No great accomplishment comes without great risk. Unfortunately, too many risk management programs focus so much on potential problems that they restrict their firm's ability to excel. Risk management requires making trade-offs between risk and return, between the risks a company can bear and those it would rather avoid. But IT and business executives have lacked the tools to have meaningful discussions about IT risk management.
In this podcast, author George Westerman offers advice to help you turn IT risk management from a cost of doing business into an enabler of strategic value. He also shares how a framework of four key enterprise risks enables executives to make business decisions about IT risks.
BIOGRAPHY: Westerman is co-author of IT Risk: Turning Business Threats Into Competitive Advantage. He is also a research scientist at the MIT Sloan School of Management Center for Information Systems Research and faculty chair for MIT Sloan's executive education course IT for the Non-IT Executive. In addition to writing the 2007 book on IT risk with Gartner Inc.'s Richard Hunter, Westerman's research has appeared in journals such as the MIT Sloan Management Review, Organization Science and MIS Quarterly Executive.
Read the full transcript from this podcast below:
Karen Goulart: Hello, my name is Karen Goulart, the special projects editor for SearchCIO.com, and I'd like to welcome you to today's expert podcast on leveraging desktop virtualization to lower computing costs. I'd first like to welcome today's speaker, Rob Enderle. Rob is president and principal analyst of the Enderle Group, a forward-looking emerging technology advisory firm. Recognized as one of the best general inquiry analysts in the world, Rob specializes in providing rapid perspective and suggested tactics and strategies to a large number of clients dealing with rapidly changing global events. Rob lives emerging technology, and has a passion for personal technology and market strategy. Before founding the Enderle Group, Rob was a senior research fellow for Forrester Research and at GiGa Information Group. While there, he ran e-commerce, security, and mobile research practices; so Rob, let's get started.
Karen Goulart: My first question for you today, we all know that desktop virtualization offers companies a low-cost way to deal with unmanaged PCs, but how exactly does this type of technology cut costs? Where are the costs being cut?
Rob: Well, most of the costs in terms of managing PCs have to do with image management, this idea that each PC needs a unique image that is tied to the PC that needs to be managed in case the employee blows up their machine and that image has to be recreated. Often, in a repair instance, what happens is maybe the service professional will work with the employee for about three or four minutes, and then go back and try to create a restore event, restoring the image of the computer back to what it was last image, which, of course, cuts down dramatically on the productivity of the employee, takes a lot of time away from the IT service organization, plus you have to manage all those images and keep them tied to the machine. It's quite a bit of work, and what the desktop virtualization does is it, by abstracting the hardware, allows you to have one generic image that can be applied to a wide variety of machines, and then if you have to restore the image, at least you don't have to manage thousands of them.
Karen Goulart: Okay and how much cost savings would you say companies are really seeing from moving to virtualized desktops?
Rob: Well, it really depends on how bad a shape they are. For instance, if the organization was already using a lock-down method with a high degree of hardware consistency, probably not much, but most organizations outside of Germany and finance aren't in that shape, and in that case, you're typically talking somewhere in the 20-30% range in terms of savings, and it can be quite a bit more, depending on how that image is contained and managed. So if we were to give it a range, it would probably be anywhere from 10-20% all the way up to 70% for an organization that is very poorly managed at the moment, and that's the port cost.
Karen Goulart: Okay. Now, what about the initial cost of desktop virtualization? I did read somewhere recently that some users are saying that the initial costs sometimes outweigh the benefits, and don't think it's worth it. Do you think that's an accurate statement, or how do you feel about that?
Rob: Well, once again, it depends on what kind of shape the organization's in. If they [inaudible 00:03:03] for organizations that are actually using a lot of employee-owned hardware, the benefits clearly outweigh the cost. On the other hand, if the organization is well-managed right now, the additional benefits for virtualization aren't as great, because they've already contained their image problem. Often they're using the hardware OEM to manage a lot of that for them, and so they're not incurring a lot of extra cost. In virtualization, it comes with a performance cost. Whenever you abstract hardware, you are effectively removing a lot of the performance that hardware has, and the majority of employees now are getting notebook computers, which don't have a lot of performance overhead. So you now virtualized the hardware, so you're cutting into performance somewhere in the neighborhood of 30%. Folks notice that, and for them, that cost may be too much.
Karen Goulart: Last question for you. Desktop virtualization also helps enterprises deal with security issues, but does it come with an actual price? Are there actual savings in security by going to desktop virtualization?
Rob: Well, there are benefits in security, because when you virtualized the hardware, you prevent things like root-kits from being able to take hold. A root-kit then would solve itself in the virtual machine. It can be scanned from outside the virtual machine, identified, and eliminated, where in a regular PC, a root-kit, once it goes in, is almost impossible to discover and remove, and root-kits attacks are much more common these days. So, from a security standpoint, a virtualized machine is inherently more secure. In terms of cost savings, it depends on what it is you're protecting. Remember, an awful lot of things that get compromised when you are breached are customer information, employee information, things that can be used against the companies, and can result in SEC notifications, can result in relatively significant charges to the financials of having to buy identity theft protection for a whole bunch of customers who are not at all pleased that their identities have been compromised. Those kinds of costs are what you're protecting against, and while they don't have a lot to do with PC cost, they are certainly board-level concerns and often can be the kind of things that can significantly damage revenue. In that respect, the potential savings to having a more secure machine probably outweigh, depending on how secure the machines are right now, probably outweigh the cost.
Karen Goulart: Okay, and on that note, that does conclude today's podcast. Thank you again to Rob Enderley for speaking with us today, and thank you all for listening. Have a great day.
Dig Deeper on Enterprise risk management