STEVE GIBBS, RIGHTSTAR

Personal Experience

It’s a common question, right? You go to management to say, “We really need BMC’s Client Management tool” and they say, “Why should we spend the money to get it?” It’s a valid question, but one that’s not always easy to answer.

ROI is not quantifiable as an absolute; BMC’s Client Management (BCM) can do so many things and the more you automate the better your ROI.  I had one large customer enable WAKE ON LAN – we shut down all the devices at 6 PM every night and over the weekend and we woke them up at 6 AM so they would be ready before folks arrived – no waiting for boot up.  I believe that customer said that the product and professional services were paid for within 9 months due to power savings.  And that is just one feature of BCM.

To look at the savings another way – If a customer needs to install x software packages manually, say 6 per day and it takes the tech 10 minutes per instance then that will save 60 minutes of TECH time plus not interrupt the user so multiply times 2 so just 6 software installs saves 2 staff hours per day x 5 days = 10 hours per week x 52 weeks = 520 hours per year… multiply by what a technician is paid, and you have paid off at least part of the costs. (By the way, does it really only take a tech 10 min to install a piece of software? Your estimates may vary.) Of course, if you enable MyApps users can install their own apps and the technician is not pulled in at all. Done right, it saves a ton of IT time!

How about Data Calls where management needs to know “how many Dell laptops are coming off warranty”?  With BCM it would take 3 minutes to reply vs. the research through accounting files to fully answer the question so how much time was saved? And dare I mention the word “audit” – when the auditors want to see how many boxes are licensed for which software, and which boxes actually have it installed – it’s a lot easier with BCM than trusting spreadsheets and manual audits (Gartner estimates that 68% of organizations receive at least one audit request each year)

How about Patch Management…  How many critical patches came out this month and much bandwidth was used to install all of them?  Multiply size of patch x device count = easy to answer because we capture all that data…

Industry numbers

But of course, sometimes numbers are nice. Not always easy to find, but nice to have. We set out to find some standard industry numbers. Here are a couple things we found:

From https://www.softwareone.com/en/blog/all-articles/2018/09/25/5-major-benefits-of-sam :

In the world of IT, the same can be said of Software Asset Management (SAM), and the many opportunities it offers businesses to save money. Real, measurable savings. Up to 30% of your software spend, according to a recent Gartner study. Yet still a number of companies remain reluctant to ‘take the shot’.

And

… adopting a manual approach to tracking software licensing is typically expensive, time-consuming, and susceptible to errors. Automating this process not only cuts administrative tasks by at least 50%, but it also frees up resources to focus on higher-value projects.

 

And from a study on patch management metrics (https://www.sans.org/reading-room/whitepapers/bestprac/patch-management-metrics-1461 ):

According to Luo and Warkentin

“the recent MS Blaster worm cost approximately $475,000 (includes hard, soft, and productivity costs) per company to remediate wounds and that some large companies reported losses as high as $4,228,000 from this worm breach.”

A very recent paper by Weaver and Paxson 29 puts forward a disturbing case estimating the possible costs to the USA of a malicious worm at $50 Billion. These security breaches can represent significant costs to organisations and as demonstrated via the world media are occurring on an ongoing and frequent basis.

In calculating the costs of not patching versus cost of patching within your environment, you must determine which is worse; a patch causing an application or server failure, versus a full system breach by a worm.

Also from this study:

The Potential Costs of failing to patch

When an organisation does not actively perform patch management or does not perform patching within the available timeframe before the ‘Malware’ strikes, then the organisation is exposed to unnecessary risk and subsequent loss. Some of the risks presented are both the direct and indirect costs sustained by the business when ‘Malware’ causes disclosure of data, corruption of data, or data loss

    • Some of the costs involved when a rogue program hits the business are:
    • the cost of clean-up and post-incident recovery,
    • the loss of production,
    • the loss of sales,
    • the cost of overtime for catch-up,
    • the potential loss of customers and
    • any consequential damage to the reputation of your organisations brand.

Summary

It’s not always easy to get hard numbers. But hopefully this blog gives you an idea of the ways your organization can quickly realize value from the BCM solution, both by automating tasks and by reducing risks.