Security Basics mailing list archives

Re: About Operating Systems security

From: Jimi Thompson <jimit () myrealbox com>
Date: Sun, 1 Jun 2003 19:47:08 -0500

You stated in one of your later e-mails that you want to move certainthings in your company toward open source products - fire walls, webservers, and databases. In any case, the way to make your point isTCO - total cost of ownership.


You must take the cost of procurement as the starting point.

What does the software cost?  What does the hardware it will require cost?

Next, what is the cost of managing this and keeping it running?

What do you have to pay an engineer or DBA that can administer the product?
How much are upgrades?
What about vendor support?
Will you have to retrain people to manage this product?

What is the projected life span of the product?

TCO = [(procurement cost) + (management cost) x life span ] x number of units

If you can run the numbers for the commercial package and comparethem to the open source package, you should be able to see this toyour managers.


Example - fire wall

Linux vs. Nokia Checkpoint Device

Procurement Costs

Linux - software = $0
        - hardware = $0 (assuming cast off workstation recycled as firewall)

Nokia Device = software & hardware come bundled $15,000
____________________________________________________________
Management Costs

Engineer to run linux firewall competently - $85,000
Engineer to run Nokia Device competently - $75,000

Upgrageds
Linux - $0
Nokia Device - free first three years then $1000/yr

Vendor Support
RedHat -  $2500/year (24x7 support)
Nokia Device -  free first three years then $1000/yr

Retraining Employees  (3 employees)
RedHat - $1000 per employee
Nokia - Limited training available from sales staff
____________________________________________________________

Lifespan 5 years

Number of Units 2 (external and DMZ)

_____________________________________________________________

Linux TCO = [(0) + 3*1000+ (85000+ 2500) x 5 ] x 2 = $881,000

Nokia TCO = [(15000)+(75000)x5+2*1000{2 additional years ofupdates}+2*1000{2 additional years of support}]x2 = $788,000




That's how you make your case to management if you want to do it based on TCO.


--
Thanks,

Ms. Jimi Thompson, CISSP, Rev.

"Those who are too smart to engage in politics are punished by beinggoverned by those who are dumber." --Plato





---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: About Operating Systems security yannick'san (Jun 02)
- <Possible follow-ups>
- Re: About Operating Systems security Chris Berry (Jun 02)
- Re: About Operating Systems security Jimi Thompson (Jun 02)
  - RE: About Operating Systems security Burton M. Strauss III (Jun 03)