In our September DARTS we asked SURF members, “What is the maximum breakeven payback period before you would consider a migration project?” They responded:

Six (6) months or less: 3%
Greater than six (6) months to one (1) year: 31%
Greater than one (1) year to two (2) years: 42%
Greater than two (2) years to three (3) years: 19%
Greater than three (3) years: 6%

If you were among those who submitted questions last month make sure to stop by and get your answers! If you have questions, monthly DARTS can provide the answers.

Security Through Obscurity

It goes without saying that security is very bad on some of the most popular platforms. A while back a leading CIO said that the biggest National Security risk to the United States is Microsoft. Just this August, the Computer & Communications Industry Association (CCIA) urged the Department of Homeland Security to reconsider its decision to use Microsoft software on its desktop and server systems.

On September 24, 2003, a panel of leading security experts blasted Microsoft for vulnerabilities in its software, and warned that reliance on this software is a danger to both enterprises and national security. In this case Microsoft’s market dominance is a weakness because of the number of people who know the platform and can hack into it. Also the target base is much larger.

Many years ago we came up with levels of high availability and put products into these levels. Looking at products through a security lens, we can also categorize them and their potential security liabilities according to their market position.

Task Non-Critical Application and Non-Sensitive Data: A disruption caused by denial of service or data corruption will not adversely affect the business. Any product could be used in this category including Microsoft OS and DB, Linux, Oracle, Intel, and Sun.

Task Critical Application and Moderately Sensitive Data: Any disruption of service or data corruption will have only a minor effect on the overall business although it could affect a particular organization or group within the company. Here you might want to exclude Microsoft platforms and databases as well as LINUX and Oracle. Platforms to consider may include UNIX, such as HP, SUN and IBM. DB2 or Sybase may be good choices for a database.

Business-Critical Application and Sensitive Data: Any disruption of service or data theft could severely impact the business. A combination such as HP UNIX and Sybase would be a good choice here.

Mission-Critical Application and Very Sensitive Data: Any disruption of service and data theft will have an adverse effect on the business. Platforms such as IBM OS/390, OS/400, and HP NonStop provide good protection.

Safety-Critical Application and Confidential Data: Any disruption of service and data theft will affect the safety and well being of people (as in loss of life) and a nation. Here again, platforms such as IBM OS/390, OS/400, and HP NonStop may be the best choice.

It is ironic that migrating from a more secure platform to a more popular “cost-effective” platform could expose an organization to security problems that ruin their expected savings.