7 Layers?

Tuesday, August 17, 2004

Discussion on ROI [patch management]

Susan’s Reply

As a beancounter if I hear Return on Investment one more time.......

these are the same CFO's that say in the trade journals that viruses cost them billions of dollars [or millions ...who's counting?] .... add that to your ROI calculator. Now tell me they can't afford this and yet they can afford to do the cleanup? Sorry but that doesn't make any sense. Loss of productivity is not easily quantified. They aren't counting their total costs and just kidding themselves. And pardon me, but aren't these the same CFOs who just demanded that software vendors make more secure software?

So... how many local administrators you have on those 10,000 seats?

Where's your ROI on cleaning up a Windows 98 machine after it gets nailed with viruses?

Migration isn't trival period, I'll grant you. But neither is lack of control. And every day that goes by where you can't roll these patches out to any machine no matter what the operating system in a quick and timely manner, that firm is accepting the risk ....and I'd love to see the SOX 404 report on that entity.

I know I'm lucky down in SBSland. We have less people to convince. :-)

Might want to read the Wilcox blog... looks like Microsoft has changed [lengthened product support]


David to Susan

Susan...excellent for you that you took the one OS, one world solution.
> But it's not a trivial thing in many organziations, and your comment
> that "....any company can afford it..." does not hold water. Talk to
> a Fortune 500 CFO and tell her why she should approve the millions of
> dollars to do a sweeping OS migration across 10,000 desktops.
> CFO: "Where is the ROI?"
> You: "Wellllll, they'll be easier to manage...we can get patches out
> and testing done faster..."
> CFO: "Where is the ROI for the two million dollars you are asking me
> for?"
> You: "Welllll, it will make life easier in IT if we only have one OS
> to worry about...we will make it secure more easily"
> CFO: "Will this reduce our controllable expenses by over 2 million
> dollars in the next 24 months? In other words, is IS willing to take
> 1 million dollars a year out of their expense budget if I approve this?"
Ahhhh but if you answer "Yes"......
Similar trajectory here albeit in a much smaller setup. We were willing to give up a (projected) additional person to buy patch management software and some licenses for semiautomated updates. Cheaper for whole, argueably more effective for IT. We may come to regret the decision (the tipping point changes over time) but it was defensible way back in late 2003 [sic].

> CFO: "You just wasted 10 minutes of my day...talk to me when you have
> a legitimate ROI...good day"
> NOTE: If you think I invented the above discussion, you do not/have
> not managed in a F500 environment. It's about the business and the
> bottom line. I agree that a unfified environment is a nice
> thing...but you have it backwards with regard to who can and can't
> afford it. A smaller scale organization has a much easier time driving a change like this, Susan.

Mr. A


Post a Comment

<< Home