Security Basics mailing list archives
Re: About Operating Systems security
From: Jimi Thompson <jimit () myrealbox com>
Date: Sun, 1 Jun 2003 19:47:08 -0500
You stated in one of your later e-mails that you want to move certain things in your company toward open source products - fire walls, web servers, and databases. In any case, the way to make your point is TCO - total cost of ownership.
You must take the cost of procurement as the starting point. What does the software cost? What does the hardware it will require cost? Next, what is the cost of managing this and keeping it running? What do you have to pay an engineer or DBA that can administer the product? How much are upgrades? What about vendor support? Will you have to retrain people to manage this product? What is the projected life span of the product? TCO = [(procurement cost) + (management cost) x life span ] x number of unitsIf you can run the numbers for the commercial package and compare them to the open source package, you should be able to see this to your managers.
Example - fire wall Linux vs. Nokia Checkpoint Device Procurement Costs Linux - software = $0 - hardware = $0 (assuming cast off workstation recycled as firewall) Nokia Device = software & hardware come bundled $15,000 ____________________________________________________________ Management Costs Engineer to run linux firewall competently - $85,000 Engineer to run Nokia Device competently - $75,000 Upgrageds Linux - $0 Nokia Device - free first three years then $1000/yr Vendor Support RedHat - $2500/year (24x7 support) Nokia Device - free first three years then $1000/yr Retraining Employees (3 employees) RedHat - $1000 per employee Nokia - Limited training available from sales staff ____________________________________________________________ Lifespan 5 years Number of Units 2 (external and DMZ) _____________________________________________________________ Linux TCO = [(0) + 3*1000+ (85000+ 2500) x 5 ] x 2 = $881,000Nokia TCO = [(15000)+(75000)x5+2*1000{2 additional years of updates}+2*1000{2 additional years of support}]x2 = $788,000
That's how you make your case to management if you want to do it based on TCO. -- Thanks, Ms. Jimi Thompson, CISSP, Rev."Those who are too smart to engage in politics are punished by being governed by those who are dumber." --Plato
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: About Operating Systems security yannick'san (Jun 02)
- <Possible follow-ups>
- Re: About Operating Systems security Chris Berry (Jun 02)
- Re: About Operating Systems security Jimi Thompson (Jun 02)
- RE: About Operating Systems security Burton M. Strauss III (Jun 03)