And today, with Microsofts much anticipated Windows Vista client OS nearing release, CIOs have an opportunity to take a step back and seriously consider each tool to determine its applicability and value in their particular business environment.
Stay the Course or Diversify?
After all, standardization has its benefits: It can reduce costs and allow for more repeatable processes, require a fewer number of tools, and be supported with more concentrated skills-sets.
On the other hand, standardization locks an organization into a single-vendor solution, which may somewhat limit the organizations ability to meet business needs. It may also put them at increased risk since a successful attack on one desktop is more likely to spread to similar desktops rather than to dissimilar systems, thereby causing more widespread damage in terms of downtime, information exposure, and more.
Heterogeneity also has it benefits and drawbacks. Just as no two platforms are alike, different operating systems are often better suited for specific business purposes.
Marketing departments, for example, may prefer the Macintosh OS while R&D departments might find a UNIX-based platform the most appropriate choice. Core business users, in contrast, may be relatively indifferent to various operating systems so long as they continue to have the tools needed to do their jobs.
Consequently, organizations that are able to more closely match their user base with the most appropriate desktop OS may benefit from productivity gains, enhanced business operations, and other improvements.
Security continues to be an often-debated topic when looking at the differences between heterogeneous and homogeneous environments.
Some providers struggle more than others to deliver an OS that includes fewer rather than more vulnerabilities and to make patches available in a timely manner. Often, the more widely deployed an operating system is, the more impact its vulnerability will have on an organization.
At the same time, moving to a more diversified desktop environment can also introduce challenges. Supporting a multiplatform desktop infrastructure can introduce complexity, burden administrators, and necessitate a much broader and more specialized set of skills for already under-funded and overworked IT departments.
New operating systems also present unique concerns. New features and changes in the code base of a new OS, together with greater scrutiny from security researchers and malicious code authors attempting to document its shortcomings, may result in attacks and threats that were previously unseen.
In such cases, it is often advisable to migrate little by little, starting with small, non-critical areas while performing security audits on a regular basis.
But security need not and should not be the primary issue upon which an organization bases its desktop OS decisions. Instead, CIOs must simply identify their needs: Does the organization need the capabilities of a new operating system? Does the company need to reduce its costs through more streamlined licensing agreements? What are the business requirements that might drive the organization to a specific solution or set of solutions?
Its all about aligning IT with the business.
To that end, one of the most effective mechanisms for ensuring this alignment is a technology investment board comprised of executive team members and the CIO. This board becomes part of the organizations IT governance model and portfolio management model.
It provides a forum for evaluating technologies together with business strategies and objectives to make the best investments for the enterprise. In essence, the technology investment board brings everybody onto the same page so that business decisions and IT decisions are not made in isolation, which, in turn, results in significantly improved alignment.
Switching, standardizing, or supplementing the desktop OS platform is a decision that impacts the organization both today and tomorrow. As such, it demands careful consideration of business requirements and financial models as well as implementation, security, long-term maintenance, and other responsibilities.
The key to making the best choice is to make sure all major IT initiatives are driven by true business needs.
David Thompson is CIO of IT security vendor Symantec. Prior to joining Symantec, Thompson was senior vice president and CIO for Oracle and oversaw the Global Information Technology group.