Information technology has a unique relationship with ROI. Most departments seek to justify their investments with hard figures that show increased profits. IT seeks to justify its existence with touchy-feely measurements of productivity gains and customer or user satisfaction.
The problem with the latter is that there's no frame of reference against which one can hold IT responsible. How do you really know if you experienced any productivity gains by giving your users Microsoft Corp. Word to create documents instead of making them use the free copy of WordPad that comes with Windows? And how do you measure those gains against your investment in time and money to support Word?
As for the "satisfied user," one can only hope that the average CFO will eventually wise up to this scam. Your CFO should ask one question before approving any IT budget during this sluggish economy: Will our employees be happier if 75 percent of them get the latest version of Outlook and the other 25 percent get a pink slip? Or will they be happier if we ditch Outlook and keep more people?
Regardless of how you might answer those questions, I believe we'd be better off if we focused more on the investment and less on the return. The following are three recommendations for investing:
1. Invest in the three-copy rule.
2. Invest in a security guru.
3. Invest in a hype filter.
Anything that a user saves to disk should be stored in precisely three locations: on a server, on that server's backup media and on a backup of the data that you store off-site. The only other place the data belongs is on more servers (such as a cluster), for high-availability needs.
If you don't think you can make the three-copy rule work, then you're not thinking hard enough. One thing you need to do is stop investing in the security of individual client machines and invest in the technologies that provide your employees with secure remote access to the company data from any client.
If you have 1,000 users running Outlook and a Trojan, virus or worm slips past your mail server, that means you have 1,000 machines at risk and up to 1,000 machines to patch or recover. If you provide those 1,000 users with a secure way to manage their schedules and e-mail via a Web interface to a server-side program, you have effectively reduced the number of machines you manage to a handful of servers.
The only other thing you need to worry about is how to wrap your other data, such as documents, spreadsheets and presentations, in least-common-denominator formats and protocols that any popular program can read. Aside from spreadsheets, almost everything else you do can be reduced to plain text and HTML.
Here is where you need to be brutally honest with yourself and your users. Most companies have a handful of people who really need the power of desktop publishing features. The rest can get by with automatic text wrap, cut and paste, and spell check as they type. They can save their work in plain text. If your users absolutely must have some cosmetic control, then HTML provides more than most people will ever use.
The best way to measure the ROI of a security guru is to not hire one. Then calculate the cost of recovery when your company gets hacked and compare that to what it would have cost to hire the guru.
I wish I could take credit for my final suggestion, but I got the hype-filter idea from my good friend Michael McCarthy. You can make this investment for as little as a part-time salary and the price of a pair of scissors. Hire a computer science student to spend a few hours per week intercepting technology publications before they get to anyone in management. His job as your company's hype filter is to cut out any advertisements and articles that hype the Next Big Thing and shred them, burn them and then stomp on them before they can infect the minds of the innocent.