You might all know that feeling: You need money to finance security activities and you are asked why this money shall be invested. And then we start to argue that if we do not do it – bad things happen. These are questions that myself and our support get often. That was the reason why we started to collect information and facts on “why it pays to be secure”.
So, when I look at the reactive side of our business, we are often faced with support cases from customers compromised through some malware which is wreaking havoc in their environment.
Usually the customer says that deploying updates to software (not just MS Software) is too time consuming, too expensive and too disruptive to their environment. Of course the resulting issue is usually also quite disruptive e.g. Conficker.
Microsoft has done a great deal of research into managing an IT environment as well as numerous studies with some of our customers to discover the “true” cost of a managed environment.
Therefore it might be useful to start a series of posts on the subject of Update Management and Infrastructure Optimization that might allow you to have good conversations with your management on the subject.
So for the purpose of this introduction I’ll just copy one little piece from a study done in 2006 (so this is not a ‘new’ thing):
WINDOWS DESKTOP BEST PRACTICES
In this research, IDC evaluated more than 20 potential best practices and identified three that are consistently used by top-performing IT departments for optimising Windows desktops.
- Standard desktop strategy (savings of $110/PC). Deploying a standardised desktop by minimising hardware and software configurations.
- Centrally managed PC settings and configuration (savings of $190/PC): Keeping deployed PCs standardized by preventing users from making changes that compromise security, reliability and the application portfolio.
- Comprehensive PC security (savings of $130/PC): Proactively addressing security with antivirus, antispyware, patching, and quarantine.
A lot of this data and information was actually collected by Henk van Roest, our Security Support Programme Manager in EMEA – facing such questions on a daily basis.
Over the next few blog posts, I will share more information with you to give you more facts for the conversations you will need to have
Roger