The purpose of this article is to examine the long term effects of the Unix vs. Microsoft Windows decision with respect to the business needs of a hypothetical medium size Audit and related services firm - the same one featured in my earlier article about the Happy Valley Tax Authority.
Like virtually all of its competitors the firm has a very complex IT architecture built around the people and management methods that go with:
Development of this overall structure has generally been a reactive, ad-hoc, kind of process. Certainly no one at the firm sat down a few years ago and consciously planned an explosion in server populations, telecom services bills, laptop thefts, IT staffing, drive by hackings, Enterprise Licensing 6.0, or the effect the demand for wireless access would have on switching based PC networks.
The Unix decision will mean replacing almost all of this -including many of the people now working in systems support- with open source ideas and the people and gear that go along with them.
Specifically a Unix decision made now would mean aiming at a spring 2005 architecture in which:
Some of these terms will be new to most people. First, what's a playphone? Well, it's my name for the kind of converged game boy, cell phone, and PDA we're just starting to see now.
|
|
For example this one is made by Motorola, runs Linux, and is described as:
The A760 handset (pictured), Motorola's initial Linux/Java handset offering, combines the functions of a mobile phone, PDA, digital camera, video player, MP3 player, speakerphone, messaging, Internet access, and Bluetooth wireless technology. Motorola says they will initially launch the A760 in Asia in 2003. Its embedded Linux OS was supplied by MontaVista Software.(Text and image from: Linuxdevices.com )
This thing runs Linux - and that opens up a range of possibilities for things you can do with it that start with using it as part of an identification system and go all the way to having it run your personal web server.
For senior people that means a single device that extends the office network to wherever they are - providing all the messaging and information management capability they need to be effective outside the office.
|
Smart displays provide powerful graphics environments fronting server based processes. As a result they're so quiet and reliable that they blend into the background as things to be used instead of imposing themselves on the user as things to be managed, placated, or learned.
Third, what's an audit appliance?
It's a combination of several things that cover the connectivity, authorization, data retrieval, and security needs of an Audit or other services team working out of a client's offices.
These don't exist, yet. Right now you start a SunRay session with a java card that uniquely identifies itself to the system. Imagine, however, that this function is replaced with a proximity sensor that works with the playphone. Give that phone a higher speed IPsec -encrypted- TCP/IP channel back to the server and a processor that can handle the load - that Motorola A760 points the way to those, it's really a Linux based java execution machine now.
|
Bill Vass, Sun's CIO, recently did a presentation about running Sun on Sun. He's got 25,000 SunRays installed
worldwide and averages one administrator for every 1000 user desktops.
Those desktops run against servers managed by other people, but it's an order of magnitude better than the most optimistic claims offered by the Microsoft Windows community. |
Add a local network connector that can auto-negotiate an interface to the customer's network without inadvertently creating another route from that network to the internet via the workgroup's link back to the firm's offices. In the longer run Sun's jini technology looks pretty good for this although some fairly low end gear from Avaya can already do almost everything needed.
Add server based software incorporating the know-how to interrogate the databases used in client applications. Back it with serious analytical software, and the combination gives you an audit appliance -a secured workgroup in a box that auto-deploys when unpacked on site. From a hardware perspective think of it as extending the playphone to groupware using the big screen and keyboard of the smart display. From the software perspective think of it as a connector between the client's applications and the firm's accumulated knowledge of the processes and data structures embedded in those applications.
The Unix architecture has a very different direct cost structure offering both operational and capital cost savings relative to the existing Microsoft architecture. Make the usual assumptions about transitions and the cost of retaining Microsoft concurrency, and you get a gross cost comparison between the two environments that looks like this:
| For the Microsoft PC Architecture | |||||
|---|---|---|---|---|---|
| Cost Source | Type | Current Configuration | Latest Unit Cost | Units | Total Five Year Cost1 |
| Server Racks (Revenue System) | Racks of 4 IBM X345 with shared RAID Array and UPS | 2GB, 8 x 36GB, Dual 2.4GHZ Xeons | $54,893 | 2 | $241,531 |
| Server Racks (Office Support) | Racks of 4 IBM X345 with shared RAID Array and UPS | 2GB, 8 x 36GB, Dual 2.4GHZ Xeons | $54,893 | 10 | $1,207,654 |
| Desktops | IBM M-Series | 256MB, 17", 2.8GHZ P4, ikey 1000 | $2,738 | 450 | $1,971,338 |
| Laptops | IBM T-Series Thinkpads | 256MB, 14.1", ikey 1000 | $3,372; | 600 | $3,237,101 |
| Networking | Switched Cisco GRE with IPsec type VPN and Aironet 350s | Airnet with 10 cards =$1739 C3548 (switch) = $3,620 C1721 (router) = $1,875 |
About $24,000 per site | 10 | $240,000 |
| Handhelds | iPaq with memory card | $351.83 | 800 | $281,464 | |
| Messaging | Nokia 7210 | Included with monthly $39.95 | 800 | $1,917,600 | |
| Messaging | Blackberry (957) | $549; $39.95/mth | 150 | $441,900 | |
| Business Systems Staff | Middle and Senior Wintel skillsets | Centralized; Multiple Applications with Wintel Clients | $52,000/yr | 15 | $3,900,000 |
| PC Support Staff | Junior Wintel skill sets | Distributed to offices | $46,500/yr | 30 | $6,975,000 |
| Five Year total cost | $20,413,588 | ||||
| For the Unix Architecture | |||||
| Cost Source | Type | Current Configuration | Latest Unit Cost | Units | Total Five Year Cost |
| Revenue Management | Sun 6800, 16 x 1.2GHZ CPUs, 32GB RAM, 4 x 876GB storage | To run Peoplesoft/Sybase | $773,300 | 1 | $1,237,280 |
| Office Support | Sun 1280, 12 x 900Mhz CPUs, 32GB RAM, 2 x 876GB storage | Madhatter desktops, full open source suite | $224,590 | 10 | $3,593,440 |
| Desktops | 19" Wanray | (Estimated) | $890 | 1000 | $890,000 |
| Playphones | Motorola ? | (Estimated) | $369 +$39.95/mth | 1000 | $3,135,000 |
| Networking | Avaya S8300 (Linux) with P330/G600 | Includes telecom handsets, PBX, VOIP, TCP/IP routing, VPN | Averages $840/usr | 1000 | $840,000 |
| Systems Staff | Unix and operational skillsets | Fully Centralized | $72,000 | 8 | $2,880,000 |
| Five Year total cost | $12,575,720 | ||||
1Notes:
| |||||
Because these estimates are quite optimistic about the cost of the Windows architecture and considerably more inclusive on the Unix side, the difference, about 7.8 million or 38% of the total, may be taken as minimal.
It's nice to save money, but bear in mind that cheaper isn't better unless it's also smarter for the business. After all, as HP seems intent on demonstrating, you can cost cut your way into bankruptcy while reporting increasing quarterly profits.
Operationally, the Unix architecture is more inclusive, reliable, ansd secure. For example:
These things have significant and immediate implications for the daily cost of systems use but the really big numbers are likely to be in the effect use of the system has on how work is perceived and done. Although that's unpredictable at the detail level, we can probably draw some sensible generalizations from an analysis of how PC use affected the industry in the past.
|
A parallel change took place in the firm's fundamental product.
Previously, the firm offered expertise and used time spent as part of a proxy for its value. After the change, audit firms including this one generally sold time. This too reflected the dominance of process over outcome and contributed to the same changes in the organization - causing the firms involved to increase the proportion of junior staff and changing the partner's role from that of a professional decision maker to that of the sales manager. If the industry pendulum swings back to a focus on the numbers and thus becomes outcomes driven, expect this to change and competitive advantage to again flow from expertise - not billable time. |
For example Systrust and Webtrust are licensed AICPA/CICA attestation products that qualified personnel can deliver via Systrust or Webtrust engagements. These follow a very tight script setting out the conditions for attestation and are process driven both in terms of how they're done and in terms of what is attested to. As such they illustrate the basic premise behind the valuation of process over outcome in audit engagements of all kinds. Specifically:
A SysTrust engagement is based on the premise that system controls that are operating effectively enable a system to perform reliably.From: AICPA/CICA Systrust: Principles and Criteria for System Reliability, V2. Page 9.
This seems logical, but there are hidden assumptions that mean it usually it doesn't go far enough. In the particular case of the Systrust/Webtrust pair the fundamental problem is that the controls assume that all major market commercial computer systems have roughly comparable operating characteristics - something we know isn't true.
As a result Microsoft was able to become one of the first companies to support SysTrust and you can now get both Webtrust and Systrust attestations for systems running Windows 2000 Server with SQL-Server in an e commerce environment. The parallel I see to Enron's CFO accepting the 1999 national award for Excellence and Innovation in financial management from CFO Magazine may be unfortunate, but it's closely associated with what I think will happen to these two types of engagement: they'll change to focus on outcomes or fade into history.
I think that the lesson from Enron, Tyco, Worldcom, and too many others is that this has to happen to other forms of attestation engagement too. Either the audit firms go back to focusing on the numbers, or investors and bankers will devalue their signoffs to the point of irrelevance.
If I'm right, it means that firms which go back to the future to provide judgment, rather than criterion, based attestations will gain significant competitive advantage over those that don't.
For the last twelve to fifteen years the Microsoft PC has defined the tools and thinking used to drive the focus on process based audit in the industry. In the late eighties people tried to build custom competitive advantage software for this, but all of these projects more or less obviously failed and by the mid nineties nearly everyone in the business was extending functionality within Microsoft Office (or Lotus Notes) to create something I think of as jobware - software designed to ensure that all of the people involved in standard assignments follow identical steps to dot the same i's and cross the same t's.
Marshall McLuhan (Scot McNealy's only serious competitor as king of the pithy quotables) said that the medium is the massage; in this case working within the limitations of the PC gradually changed the way the work being done was perceived and packaged. This, of course, is the tool wagging the business dog but it's a natural consequence of working with monopoly software where you have no choice but to learn and adopt its way of doing things. Unfortunately there's a side effect that tends to become the main event: over time your commitment to the tool starts to dictate not just your actions, but your perceptions of the work to be done. The result is a kind of technology specific Stockholm syndrome where the one right way becomes so deeply embedded that other toolsets, implying other right ways, are deliberately shunted aside.
It's one thing to see nails because you have a hammer, but it's quite something else to find yourself becoming a carpenter when you thought you were going to be a CPA. That, however, is what I believe happened to this industry, and this firm. In the eighties the firm's partner to employee ratio ran about 10:1, now it's closer to 40:1 - and most juniors never become seasoned judgment decision makers. They become sales people, or they move out - leaving the firm, and the profession, much the poorer for it.
That's where the great potential lies for open systems in this industry. In the Unix and open source world there are choices. That's the most fundamental thing about it. Because you have choices, you can adapt systems to the business vision, instead of blindly following where Microsoft, and your competitors, lead.
For example, with Linux you don't need to coerce the Openoffice.org word processor or spreadsheet into functioning as an application front end. Not only isn't that what they're for, but there are better choices. In all likelihood, for example, the firm would convert all of those things to web based services as part of the transition. That saves money on maintenance, but also makes them more secure, more accessible, more consistent, and independent of changes to the underlying OS or the OpenOffice.org suite.
Of course there are costs to this kind of transition too. Disentangling those applications and rethinking work processes will cost time and money. As the firm transitions to open source it will lose people - some people are just so committed to Microsoft they'll quit or force the firm to fire them rather than change. There'll be other problems too, but overall the costs will be minor relative to the benefits.
Those benefits start with some cash savings, and some big problems that just go away, but the most important issues are far more subtle than that.
On the cash side the actual savings depend a lot on staff skills and behaviors. Put people without Unix skills in charge and you won't save a nickel; put the best available people in place and let them do their jobs without excessive second guessing at the top management level and you'll get better systems at about half the cost.
With the right people much of the security problem simply goes away. Playphones can use encrypted channels; a Unix design network running smart displays doesn't need all those high risk switches and is inherently the state of the art for security. There are no information integrity issues if someone steals a playphone, a SunRay, or even an audit appliance -the session, and the data, is on the server, not the display. People can steal the hardware, but not the client information.
With this kind of system you can use that audit appliance to suck down customer data for analysis and be reasonably sure that it would take intentional malfeasance to put those numbers on the front page of the Wall Street Journal - and that's a pretty big win for a simple technology change.
From a TCO - total cost of ownership- perspective we can probably tie cost numbers to that by looking at time and insurance costs involved in remediation and palliation. The big numbers, however, are in things we can't currently quantify. If open source enables a back to the future move that lets the firm re-invent judgment based decision making for attestation -and thereby bring it back for the full range of other business services for which the traditional audit is a loss leader - the result would confer industry wide competitive advantage.
This kind of thing is unquantifiable, but it's the killer issue. The real long term benefit open source offers the partners and employees of this firm has a little bit to do with cash; quite a lot to do with security; and most fundamentally means making work fun again by revaluing the human part of the organizational equation.