Saturday, February 1, 2014


When people began moving from the cities to the suburbs in the post-war United States in the 1950s, new infrastructure was built to serve the shifting population.  The infrastructure served its population well for 50 years or so, until the 2000s, when the physical lifetime of water mains, electric power lines, and other infrastructure was reached.  What people quickly realized is that although money and resources had been allocated to build and deploy infrastructure, money and resources had not been allocated to operate and maintain the infrastructure for the long term.  In other words, O&M would be required to repair or replace the aging infrastructure, but the resources for that O&M would have to be found elsewhere.

Similarly, in the information security realm, as new business needs arise, new security technologies are often deployed to address them.  Enterprises often forget to include O&M when calculating total cost.  Another way to think of this is that each new security technology requires people to deploy, operate, and maintain it.  If head count were increased each time a new security technology were deployed, the model would work quite well.  However, as those of us in the security world know, head count seldom grows in parallel with new business needs.  This presents a big challenge to the enterprise.

O&M cost (including the human resources required to deploy, maintain, and operate technology) is an important cost to keep in mind as technologies reach end of life and come up for renewal or replacement.  O&M cost is a large part of the overall cost of technology, but it is one that is often overlooked or underestimated.  In an effort to lower total overall O&M costs, it pays to take a moment to think about the purpose of each technology.  Is this specific technology a highly specialized technology for a highly specialized purpose?  Could I potentially retain the functionality and visibility provided by several specialized technologies through the use of a more generalized technology?  If the answer to these two questions is yes, it pays to think about consolidating security technologies that are up for renewal or replacement.  This can be a great option provided it doesn't negatively affect security operations.  Fewer specialized security technologies means fewer resources to deploy, maintain, and operate them.  That, in turn, means lower overall O&M costs.  Lower O&M costs are always a powerful, motivating factor to consider.

No comments:

Post a Comment