ZDNet Make the Case Series: IT Business Case Template: Wireless Security
All names and brands are property of their respective owners. Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
General Introduction.........................................................................2 I. Need/Opportunity ......................................................................................................... 3 II. Stakeholders.................................................................................................................. 4 III. Alternatives ............................................................................................................... 4 IV. Business values for the alternatives ........................................................................ 14 V. Recommendation ........................................................................................................ 15
Product Description.........................................................................17 Glossary ............................................................................................18 I. Need Opportunity........................................................................................................ 18 II. Stakeholders................................................................................................................ 18 III. Alternatives ............................................................................................................. 18 IV. Business Values for the Alternatives ...................................................................... 21 V. Recommendation ........................................................................................................ 22
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
11
1
General Introduction A wireless infrastructure can increase productivity by allowing your mobile staff more flexibility and easier access to back-end data. However, these benefits must be weighed against some serious security risks. So, before your implement a wireless infrastructure that supports a variety of devices— from handheld computers and laptops to wireless-enabled PDAs—you need to ensure that the organization has established clear access policy and procedures. The threats Wireless security concerns include: • • • • •
Rogue users Inadequate access policies and procedures Unauthorized access to bandwidth via public hotspots Stolen laptops and other wireless-enabled devices Poorly guarded access ports
Security measures When the organization purchases mobile devices for field staff and telecommuters, you should consider their security features and not only budget or convenience. Other security measures include: • Change the default SSID (network name) • Disable the SSID broadcast option • Change the default password needed to access a wireless device • Implement a point-to-point Virtual Private Network (VPN) • Implement adequate encryption, user authentication, and administration tools • Adhere to the latest standards, such as 802.11g • Study emerging standards, such as 802.11i and 802.1x • Turn off wireless cards on laptops or other PDAs unless you are near a trusted access point Take advantage of the benefits However, a secure wireless infrastructure can provide mobile employees with substantial benefits, such as: • • • •
Fast, secure access to back-end databases and knowledge repositories Rapid customer response time Flexibility when communicating from remote locations Better workflow
Other implementation considerations should include end-to-end testing of wireless hardware and networking and interoperability of enterprise applications in a wireless environment. Technical staff should monitor data throughput and database connectivity. This business case will walk you through the opportunities, costs, associated risks, and alternatives when making the case for wireless security. However, the template may need customization. Each organization is likely to have unique challenges and opportunities that the business case should address.
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
22
2
I. Need/Opportunity Key technical and business objectives for consolidating wireless security: A. Tangible goals or objectives 1. Hardware • • • • • • •
Allow for greater end-user efficiency and productivity Support Wi-Fi Protected Access (WPA)-endorsed access chips and hardware WLAN supported switches Support for wireless cards for laptops and handheld devices Support for Advanced Encryption Standard (AES) Support for emerging security standards, such as 802.11i Secure access points
2. Software Applications • • • •
Improve response time and performance and increase flexibility Extend knowledge repositories to field staff Extend mission critical applications to remote employees Support for access point development kits
3. Operating Systems • • • •
Cost-effective deployment and maintenance Allow for more efficient management of wireless and other computer hardware Improve security and reliability Support for emerging wireless technology
B. Scope Impact and benefits from a secure wireless infrastructure:
Increased user productivity • Increased access to mission-critical business information, such as downloading purchase orders or access to an existing knowledge base • Remote high-speed access from public places, such as airports or convention centers • Remote access to existing back-end applications • Faster workflow for field staff • Lower upfront investments costs for new hardware issued to mobile/remote personnel Types of wireless security threats • Data easily intercepted • Unauthorized access to bandwidth via public hotspots • Stolen laptops and other wireless enabled devices • Strong reliance on off-the-shelf security measures • Rogue users • Inadequate access policy and procedures
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
33
3
• • • •
Lack of strong encryption, such as Advanced Encryption Standard Poor adherence to standards, such as 802.1x Inadequate protection of access ports Delinquent security for cell bases and access points
II. Stakeholders A. Primary • • •
Executives and managers who must extend the corporate knowledge base to mobile employees in a secure manner Executives and managers who must ensure the availability of servers and applications Executives and managers who must improve productivity for field employees
B. Secondary • • •
End users who need reliable access to up-to-the-minute, secure, remote back-end information IT support staff who must maintain a secure wireless infrastructure for remote field employees IT staff who must support non-PC wireless hardware, such as Pocket PCs and PDAs
III. Alternatives A. No Change If current wireless infrastructure can securely meet the business demands, no change might be the right choice for the enterprise. 1. Hardware a) Cost Even if not considering wireless security measures, other costs may be incurred under the status quo, including: • Inability to adequately protect transmittal of data in a wireless environment • Sub-optimal performance and speed • Business sensitive information at risk of being intercepted • Future hardware upgrade requirements (wireless cards, access points, switches) • Possible increased cost if need to upgrade in the future • Lack of backwards compatibility among devices • Opportunity costs due to lost sales, an unresponsive customer support team, slow decision-making process within the organization, etc. • Additional virtual private network security (VPN) b) ROI Savings from immediate expenditures must be weighed against the following points:
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
44
4
• •
Higher long-term costs of rolling out wireless connectivity across the enterprise Diminished or no Return on Investment (ROI)
c) Risk • • • • • • • • • •
Diminished residual value of existing assets Expiration of warranties and technical guarantees Inability to keep up with industry wireless security standards Existing wireless infrastructure fails to meet future security needs Loss of employee productivity due to an insecure wireless infrastructure Inability to support and maintain new wireless-enabled hardware, such as access points and cell bases Inability to keep pace with emerging technology and business standards, such as 802.1x and Extensible Authentication Protocol (EAP), the standard used for authentication Increased opportunity for network intrusion Inability to keep pace with industry standards Inability to adequately monitor network traffic
2. Software a) Cost • • • • • •
Software licensing/maintenance cost for additional wireless applications Increased costs accommodate wireless security and upgrade existing applications Loss of employee productivity Reduced remote access to existing back-end applications Inability to keep pace with industry standard wireless productivity applications Firewall software for remote workers
b) ROI Savings from immediate wireless security expenditures must be weighed against the following points: • Problems supporting applications on an insecure wireless infrastructure c) Risk • • • •
Lowered productivity and efficiency Data intercepted because of insecure wireless applications Falling behind industry standards Inability to catch up with early adopters that have already realized a competitive advantage
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
55
5
3. Operating Systems a) Cost • • • •
Licensing/maintenance cost for existing software Inability to take advantage of new operating system security features, such as Microsoft* Windows XP Encrypted File System (EFS) Management costs associated with keeping the system current and secure (patches, updates, etc.) Future operating system upgrade requirements
b) ROI Savings from immediate expenditures must be weighed against the following points. • Costly upgrades • Inefficient roll out of service packs and updates • Loss of wireless security features offered in the latest release • Loss of wireless productivity features offered in the latest release c) Risk • • •
Lowered productivity and efficiency Adverse effect on productivity of employees Poor network security because of inadequately protected access ports and wireless infrastructures
B. Delay Consolidation/Implementation 1. Hardware a) Cost •
Postponing implementation of a secure wireless infrastructure will have similar costs as the No Change option-although these costs will diminish after proper security measures are taken
b) ROI Savings from immediate expenditures must be weighed against the following points: • Delayed productivity gains from a secure wireless infrastructure
c) Risk • • • • •
Diminished residual value of old hardware assets Higher disposal/decommissioning costs in the future for old hardware assets Higher security implementation costs in the future Exposure to sudden changes in macroeconomic conditions, such as exchange rate fluctuations, new legislation, etc. Safeguarding supply/availability of hardware when purchased at a later time
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
66
6
• • •
Managing/scheduling additional personnel to secure a wireless infrastructure Other operational/financial considerations when a secure wireless infrastructure is deferred to a later time (such as management commitment, availability of funds, etc.) Lose ground to competitors that have a competitive advantage because of a secure wireless infrastructure
2. Software a) Cost •
Postponing implementation of a secure wireless infrastructure will have similar costs as the No Change option—although these will diminish once the secure wireless infrastructure is implemented
b) ROI • • • •
Software licensing/maintenance costs for additional wireless applications Increased upgrade costs Management costs associated with keeping the current wireless infrastructure secure (patches, updates, etc.) Loss of employee productivity
c) Risk • • • • • • •
Higher implementation and support costs in the future Exposure to sudden changes in macroeconomic conditions such as exchange rate fluctuations, new legislation, etc. Managing/scheduling availability of personnel to oversee deployment over disparate platforms and dispersed servers Other operational/financial considerations when procurement is deferred to a later time (such as management commitment, availability of funds, etc.) Loss of competitive advantage to organizations that secured their wireless infrastructure Inability to keep pace with industry standard wireless productivity applications Competitor realize benefits of a secure wireless infrastructure
3. Operating Systems a) Cost •
Postponing a secure wireless implementation will have similar costs as the No Change option—although these will diminish once the consolidation is complete
b) ROI Savings from immediate expenditures must be weighed against the following points: • Licensing/maintenance cost for existing software
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
77
7
• • • • •
Inability to take advantage of new operating system security features, such as Microsoft* Windows XP Encrypted File System (EFS) Management costs associated with keeping the system current and secure (patches, updates, etc.) Sub-optimal performance and speed Future operating system upgrade requirements Possible increased cost if need to upgrade in the future
c) Risk • • •
Reduced operating system performance Adverse effect on productivity of employees Delay in implementing security patches and updates
C. Outsourcing List the possible vendors for outsourcing services. Solutions may be layered and come from multiple vendors, or may be a single solution from one vendor. For each platform and alternative, consider: 1. Hardware a) Cost • • • • • • • • •
Initial and monthly/annual costs paid directly to vendor for hardware procurement and maintenance Incremental fees for upgrades Charges for storing equipment at vendor's site Remote management costs (related hardware and software tools, network connectivity/bandwidth, access ports) Cost of arranging and managing contracts/service agreements with vendors Administrative, communication, and other related costs in coordinating with vendors Additional wireless hardware that might be needed Conversion or changeover costs Monitoring network for security and potential threats
b) ROI • •
Is the short-term savings over outsourcing adequate? Does the tradeoff in spending operational or capital funds make sense for the organization?
c) Risk • • • • • •
Risk of lock-in/dependency on vendor Service provider's failure to meet organization's expectations/requirements Insufficient legal identity/capacity of vendor Deficient/questionable financial viability Inadequate technical capability, experience, dependability, reliability, and flexibility of vendor Risk of physical compromise when moving technology off-site
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
88
8
• • • • •
Poor security/risk management policies and procedures on the part of the vendor (physical security, hardware locks, environmental controls, etc.) Limited control in implementation and security monitoring Limited options for recourse in case of problems Exposure to sudden changes in macroeconomic conditions such as exchange rate fluctuations, new legislation, etc. Other unforeseen costs/risks that can lower ROI
2. Software a) Cost • • • • • • •
Initial and monthly/annual costs paid directly to vendor for software procurement and maintenance Incremental fees for upgrades Cost of arranging and managing contracts/service agreements with vendors Administrative, communication, and other related costs in coordinating with vendors Cost of devising remote/risk management strategies Conversion or changeover costs from status quo Purchase data migration tools if necessary
b) ROI • •
Is the short-term savings over outsourcing adequate? Does the tradeoff in spending operation or capital funds make sense for the organization?
c) Risk • • • • • • • • • • • • •
Risk of lock-in/dependency on vendor Service provider's failure to meet client's expectations/requirements Deficient legal identity/capacity of vendor Deficient/questionable financial viability of vendor Inadequate technical capability, experience, dependability, reliability, and flexibility of vendor Loss of intellectual property Deficient security/risk management policies and procedures on the part of the vendor (management of system vulnerabilities, virus protection, application access controls, etc.) Limited control in implementation Limited options for recourse in case of problems Exposure to sudden changes in macroeconomic conditions such as exchange rate fluctuations, new legislation, etc. Other unforeseen costs/risks that can lower ROI Patches and upgrades are not implemented in a timely fashion Wireless productivity applications are not maintained in a secure fashion
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
99
9
3. Operating System a) Cost • • • • • • • • •
Initial and monthly/annual costs paid directly to vendor for O/S procurement and maintenance Incremental fees for upgrades Remote management costs (related hardware and software tools, network connectivity/bandwidth) Cost of arranging and managing contracts/service agreements with vendors Administrative, communication, and other related costs in coordinating with vendors Cost of devising remote/risk management strategies Cost to migrate operating systems if necessary Patches and upgrades are not implemented in a timely fashion Inability to take advantage of new operating system security features, such as Microsoft* Windows XP Encrypted File System (EFS)
b) ROI • •
Is the short-term savings over outsourcing adequate? Does the tradeoff in spending operation or capital funds make sense for the organization?
c) Risk • • • • • • • • • • •
Risk of lock-in/dependency on vendor Service provider's failure to meet client's expectations/requirements Deficient legal identity/capacity of vendor Deficient/questionable financial viability of vendor Inadequate technical capability, experience, dependability, reliability, and flexibility of vendor Potential loss of intellectual property Deficient security/risk management policies and procedures on the part of the vendor (management of system vulnerabilities, virus protection, access controls, etc.) Limited control in implementation Limited options for recourse in case of problems Exposure to sudden changes in macroeconomic conditions such as exchange rate fluctuations, new legislation, etc. Other unforeseen costs/risks that can lower ROI
D. Build 1. Software a) Cost • •
Cost of IT Staff to develop software (including hiring, salaries, benefits, training, etc.) Key staff leaving in the middle of the project
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1010
10
• • • • • • • • • • • •
Diverting additional staff to resolve emergency effects Cost of software reconfiguration/upgrades Total cost of ownership (TCO) Opportunity costs and other related costs when resources are diverted to development projects Costs associated with resource and capacity planning Costs associated with budget and development planning Costs associated with change management and version control Costs associated with managing projects Costs of protecting intellectual property Frequency and cost of upgrades Ongoing software maintenance costs Additional third-party wireless networking security tools
b) ROI The costs of using in-house resources to secure a wireless infrastructure plus initial investments are weighed against the savings found in: • No Change • Waiting • Outsourcing • Buying c) Risk • • • • • • • • • • •
Inability to meet expectations/requirements of shareholders (fitness for purpose, ease of operation, quality assurance status, etc.) Risk of losing intellectual property Inability to interface with legacy applications Interoperability with other software platforms Conformity to standards Deficient technical capability, dependability, reliability, and flexibility of developed software Deficient technical capability, dependability, reliability, and flexibility of in-house IT personnel Deficient security/risk management policies and procedures built into developed software Improper valuation/costing of investments in software development/R&D in financial records Other operational/financial considerations when managing in-house projects (such as management/stakeholder buy-in, availability of funds, etc.) Unforeseen upgrades and maintenance costs will lower ROI
E. Buy Ask prospective vendors about the following: 1. Hardware a) Cost • •
Insurance costs where applicable Freight, transport and delivery cost
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1111
11
• • • • • • • • • • • • • • • •
Installation and commissioning costs Inventory-holding, maintenance and management costs Foreign-exchange costs Applicable duties and taxes Cost of end-user training Cost of administrative personnel Cost of current hardware reconfiguration Decommissioning and disposal costs for obsolete hardware Other related costs for changeover or conversion from existing systems or platforms Costs associated with capital budget planning Cost of spares/backups Depreciation costs TCO Other upfront and monthly/annual costs paid directly to vendors Hiring external expertise to assist with installation Hardware vendor fails to meet service obligations
b) ROI The cost of buying are weighed against the relative savings of the following alternatives: • No Change • Waiting • Outsourcing • Building c) Risk • • • • • • • • • • • • • • •
Firmness of price Pricing for associated or follow-on orders Provision for cost containment (including any formulas to contain or reduce costs) Foreign-exchange risks Management of payment terms Length of the supply chain and its vulnerability to disruption Weaknesses of vendors’ individual hardware (in terms of performance, scalability, functionality, etc.) Conformity with delivery, installation and commissioning requirements Management of warranties, technical guarantees Product liability arrangements Compliance with health and safety requirements Maintenance and durability of purchased hardware Unforeseen upgrades and maintenance costs will lower ROI Interoperability with other hardware platforms Adverse impact on budgets allotted for non-IT capital spending over the short-term
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1212
12
2. Software a) Cost • • • • • • •
Licensing/support and maintenance costs Other upfront and monthly/annual costs paid directly to vendors License management costs Cost of administrative personnel Cost of software reconfiguration/upgrades TCO Cost of end-user training
b) ROI The cost of buying are weighed against the relative savings of the following alternatives: • No Change • Waiting • Outsourcing • Building c) Risk • • • • • • • • • • • • • •
Onerous licensing terms Interoperability with other software platforms Software vulnerabilities, backdoors Firmness of price Pricing for associated or follow-on orders Provision for cost containment (including any formulas to contain or reduce costs) Foreign-exchange risks Management of payment terms Weaknesses of vendors’ individual software (in terms of performance, scalability, functionality, etc.) Conformity with installation and customization requirements Management of warranties, technical guarantees Product liability arrangements Unforeseen upgrades and maintenance costs will lower ROI Adverse impact on budgets allotted for non-IT capital spending over the short-term
3. Operating System a) Cost • • • • • • •
Licensing/support and maintenance costs Other upfront and monthly/annual costs paid directly to vendors License management costs Cost of administrative personnel Cost of reconfiguration/migration TCO Cost of training
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1313
13
•
Cost to migrate operating systems if necessary
b) ROI The cost of buying are weighed against the relative savings of the following alternatives: • No Change • Waiting • Outsourcing • Building c) Risk • • • • • • • • • • •
Onerous licensing terms Inability to run legacy applications Interoperability with other operating system platforms Software vulnerabilities and backdoors Firmness of price Pricing for associated or follow-on orders Provision for cost containment (including any formulas to contain or reduce costs) Foreign-exchange risks Management of payment terms Unforeseen upgrades and maintenance costs will lower ROI Adverse impact on budgets allotted for non-IT capital spending over the short-term
IV. Business values for the alternatives A. ROI For each platform component (hardware, software, operating system), assess costs/savings in terms of: 1. Tangible returns • • • • •
Weigh the wireless security alternatives to discover which best meets the objectives specified in this business case Incremental revenue/cost savings The increase in revenue likely to be seen from each alternative The savings in cost likely to be seen from each alternative The actual time period for the company to receive the additional revenue or cost savings stemming from alternatives.
2. Return on capital Aside from the returns expected from the capital investment, other benefits may be realized as well from securing a wireless infrastructure, such as an increase in productivity, or streamlined maintenance and a reduction in operating costs. 3. Cost of capital •
Short-term costs may include: o Hardware
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1414
14
o Software o Staffing requirements • Long-term costs include o Depreciation of capital investments o Cost of maintenance including monthly/annual charges, if any o Cost of management, upgrades and maintenance o Costs associated with risks involved B. Customer satisfaction The criteria for customer satisfaction for the stakeholders include: • Guaranteed business continuity and security • Enhanced productivity • Improved efficiency • Increased business agility and flexibility • Improved competitive advantage • Lower management and maintenance costs • General feedback of IT staff and other company employees C. Resources and roles • •
In-house resources involved in each solution, if applicable Outsourced resources involved in implementing each solution, if applicable
D. Timetable/Time to market The timeline specified in the project implementation to fulfill the solutions in the company
V. Recommendation Weigh recommendation against the business values of the alternatives based on: A. ROI Costs/Savings in terms of: 1. Tangible returns • • • • • •
Weigh the wireless security alternatives to discover which best meets the objectives specified in this business case Incremental revenue/cost savings The increase in revenue likely to be seen from each alternative The savings in cost likely to be seen from each alternative The actual time period for the company to receive the additional revenue or cost savings stemming from alternatives. More revenue opportunities
2. Return on capital
•
Aside from the returns expected from the capital investment, other benefits may be realized as well from a secure wireless infrastructure, such as an increase in productivity, or streamlined maintenance costs leading to a reduction in operating costs
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1515
15
3. Cost of capital •
•
Short-term costs may include: o Hardware o Software o Staffing requirements Long-term costs include o Depreciation of capital investments o Cost of maintenance including monthly/annual charges, if any o Cost of management, upgrades and maintenance o Costs associated with risks involved
B. Customer satisfaction The criteria for customer satisfaction for the stakeholders include: • Guaranteed business continuity and security • Increased business responsiveness • Improved competitive advantage • Lower management and maintenance costs • General feedback of IT staff and other company employees C. Resources and roles • •
In-house resources involved in each solution, if applicable Outsourced resources involved in implementing each solution, if applicable
D. Timetable/Time to market The timeline specified in the project implementation to fulfill the solutions in the company
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1616
16
Product Description [In this section include product information, performance specs, cost comparisons, charts, graphs, etc., to support your business case for the product you’ve selected.]
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1717
17
Glossary Introductory paragraph The introduction gives a brief background or overview of the product/service being evaluated.
I. Need Opportunity This section explains why the product or service is needed, including productivity and cost issues.
A. Tangible goals or objectives The purpose or desired end-result. In the business case this section identifies what company and business needs, problems or issues the proposed product or service can address.
B. Scope This defines the reach or extent of the topic or idea being discussed. In the business case, this section identifies the potential impact of the proposed product or service on existing systems and staff. Potential benefits and risks associated with project deployment are also identified.
II. Stakeholders Those individuals who have a share or interest in a particular endeavor or organization. In the business case, this section identifies those individuals and departments within the organization that will be directly and indirectly affected by the product or solution being discussed in the business case.
A. Primary The stakeholders who directly realize efficiencies, revenues, and/or a competitive advantage are considered Primary stakeholders. Those departments or individuals implementing the new systems and services are also Primary stakeholders.
B. Secondary The Secondary stakeholders are those who depend on, or will be affected by, the actions of the Primary stakeholders.
III. Alternatives The Alternatives section weighs the various routes to reaching the specified goals and fulfilling the needs of the stakeholders
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1818
18
A. No Change This section observes the costs and benefits of not addressing the issue(s) outlined in the Needs/Opportunity section.
1. Cost The actual price to be paid or resources to be expended. Measured by identifying and quantifying the price paid or resource expended (examples are time consumed or money spent).
2. Return on Savings Measure of income the company is able to earn from money not spent or expended. In this particular section, the savings realized by not implementing the product or service is weighed against: •
Whether the issue to be addressed is expected to become a larger or smaller problem
•
The length of time it would take to break even or to see a positive return with the No Change alternative.
3. Risks Expected loss. Risks may include issues detailed in the Cost section as well as intangible risks, such as employee annoyance with current system or morale issues.
B. Delay Procurement/ Implementation This option explores the costs and benefits of implementing a solution at a future date, rather than as soon as possible.
1. Costs While there are no direct purchasing costs in the short-term, deferring implementation can potentially create similar issues found in the Cost section for the No Change alternative.
2. ROI Income earned from company assets. In this section, the short-term savings of not implementing the product or service are weighed against the cost of waiting to determine the break-even point and the length of time it takes to see a return on investment.
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
1919
19
3. Risks This section explores the likelihood that serious problems would arise while waiting to implement the new product or service and the costs the firm would need to absorb if problems did occur.
C. Outsourcing Having the work done by an outside service provider or manufacturer usually to cut costs or realize greater efficiencies.
1. Costs For this section examples would include upfront and monthly/annual costs to be paid to vendors, the cost of making existing systems and/or processes compatible with the service provider’s solution, and the cost of the company’s implementation time.
2. ROI To evaluate the ROI for this alternative, costs and benefits of the other alternatives must be examined and compared with Outsourcing costs and benefits.
3. Risk The potential weaknesses of the service provider/vendor’s solution and additional costs that may be incurred because of those weaknesses are examined in this section.
D. Build Developing the product or service in-house.
1. Costs The costs in developing include the organization’s time to evaluate, design, build, and operate the product or service.
2. ROI The ROI result weighs the cost of using in-house resources to build and maintain the product/service plus the initial capital cost against the savings realized from the other alternatives.
3. Risks This includes the quantifiable likelihood of loss, the possibility that the project will go unfinished or take extra time because of unforeseen or competing priorities.
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
2020
20
E. Buy To purchase outright and have the company manage the product or service on their own.
1. Cost The charges in buying a product/service, such as upfront monthly/ annual costs paid to the vendor, the cost of implementation time, and other costs.
2. ROI The ROI is the cost of buying weighed against the relative savings from other alternatives.
3. Risks Risks may include the possible losses that may be incurred from the purchased product or service and unforeseen maintenance and upgrade costs.
IV. Business Values for the Alternatives A. ROI 1. Tangible returns These are the measurable or quantifiable benefits from each alternative.
2. Incremental revenue The additional revenue or income that may be earned from each alternative is discussed in this section.
3. Return on Capital The income that may be earned or savings that may be realized from the investment (in this case the proposed product or service).
4. Cost of Capital The cost of the funds used to finance the company’s investment (such as interest). The goal is to invest in assets that offer a higher return than the cost that may be incurred to finance those assets.
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
2121
21
B. Customer Satisfaction Measure of how the company is able to meet or exceed customer’s and/or stakeholders needs and expectations.
C. Resources and Roles Defines the in-house and/or outsourced resources needed for each alternative.
D. Timetable/Time-to-market Based on each alternative, the time line to launch the product or service is planned.
V. Recommendation
A. ROI This section includes the •
Costs and savings in terms of tangible returns
•
Incremental revenue
•
Return on Capital
•
Short-term costs
•
Long-term costs
B. Customer Satisfaction Criteria to determine customer satisfaction may speak to the needs of the company’s internal stakeholders as well as external customers. However, the criteria may be unique to each business case.
C. Resources and Roles This section designates the in-house and the outsourced resources needed for each alternative, if applicable.
D. Timetable/Time-to-market Based on each alternative, the time line to launch the product or service is outlined.
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
2222
22
About ZDNet Make the Case Series The Make the Case Series is a collection of business case tools that covers a broad range of enterprise IT technologies and topics. Many of these tools are developed in a vendor-neutral fashion. However, for sponsored business cases, IT vendors have the opportunity to present the benefits and advantages of their technology solutions in a specific IT category. For more information about ZDNet’s Make the Case Series, email us at
[email protected].
Copyright (c) 1995-2004 CNET Networks, Inc. All rights reserved.
2323
23