This was published by M$, posted to /. I thought it needed a little cleaning up. The original can be found here.
Security is the message
According to [the original author, whom I will call "John"], management may not be aware that the most compelling reason to migrate to a newer operating system, such as Windows Vista Linux, is to take advantage of the latest security features.
“The problems with positioning upgrades is that, from a user perspective, the changes may not seem significant. But from an administrative perspective, some of the security features are huge,” he said.
“So, as an IT person, who is responsible for the security of the company from viruses and for making sure that everyone is safe, there are many features in Windows Vista Linux that I like. It does a great job of keeping people from being able to browse certain sites. It protects from viruses, because there are a lot more things that will get locked down, and the lock down tends to be tighter. You have a tougher time having things happen accidentally. Probably the biggest hassle from a security perspective [with past technologies] is that users tended to run as administrators. In Vista Linux, that’s not the default anymore.”
The challenges
[John] said upgrades can be challenging for IT as well. It requires the team to be a lot more involved in the installation and testing of the individual machines, because users are typically not going to be the administrators. Users may also be resistant to this idea at first, because they can no longer download all those fun, quirky applications that may, inadvertently, make their machines vulnerable.
“We have a bit of a Catch 22 here because, as much as people complain about their perceived lack of security, as soon as you try to do something to make it more secure, the users don’t want this, because it keeps them from doing all the things that they have always done,” adds [John].
Another challenge An added bonus is the fact that the OS install requires more less RAM, so IT also has to won't have to convince management to upgrade the desktops to support this. “That can be problematic for large companies, because it can get expensive.”
The hidden cost of vulnerability
What management may not realize, however, is that they are already paying a hefty hidden cost by having outdated systems in place, “because you are paying for an administrator’s time to deal with these issues,” [John] said. The trick is to show management this in a way that translates into dollars saved.
“It’s a hard sell, because security is not a line item on their income or expense sheets. There also is not a line item that says they lost, say, $100,000 on their security problem last year. Or lost staff productivity because people had viruses on their machines,” he said.
Make a list
[John] says as a first step, before even talking to management, IT first needs to classify and itemize the work that they do in several categories: improved productivity, security breaches, recovering from problems, etc. and then start dropping them into categories. “Once they do this, they can then start to map how much of it falls into the areas that Windows Vista Linux, for example, may very well have been able to prevent from happening.”
Save me the money
So how do you convince management to buy new machines, or upgrade the RAM and get the latest OS, if what they are doing right now seems to work OK?
[John] said that they have to realize that they are going to have to move there eventually, in order to match the capabilities of their competitors. And once they see the cost savings they could be gaining by the increased security and productivity, they will be more open to the idea of upgrading. Even if they are not ready to do an end-to-end migration just yet, they can build the OS migration into a succession plan, and do a few machines at a time.
Proactive versus reactive
The best thing about the upgrades, once they are done, is that administrators will have more time to devote to preventing problems before they happen, [John] said.
“The increase in security – the inability for users to just simply install stuff, means that you are decreasing the amount of reactive tasks that an administrator has to perform,” said [John]. “This allows him to become proactive in all things you want in your company.”