- Campuses :
- Twin Cities
- Crookston
- Duluth
- Morris
- Rochester
- Other Locations
OIT licenses software to detect and quarantine viruses that arrive as attachments as the last line of defense to a multi-layered approach to eradicating viruses and worms that try to enter the campus through the central e-mail systems. OIT has also licensed Norton Anti-Virus for all staff and faculty members to systematically scan their desktop computers for viruses. Additionally, OIT has recently announced a new operating system patch management service that will help students, faculty, and staff avoid the risks of obtaining damaging viruses and trojans by localizing the service (for faster response times and greater availability). This fall, OIT will introduce a new service in the residence halls that will ensure that a student's computer is at the current patch level before they are allowed to connect to the residence hall data network.
Assumptions
The following assumptions are based on institutional metrics and reports which are then used to drive the ROI metric below.
A "nuisance" virus (i.e. Sasser) may cause 2-10 hrs of lost/unproductive time.
A "destructive" virus (i.e the Welchia or Blaster worm) may cause 6-26 hrs of lost/unproductive time per user.
Users need their computer to perform their work and have limited support.
OIT will block well over 1.15M viruses at the e-mail border in FY04 (1st year of service).
Current trends indicate that the number of blocked viruses will increase 300K per yr through the 3rd year of service.
The average employee salary and fringe rate at the University is roughly $27/hr.
Costs
Licensed software, server equipment, and technologist labor accounts for the costs of implementation and continuing maintenance for this service. These costs are summarized in the "ROI Index" section below.
Impact / Savings / Institutional Value
The University of Minnesota's virus detection and OS patch management strategies and technologies are saving the institution both time and energy—which can be quantified in terms of worker productivity costs to the Institution. An illustration of this value can be seen in the two scenarios listed in this section.
If 1% of the nuisance viruses that were blocked at the central e-mail border had successfully infected University computers and could be remedied in the minimum time (above)—without additional technical support—OIT saved the institution 23K productivity hours or:
Roughly 11 FTE in human resource productivity
Roughly $621K per yr in productivity savings
On the other hand, if 1% of these blocked viruses were in the destructive category and reached their intended destination, caused destructive harm, and could be remedied in the minimum time (above) without additional support or technical services, OIT saved the institution 69K productivity hours or:
Roughly 33 FTE in human resource efficiency
Roughly $1.86M per yr in productivity savings
ROI Index
The following matrix reflects the running total of annual savings and corresponding annual costs to derive the ROI Index.
|
1-Year |
3-Year |
5-Year |
|
|
Savings |
$621K |
$2.4M |
$4.4M |
|
Costs |
$176K |
$500K |
$808K |
|
ROI Index |
3.53 |
4.88* |
5.44* |
* No increase or decrease in Virus activity has been projected beyond the 3rd year.
Probing Questions
Is the user community fully optimizing the services listed above?
How much productivity and savings are created through the use of Norton Antivirus?
How many viruses are stopped by OIT's SPAM strategies and technologies? Are the potential risks greater than what is stated above?
What is an appropriate level of risk for an Institution such as the University of Minnesota?
Is there a tolerable point to which the potential cost of lost productivity and Institutional liability force the University to insist that virus protection and patch management are required operational policy?
As the prevention systems become "smarter" and more sophisticated, how will this affect ROI?