Wednesday, December 3, 2008

No Money=No Security?

The economic crisis is affecting everybody these days, and everybody is cutting expenses. This could mean a lost job or reduced benefits to some, but a popular way for companies to cope is by cancelling purchases of software and hardware. This is bad news for anybody who's selling anything, and many IT people will be heartbroken for having to live with an old mail server or domain controller, but a lot of companies are also postponing or cancelling upgrading their firewalls and other security products. Staying with an old piece of software or hardware for another year is certainly not fun, but when it comes to security, this is much more concerning. Information Security has always been hard to prove, and even today, many managers see it as a money hole. I'm afraid I can't do the talking for you, but here are some ways to save money without giving up security.

Unless you've been living on a tree, you must have heard of virtualization. This has many aspects, but for our purpose, I'm talking about consolidating several servers onto a single piece of hardware. This is still going to cost money, as a hosted server license costs the same, but instead of spending 20,000$ on 4 servers, you might save as much as half of that by buying a single, stronger server (You're going to need LOTS of ram!) and hosting the same 4 servers on it as virtual machines. Other than the hardware costs, using virtualization saves time, money and downtime. If your server suddenly dies, you don't have to wait several hours for tech support or parts - just move the disks to another server and you can bring up the virtual-machines almost immediately. Not convinced? How about electricity? Using one machine instead of many machines reduces the electricity bill both for the server's power consumption and cooling. Some virtualization products are given away for free, like Microsoft's Hyper-V 2008 server ( and VMWare Server ( , so dive into it and give it a whirl!

You might not be able to afford that fancy SEM tool you've been dreaming about, but that doesn't mean you have to give up on the entire idea. Software like SEM costs an arm and a leg, but there are alternatives. I'm talking about outsourcing. Nowadays, you can outsource almost anything, including letting others watch over your servers. These kind of services are usually billable periodically and by server, and although this is more expensive in the long run, it allows better security without making huge investments. Another advantage is that the outsourced technicians might be better trained to handle emergencies, which could translate to a quicker solution in case of a virus outbreak or successful hacker attack. Not convinced? Some states and countries give better tax breaks for outsourced services than for purchased software, so this could be even cheaper than you or your manager thinks. Speaking of outsourcing, there are a lot of other services that could be outsourced, from backup to user management, so for any purchase you had to scrap, check out the outsourcing market for that area - you might be surprised at how secure you might get for a lot less money.

Play hard ball
When the economy is this bad, everybody takes some of the heat, and sales are down everywhere. This means that even robust companies that have multi-million dollar product sales are feeling it. It's also important to keep in mind that those who actually make the sales are people just like you and me. They have deadlines and quotas, and at times like these, they are anxious to protect their jobs. This means that they might go a long way in order to close another deal, esp. now (December). don't be afraid to play hard ball and negotiate. Many people feel that haggling is more appropriate for the downtown meat market, but you can afford to be a little less honorable. Play it cool and flaunt the offers you got from other vendors, and get your boss or colleague to play "bad cop-good cop". I've personally witnessed cases where such maneuvers led to 60% price reductions. Can you afford not to?

Lose some of that weight
We are all used to having a nice desktop with tons of disk space and resources, but with today's costs, it might be time to think about going thin. Thin clients have a lot of advantages, but the best one is saving money. The clients themselves are far from cheap - some cost more than a desktop, not to mention the Terminal Server costs and licensing, but it saves money in several other ways. A thin client is designed to do as little as possible, and consumes very little electricity. Some companies report a reduction of 30% on their electricity expenses after switching to thin clients. Not enough? how about support costs? Instead of having one technician per 60-70 workers, thin clients require very little support. There are no viruses, drivers, hard-drive crashes to deal with, and most problems can be fixed by a secretary (who replaces the damaged unit with a spare one). A company with 1000 employees might be able to reduce its IT staff from 15 people to just 2 or 3. Trimming people is not fun, but that might be what it takes to save the company from going under.

No comments: