While on the subject (of Positive IT Controls methods and architecture) I’d like to share some observations on the value/pricing metrics.
We must take the “customer perspective” in our approach to pricing new value-add IT security and image/system management methods for servers and endpoints.
For our Enterprise Customers this means:
Operating Expense Considerations:
- To what extent does our method improve the utilization economics of my customer’s challenge?
o Can I demonstrate improvement in Mean Time To Failure?
o Can I demonstrate reduction in Mean Time to Repair?
o If the answer is yes to the these, it translates directly to extra ‘nines’ of availability
- To what extent does our method reduce the manpower expenditure for the capacity delivered by my customer’s IT process? (In the Financial Services sector, a savings of $250k per year can be achieved by repurposing one IT person from the maintenance of existing infrastructure by improving IT availability/management efficiency)
- To what extent does the installation of our product/method disrupt the customer’s existing IT process flow?
- How fast can we deploy and demonstrate value?
- Can we demonstrate value while “running in parallel” with the customers current operations?
- How much of my customers IT manpower will be required to make our solution effective for them?
o On initial install
o In daily operation
Capital Expense Considerations:
- Does my customer have to spend capital dollars to pay for the solution?
- Can they offset other capital costs by deploying our solution?
- Can they increase the efficiency and utilization of their existing IT infrastructure by deferring and/or offsetting new IT capacity spending?
Translating these metrics to the available budget for a vendor solution requires calculating the estimated impact of the solution for our customer (in dollars per year). Additionally, by dividing the dollars per year benefit for the solution by the number of endpoints we can estimate the effective value per endpoint offered by the solution.
A big advantage of Positive IT Control Methods is that most of the considerations discussed above can be tangibly demonstrated.
In contrast, Negative Model security ROI is most often based on actuarial analysis and is often viewed as an “insurance” sale. In other words, if I DON’T deploy the solution, my risk if an incident occurs might be $X, so I am willing to pay $Y per device as insurance to mitigate that risk.
In the Positive Image Management and Controls scenario we can measure TRUE OpEx and CapEx impact.
When we have a denominator (the impact/savings) we can divide it by the numerator (the number or devices and endpoints served) and begin to understand our value delivered.
If customer savings = $1mm / 12mos;
and number device units served = 10,000;
then $1×10^6 / 1×10^4 = $10^2 (or $100 per device per year)
Not only is this value/ROI analysis useful for the supplier (in setting a price for the value delivered) it is mandatory for our enterprise customers in this challenging spending environment, and when justifying their choice of vendor and solution.
The bottom line is:
Proactive systems management can and does create specific and measureable operating efficiencies (as well as offsets of capital spending thru better IT systems efficiency and agility).
In our opinion vendors should live by the following guideline:
If we can’t tangibly save or make our customers money through their utilization of our solution in their IT environment, then we shouldn’t be wasting their time.