If you have your marketing VP ask what you should look for in the next firewall purchase, What will he tell you? Does it have to function? Must it protect us? Must it not hinder the sending and receiving of legitimate attachments? This isn’t a technical specification.
However, If you want to ask your network engineer what you should look for, What will he tell you? A high throughput? Configurable Bayesian content filtering? Better SMTP relay security? This isn’t a huge amount of business reason.
Who do we ask? And what should we do?
Most often, purchases of technology begin with management telling management, “fix this issue,” or with the tech people telling the tech guys, “Hey, it’s not functioning properly anymore, so we’ll have a replacement.” In either scenario, there’s likely to be a difference in what both the suitors (management) and the glasses (techies) consider to be essential.
The suit will be looking at the ROI, depreciation of the existing equipment, and the cap-ex and the op-ex implications, and need to know what this investment can “do” in the company. The glasses will become more likely to focus on the technical specifications as well as the reliability and bells and bells and whistles. In the end, we often end up with the glasses not getting the budget they wanted (meaning they cut back on features they thought were important) and the suits feeling like they just spent money on who-knows-what-or-why.
Actual-world (made out of) example
To help illustrate the problem To illustrate the problem, let’s discuss Jake. Jake works as the manager of IT of Awesome Stuff LTD. Jake is accountable to the CFO, Ritchey (the financial person is called Ritchey as in RICH-ee you can see where I went with that), who is a complete novice about technology, yet manages his department’s finances. Jake is aware that the firewall of the company requires replacement. It is locked up and needs to be bounced a few times per month. Its processing capacity is not keeping pace with the volume of traffic at peak times, and it is constantly receiving complaints from customers about the content of their email filtering “not working correctly.” In addition, he recognizes that it is necessary to upgrade the bandwidth of the company in the coming years. However, he is aware that the firewall could be an obstruction. He then goes to Ritchey and tells him, “we need a new firewall.” Ritchey asks, “why?”. Jake responds, “because the flibbity-boppity multiplex protocol initiator is in a continuous state of fluxing routing, and if we don’t make it a priority to replace it quickly, there’s a chance that we’ll end up with the COBOL RAM app OSI malicious software” (that’s not the exact meaning of what Jake stated. However, that’s what seemed for Ritchey).
Jake creates a plan for spending a minimal $20,000 for a brand-new, top-of-the-line, packed with features and bells and a firewall. The price includes five years of 24/7 support, next-day replacement, no-cost software updates, and content filtering, as well as email spam filters, and it has received A+ ratings for its high-end performance and reliability consistently. He believes that this can solve issues in his department, cut down on the time of employees and increase the reliability of the network and help make life better in the workplace.
Ritchey receives the proposal and receives 20 grand to replace a thing that’s not even damaged that won’t help sales, doesn’t lower costs, and does not improve our business even a bit? The budget is reduced. Jake removes the service agreement and the support that continues for content filtering, as well as spam filtering subscriptions. Jake also reduces the number of models by a couple.
The company just lost an opportunity to resolve problems in business, reduce expenses, and increase productivity and efficiency since Jake and Ritchey were not speaking the same languages.
Which is the best solution?
I believe I think we have to get the suits and glasses to talk one language. We can either teach our MBA-educated executives the basics of developing software networks, engineering for networks, system design, and security of data (not likely), or we begin teaching our tech people how to run a business.
What would the conversation could be different If Jake had presented this suggestion to Ritchey:
The firewall we have is reaching the level of not being reliable. I’m worried that we’re getting closer to a hardware malfunction which could lead to an expensive fix and a huge amount of downtime. The firewall that we currently have is used up, so it’s time to consider alternatives. I’ve analyzed a new firewall that meets our technical needs. It also offers the security we require with an agreement for service and free software updates to ensure we are getting the most of the investment. The purchase will cut down my department’s time in managing the firewall of the present by 40 man-hours each month. That’s a total of 2,400 hours during the life expectancy of the product. That’s an opportunity cost reduction of $72,000. We also hear feedback from people who are spending much of their time trying to deal with incorrectly blocked attachments to emails, filtering SPAM emails, and battling with filters for content. We are expecting $46,000 to increase productivity for employees over five years by removing these problems. We also receive better security of our data, and we’ve learned that based on our recent risk assessment that exposing our intellectual property could be devastating – the purchase will reduce the risk.
Then, we can either pay for the purchase upfront of Capital or make use of their managed firewall and put it into Operating expenses. Which one would you choose?
Conclusion
My message is for those who are tech-savvy to learn how business-related decisions are taken. Know what matters to the executives. It’s possible that you don’t like it. However, you’ll be able to do your job better.