Tuesday, November 22, 2005

SBS compromise response

This must be an on-going debate over the “SBS compromise” because I’ve heard it frequently… and perhaps there are a few other places where this hits closer to home than in the organization I work for… but not many. As a matter of function, I tend to have one foot in the enterprise, and one foot in the SMB market. So yes, I can appreciate first hand how SBS tends to end up being the punch line instead of the solution.

Among the enterprise circles of the IT community, I think Chad is correct. Assuming the enterprise admin you’re talking to even knows of SBS, they’re probably going to hate it. “A DC, Exchange, ISA, RRAS, IIS, Tape backup… etc… all on one box… [insert punch-line here]”… I know, I’ve heard it. Heck, when I was first introduced to the SBS platform, I had a similar position.

But now, a few years out, I have a whole new appreciation for SBS. Why? Because SBS is the right tool for the right job.

“What do you mean, right tool – look at the security issues!”

Yeah, I know… just look at them. You know what the small business owners I talk to think about “security”? They demand it… that is, they demand it until they start to get an understanding of the cost/benefit. When we start talking about dedicated purpose servers… servers, which I might add, that are going to run at about 1% utilization on a busy day. And then we talk about licensing. And then we talk about firmware maintenance… and then the patch management lifecycle on each of these boxes… you get the idea. That somewhat reasonable 10k-15k initial investment for a complete SBS-solution, all of a sudden turns into something literally impossible for your average SMB-sized customers. And if by some chance you were to get an SMB customer to buyoff on your “secure” dedicated server solution, how do you think they’re going to pay to maintain it? So when no one has patched those boxes in two years, how secure do you think they’re going to be?

For your average SMB customer, you need to understand what you’re trying to protect. For the most part, they’re not banks, or financial institutions… you’ll see some HIPAA compliance issues, and a few with some type of trade-secrets. But at the end of the day, you’re trying to come up with an acceptable cost/benefit for the customer. Understand the need for security, but appreciate the fact that if they need some type of IT infrastructure, an SBS solution beats paper, or a workgroup hands-down.

No comments: