Enterprises are significantly reducing endpoint security spending as they rethink how endpoints are designed and managed.
A new IGEL study analyzing more than 140 enterprise environments found organizations cut endpoint IT costs by an average of 62 percent—saving more than $900,000 annually—by adopting prevention-first, zero trust–aligned endpoint architectures.
Report shows prevention-first security posture leads to reduced IT spending in key areas
According to the IGEL Secure Endpoint OS Platform for Now & Next report, which analyzed over 140 enterprise environments across industries, enterprises are reducing endpoint IT expenditures by an average of 62 percent, saving more than $900,000 annually.
Enterprises have reduced these expenditures by adopting a prevention-first security architecture that eliminates local attack surfaces and simplifies management.
“Security has reached a tipping point where prevention is no longer optional; it is the foundation of competitive advantage,” said Klaus Oestermann, CEO of IGEL. “This research shows that organizations adopting the IGEL Preventative Security Model are not just controlling risk, they are rewriting the economics of endpoint strategy. Cutting costs while strengthening Zero Trust used to be a tradeoff. Our customers are proving it is now a multiplier.”
For channel partners, the study reinforces a shift in how endpoint conversations are unfolding with enterprise buyers. Rather than focusing solely on tools and licenses, customers are increasingly scrutinizing the operational and security costs tied to traditional approaches to security tooling.
Author of the study explains what the data means for the channel
In a Q&A with James Millington, VP of product and solutions marketing at IGEL and the principal author of the study, Channel Insider dove deeper into the research and what it means for the channel.
The study you just commissioned analyzes more than 140 enterprise environments. What stood out to you most in the results across the industries?
The area that I continually see that gets overlooked is the operationalization costs that are involved in delivering a traditional endpoint. Roughly 25 percent of the costs that we discovered aren’t the software or the hardware costs, but the running costs – deploying, imaging, updating, redeploying, and re-imagining at refresh times, troubleshooting the many tools, and training the IT staff in many different components. Those are the costs that often get overlooked, and this report highlights just a few of them.
CEO Klaus Oestermann said that security has reached a “tipping point.” What’s driving this shift toward prevention-first architectures?
I think a few things are shaping the market. Firstly, there’s a new breach every week. The bad guys are operating like a business now; anyone can buy ransomware-as-a-service, so it doesn’t even have to be smart criminals. The traditional defenses are demonstrably not working – and I think there’s a realization in the boardrooms that something different has to happen. Second, and related, we are seeing a shift to zero trust and more SASE-based security approaches. This is an indicator of the change. But one area SASE platforms don’t affect, and indeed rely on, is that the endpoint is itself secure. Organizations cannot afford to implement zero trust and SASE without rethinking endpoints and adopting a secure-by-design, preventive security approach.
How does centralized management and a smaller OS footprint change day-to-day operations for IT teams?
It’s a huge impact on the already overstretched IT team. We see organizations with a ratio of 1 IGEL administrator to 20,000 users, vs. around 1:5,000 for traditional endpoints. Minor updates mean less downtime to reboot; they mean less traffic across the wire, which is important to remote sites. Think about national or international organizations and how much bandwidth updates can take up – it’s all time, cost, and an effect on the user experience. And of course, it’s not just the OS – by removing the complex layers of agents that are otherwise required, we are also removing those updates, potential conflicts, install times, download times, etc. It really mounts up.
How does IGEL’s Preventative Security Model differ from traditional detection-and-response approaches at the endpoint?
Well, simply put, the Preventative Security Model removes the attack surfaces targeted by attackers. The OS is immutable; it is designed so that malicious programs can’t alter it. Only authenticated workloads deployed from the IGEL Application Portal can be applied as updates. Every time the device reboots, it boots from a known-good state – almost like a gold master at every reboot.
There’s no local data storage, so patient records, intellectual property, PCI DSS, etc., can be downloaded and exfiltrated – lost devices don’t create a forensic breach investigation – because there is no local data. The detection and response methodology is clearly not working, and what is different now is that many organizations are moving workloads away from the endpoints.
Organizations have realized that endpoints are the most exposed part of the infrastructure, so let’s not store data there. Let’s run in SaaS apps, private web-hosted apps, Desktop-as-a-Service, and VDI. And when you’ve designed your infrastructure this way, why run an endpoint that’s not designed for this new workload approach?
IGEL is designed from the ground up to deliver a secure endpoint platform for this new approach to application and data security.
How does IGEL Adaptive Secure Desktop enable organizations to stay flexible as work environments continue to evolve?
The Adaptive Secure Desktop gives choice in work styles – but from a secure, preventative foundation. It enables organizations to apply persona-based rules that update the availability of applications and content depending on the user.
It also enables integration with additional enterprise identity platforms, such as Cisco ISE, where IGEL can act as a policy enforcement point within the broader enterprise security architecture, ensuring that only authorized users gain access to applications and information.
At our recent Now and Next EUC Security Event in Frankfurt, we previewed just some of the additional benefits that this is going to bring, including dynamic contextual access in addition to persona-based access – it’s a very exciting part of the IGEL platform.
How can partners use the ROI from this study to have more strategic conversations with customers?
Two things here. Firstly, I think the data in the study can help start conversations about the why organizations need to rethink their endpoint approach – there’s absolutely a conversation around security, but backing that up with the additional savings as well as delivering improved security can often move the needle – particularly in industries such as healthcare where $900,000 could be a significant part of their IT budget.
Secondly, partners can engage with IGEL to work on these very detailed ROI reports. And when we’ve collaborated on producing the ROI report, the customer can take ownership, make adjustments, and generate reports themselves to meet their organization’s specific needs.
As threat landscapes evolve, how do you see the role of endpoint changing in enterprise security architectures?
The endpoint, right now, appears to be the forgotten element in the zero-trust and SASE evolution that’s taking place. The way we’ve been handling enterprise endpoints for the past 40 years has to change as network security evolves. The endpoint must become a Preventative Security Foundation for all of the upstream security that organizations are implementing – and right now, only IGEL has the platform and the broader industry partnerships to make that happen.
What should IT leaders prioritize in the next 12-24 months to avoid being locked into outdated endpoint models?
Look end-to-end at your security approach, including, as you might have guessed by now, the endpoint. A critical element of the IGEL OS Platform is the broader partnerships that we have through the IGEL Ready program. The world’s most important IT vendors are part of this program, including Microsoft, Zscaler, Omnissa, Palo Alto, and more than 100 others. Zero trust comes from a secure solution – not any one vendor. Bring those vendors to the table, ask how they enable a Preventative Security approach, and consider how a new security approach can deliver savings, as well as benefits.
In the early half of 2025, IGEL acquired Stratodesk to strengthen its endpoint security focus. Read more about the move and how Oestermann says the deal strengthens the company’s approach to channel partners.
