecure, we’ve just announced the launch of Elements, our all-in-one security platform. With Elements, we wanted to simplify our entire offering, but we also wanted to give our customers and partners as much flexibility as possible.
Therefore, Elements is designed with usage-based security concepts firmly in mind. The modular structure means you can easily add or remove solutions and services each month, based on need and budget. This model makes it easy to build any combination of solutions and services you need, and receive one monthly bill.
Figure 1: WithSecure Elements
WithSecure’s Isotalo likes to think of it like a restaurant, a good restaurant not an all you can eat buffet. “We want to give our customers full transparency. When you go to a restaurant you can leave whenever you want, no-one’s telling you to have two more drinks when you ask for the check.”
Unlike a restaurant though, with WithSecure Elements you and your customers get a real-time billing projection so you can see what the bill will be every month based on current usage. This is available in Element’s management console, which controls and displays all aspects of your cyber defense.
This system also eliminates the need for ordering and renewing. All you need to do is configure the customer in our system and Elements will become available. Then they pay for what they use and partners automatically gain additional benefits based on their total volume.
If you think usage-based security could be right for your customers and want to learn more about WithSecure Elements.
 Forrester: How To Save Money In Security Software Negotiations: Techniques For Preparing For And Conducting Security Software Negotiations To Increase Value Paul McKay, Sean Ryan, and Mark Bartrick, October 13, 2020.