Featured
Author - Tom
Pisello
- October 30, 2004
Introduction
Major
systems management vendors are presenting a new vision of the future data center,
and success-minded CIOs should begin constructing a roadmap to the automated
data center, with moderate steps that ensure return on investment (ROI).
Automated data centers self-configure, self-heal, self-optimize, and self-protect. The underlying solutions combine intelligent management software and resilient hardware to deliver better asset utilization, make data center operations less expensive, increase flexibility to meet changing business demands, and proactively provide more resilience.
Companies that haven't yet adopted the automated data center face a number of potential challenges. For example, changes to a large financial services organization's Microsoft's Active Directory accidentally brought down Internet access for the company's trading desk. (Active Directory, an essential component of the Windows 2000 architecture, allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security.) As users logged in, they weren't able to get on-line, and could not access vital information and mission-critical applications.
After eight hours, the problem was traced to an accidental change made by the Active Directory administrator, and the proper settings were restored. The trading desk was adversely affected and this minor issue caused an impact that was estimated in the millions of dollars, in both productivity and lost business.
Whether for availability, security, or general IT operations, the automated enterprise delivers significant productivity and business benefits. Depending on the business, even slight improvements may generate exponential returns—and provide tangible business value that extends far beyond IT. Organizations looking to become more automated should follow established strategies and best practice features, including
- User
and Resource Provisioning—add,
move, and modify resources or configurations to enable or enhance performance
of mission-critical applications, customers, partners, or employees on a priority
and demand basis.
- Infrastructure
Availability—ensure
consistent and readily available access to key business resources by managing
availability, loss prevention, and recovery.
- Security
Management—establish
identities and manage security of key business resources.
Following these best practices has significant financial benefits, as they'll expedite the automation processes in four critical areas: IT operations and administration; virtualization and provisioning; security; and availability.
IT Operations and Administration
Operations and administration typically consumes 30 to 40 percent of IT spending—an average of $4,400 (USD) per employee in an average US enterprise. Of this, 65 percent is dedicated to ongoing maintenance and asset management, 25 percent for migrations and upgrades, and only 10 percent for innovation. To improve the value of IT, it's important to decrease the ongoing maintenance and asset management through task avoidance and productivity enhancements, while increasing the resources toward innovation.
Organizations
should target the three biggest areas of gain:
- Reduce
the number of administrator tasks
- Reduce
each task's steps and cycle-time
- Reduce
the skills required
Data centers deploying consolidation and self-optimization handle their workload with 30 to 40 percent fewer assets; this saves 20 percent on overall administration. Self-healing and other best practices yield another 5 to 10 percent in labor savings. This can amount to an annual savings of $1,320 (USD) per employee for a typical enterprise.
Security
More than 85 percent of companies experienced security breaches within the last 12 months, and more than 60 percent of companies acknowledged financial losses as a result.
When a security incident occurs, IT organizations scramble to meet the challenge. Even if harm is prevented, many tangible and intangible costs are incurred
- Repair
and Mitigation—the time and cost of finding the problem, repairing
damage, recovering data, and ensuring that the vulnerability is addressed
to prevent future harm.
-
Downtime—lost productivity, revenue, and profit while the
systems or applications are unavailable.
-
Competitive Impact—loss of customers and market share due
to system unavailability or customer dissatisfaction.
These
costs can be broken down by type of cyber security incident, including internal
and external attacks. It's important to understand the typical total cost of
each type of successful attack to fully understand the financial benefits of
mitigating them.
Security
Threats and Estimated Impacts |
Typical
Impact per Incident (USD) |
| Virus |
$24,000 |
| Denial of
service |
$122,000 |
| Physical theft
or destruction |
$15,000 |
| Data destruction
|
$350,000 |
| Theft of proprietary
information |
$4.5 million |
| Illegal system
access—outsider |
$225,000 |
| Unauthorized
insider access |
$60,000 |
| Installation
or use of unauthorized software or hardware |
$250,000 |
| Insider abuse
of net access or e-mail |
$360,000 |
| Financial
fraud |
$4.4 million |
Estimated
security impacts per incident for various internal and external security issues—Source:
Alinean
The
automated data center's self-protecting features proactively reduce vulnerabilities,
automatically distribute patches, and reconfigure systems as needed, reducing
security risks, and saving companies 20 percent per year on security management
and business impact costs.
Virtualization and Provisioning
Automated
data centers' virtualization and provisioning features are estimated to save
companies 30 to 40 percent on hardware and software, by avoiding establishing
the systems for peek load. The automated data center automatically allocates
assets where needed, supporting changing business priorities and meeting routine
and peak performance requirements.
Net
savings can easily top $1,000 (USD) per year, per employee, based on a typical
enterprise, which spends $1,633 (USD) per year, per employee for data center
hardware and software, and an additional $1,496 (USD) per year, per employee
on purchased software.
High Availability
How
long downtime lasts is crucial. A workgroup losing just a few minutes can easily
make up the time, but hours of downtime can mean invalid transactions or a permanent
loss of clients.
Estimated
Outage Cost per Minute |
Business
Impact (USD) |
| Supply chain
management |
$11,000 |
| Electronic
commerce |
$10,000 |
| Customer service
center |
$3,700 |
| ATM/POS/EFT |
$3,500 |
| Financial
management |
$1,500 |
| Human capital
management |
$1,000 |
| Messaging |
$1,000 |
| Infrastructure |
$700 |
Estimated
downtime impact per minute for various business applications—Source: Alinean
Downtime
for a typical computing infrastructure is estimated at $42,000 (USD) per hour.
At this rate, a 1 percent improvement in availability can lead to millions in
reduced risk and productivity losses.
Unplanned
Downtime (Mission Critical) |
Typical
Uptime |
Hours
Down per Year |
Cost
per Unplanned Downtime Hour (USD) |
Downtime
Risk (USD) |
| Worse than
average |
98.000% |
174.72 |
$42,000
|
$7,338,240
|
| Average |
99.000% |
87.36 |
$42,000 |
$3,669,120 |
| Better than
average |
99.500% |
43.68 |
$42,000 |
$1,834,560 |
| Good |
99.900% |
8.736 |
$ 42,000 |
$366,912 |
| Best in class |
99.999% |
.09 |
$42,000 |
$3,780 |
The automated data center promises to be more resilient to downtime issues, helping companies achieve best-in-class or "good" availability—typically a 50 percent reduction in downtime. For most organizations, this can mean saving millions of dollars annually.
Conclusion
The technology will continue to advance throughout the next three years and IT management will have to augment its own skills and processes to profit from the promised benefits.
All companies are different, but for those needing a resilient high performance infrastructure for business process improvement and e-business mission critical applications, the automated enterprise will deliver a solid ROI.
About
the Author
Tom
Pisello is the CEO of Orlando-based Alinean, the ROI consultancy helping
CIOs, consultants, and vendors assess and articulate the business value of IT
investments.
He
can be reached at tpisello@alinean.com.
Demystifying SAP Solution Manager | Cloud Assets: A Guide for SMBs—Part 3 | Cloud Assets: A Guide for SMBs—Part 1 | I Want My Private Cloud | The Sum of All Malware Fears: Siemens on Stuxnet | EAM versus CMMS: What's Right for Your Company | Managing the Overflow of E-mails | Use a Computerized Maintenance Management System to Improve Predictive Maintenance Performance | Security Risk Assessment and Management in Web Application Security | "Once Bitten” Vendor Is Not “Twice Shy” about New Acquisition | Are You Adequately Protecting Your IT Infrastructure Components Inside the Firewall? | Enterprise Resource Planning Giants Eye the Shop Floor | The TEC Quick Case for Tero Software | Selecting a CMMS System | CMMS in the Aviation Industry |
Who Else is Using Your Wireless Network? | How to Avoid Becoming Another CMMS Implementation Failure Statistic | Information Security Firewalls Market Report
Part Two: Current Market Trends and User Recommendations | Information Security Firewalls Market Report
Part One: Market Overview and Technology Background | Smaller Vendors Can Still Provide Relevant Business Systems
Part Four: MRO and Spare Parts Management | Smaller Vendors Can Still Provide Relevant Business Systems
Part Two: Market Impact | Smaller Vendors Can Still Provide Relevant Business Systems
Part One: Event Summary | Reliability Driven Maintenance--Closing the CMMS "Value Gap"?
Part Two: Reliability Driven Maintenance | Reliability Driven Maintenance--Closing the CMMS "Value Gap"?
Part One: Trends and Definition | Secure Transfers of Large Files Over the Internet Using YouSendIt | Fed Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply?
Part Two: Challenges and User Recommendations | Feds Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply?
Part One: Event Summary and Market Impact | Product Review: GFI's LANguard Network Security Scanner | The Best ACT! Is Still to Come | HIPAA-Watch for Security Speeds Up Compliance
Part Two: Phase III and IV, and Product and User Recommendations | HIPAA-Watch for Security Speeds Up Compliance
Part One: Vendor and Product Information | EAM versus CMMS: What's Right for Your Company?
Part Four: IFS and Intentia Responses | EAM versus CMMS: What's Right for Your Company?
Part Three: Analysis of IFS and Intentia | EAM versus CMMS: What's Right for Your Company?
Part Two: Integration Concerns | EAM Versus CMMS: What's Right for Your Company? Part One | Maintenance Software--How to Negotiate Successful Contracts with CMMS Vendors | Continuous Improvement Offers CMMS Maintenance Benefits | Maintenance Software--Plan Ahead to Maximize CMMS Vendor Web Site Visits | Use CMMS to Improve PdM Performance | Using PKI to Protect Your Business Information | The CyberAngel: Laptop Recovery and File Encryption All-in-One | Evaluating Enterprise Software-Business Process or Feature/Function-Based Approach? All the above, Perhaps?
Part Three: Knowledge Bases and User Recommendations | InsideOut Firewall Reporter Unravels the Mysteries of Your Firewall Logs | The Future of Secure Remote Password (SRP)
Part Two: Overcoming Obstacles to Success | The Future of Secure Remote Password (SRP) | Integrated Security: A New Network Approach
Part Two: The Shift Toward Integration | Integrated Security: A New Network Approach | Vendor Analysis: Kaspersky Anti-Virus Products Examined | 6 Immediate Business Improvements Offered by an Online SRM System:
Part 3: Other Points to Consider | Legacy Single Sign-On: Novell, Evidian, IBM, PassGo, or Computer Associates? | Fourth Shift's evolution Within SoftBrands' DemandStream | OKENA Brews Up a StormSystem that Secures All Applications | Incident Handling and Response Capability: An IT Security Safeguard
Part 2: Establishing the Capability | Incident Handling and Response Capability: An IT Security Safeguard
Part 1: Are You Ready to Support an Incident Response Capability? | Outsourcing Security
Part 3: Selecting a Managed Security Services Provider | Outsourcing Security
Part 2: Measuring the Cost | Outsourcing Security
Part 1: Noting the Benefits | Vendor Review: SecureWave Protects Microsoft Operating System Platforms | Thanks to a Smart Little Company called Lexias, CIOs Can Now Empower their Users to Assist in eBusiness Security | Feds Buckle Down on Customer Information Security | Identix Leads Biometric Authentication | Bootcamp for the Pros; Why Ernst & Young Will Lead Security Auditing Standards | Vendor Analysis: Interliant's Security Vulnerability Assessment | OKENA Pioneers Next-Generation Intrusion Prevention | Social Engineering Can Thwart the Best Laid Security Plans | Application Single-Sign On: Netegrity, Securant, or Evidian? | Lost Your Laptop? The CyberAngel® Brings It Back | InsideOut Makes Firewall Reporting Useful | The SOAP Opera Progresses - Helping XML to Rule the World | Talarian and NextSet Team for B2B Solutions | Tempest Creates a Secure Teapot | E*Trade Ignores Private Security Warning, But Public Hullaballoo Gets Response | My Network Engineers are Talking about Implementing Split DNS. What Does that Mean? | Human-Machine Interaction Company Ramps Up Firewall Product Line | Security Information Market Heading for Growth | Alibris Charged with Intercepting Email | Cart32 in Need of Duct Tape | Deutsche Telekom to Acquire VoiceStream Wireless | Study Shows: FBI Alienates Industry Security Experts | Firewall Cowboyz Set the Stage to Free Innocent Convict | Symantec Swallows AXENT; Takes on Network Associates | Novatel Wireless and Diversinet Team Up to Provide Security for Wireless Modems | Windows 2000 Bug Fixes Posted | Baltimore Technologies Doubles Revenues, Offers World-Class PKI Hosting | The Whys and Hows of a Security Vulnerability Assessment | Earthlink Leads the Way in DSL Security | PKI and Biometrics Ready for Take-Off | Secure Transport of EDI and XML for Trading Exchanges | Can You Trust Entrust? | Standard & Poor's Announces Security Certification | Check Point Leads Firewall Market | Fighting Cybercrime on the Internet | NetWare for Small Business – NetWhy? | Let Your Hard Drives Tell You Where they Are! | E&Y Spins-Off eSecurity Online and Unveils Security Vulnerability Assessment Services | With Record Revenues, AXENT Puts Down a Solid Fist | NAI Will Pay Trend $12.5 Million Resulting from Law Suit | Sub7 Tells Chat Rooms All Your Stuff; F-Secure Leads the Battle | E-Cash Rollout Replaces Amex | GSA Schedule Partnership Gets Network-1 in the Door | Los Alamos Loses Top-Secret Information, Again! | Standard & Poor's Exposes Customers' Security | The AS/400 Takes You Securely Where You Want to Go | Trend Micro Steps into PDA/Wireless AntiVirus Information Market | CryptoSwift Takes Rainbow Revenues Up 620% | Smart Shoppers Go Abroad for Affordable Information Security Programs | Anti-Virus Advisories: Rating Them | The 7 Habits of Highly Effective Security | Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos | Abandon All Insecurity, Ye Who Enter Here | Top 10 Excuses For Not Securing Your Website or Network | Ernst & Young Leads Big 5 in Security | 6 Days After Advisory Posted, AboveNet Gets Hit | A Firewall is Cheaper Than a Lawyer | Fixing Security Backdoors:
Red Hat 1, Microsoft 0 | WAP Forum Specifies RSA’s RC5 Encryption For Wireless | Netpliance Responds Quickly to Hardware Hack | Security Stocks Burn Rubber | DSL Provider Scoops up Netscreen Firewall Goldmine | Cyclone Untangles Digital Partnerships | Security Begins on Your Desktop | Network Associates Hopes to Rekindle the Flame | Hacker Publication Gets Top Defense Attorney | Saudi Arabian Network Security Provokes Local Considerations | Gosh, There’s a Bug in Windows 98 | Robust Systems are Built from the Bottom Up | DOJ Keeps Low Profile on Curador; Protect Your IIS Server Today! | Security Breach: Now What? | Sendmail, Inc. and Disappearing, Inc. Team Up to Add Enhanced Security | Is Your Financial Transaction Secure? | Compaq, HP, IBM, Intel and Microsoft Create New PC Security Alliance | Expect Boom in Electronic Signatures | Secure Your Search Engine | President Proposes Security of Medical Records | Sendmail Takes Security to the Next Level with Version 3.0 for NT | CheckPoint & Nokia Team Up to Unleash a Rockin' Security Appliance | Trend Micro Anti-Virus Server for Microsoft Exchange ~ A Secure Choice For Enterprise Wide Anti Virus Protection. | Security Snafu at NetBank | Freeware Vendor's Web Tracking Draws Curses | The "S" in SAP Doesn't Stand for Security (that goes for PeopleSoft too) | Content Technologies releases MIMEsweeper PolicyPlus | Hackers Will Be Out in Full Force On New Year's Eve | Analysis of Virgin Net's Hacker Scare | Network Associates RePositions Itself as a Security E-Village | Lexiguard™: The Coming "Adobe Acrobat" of Encryption | CyberPeepers from Korean Sites Peek at U.S. Networks | Would You Hire a Hacker? What Would Your Mother Say? | @Home Scans Own Customers | CIOs Need to Be Held Accountable for Security | New Market for Security Insurance | At Least Your Boss Can't Read Your Home E-mail, Right? Wrong! | PrettyPark Virus Litters Cyberspace | Packard Bell / NEC Leads Secure Etoken Deployment | Congress Acknowledges Outdated Banking Laws | How Secure is Your E-Mail? | Trend Virus Control System - A Centralized Approach to Protection | VPNs Are Hot, but What Are They? | ATM Machines Hacked in Moscow | How To Mitigate Holiday Cybercrime | Surf's Up at Akamai |