System-wide monitoring cost of ownership: Cheaper by the dozen

How much have you and are you spending on server-based, multiple-vendor, a la carte monitoring systems to monitor, alarm, log and report critical room conditions throughout your enterprise?

Probably a lot more than you might imagine once the total cost of ownership tally includes hard dollars in addition to intangible, ancillary and contingent costs.

Dollars are being consumed by a platform that is unwieldy and potentially exposing operations to the continuing security risks inherent in the Internet of Things.

If you build it, you will spend

First, onsite servers to monitor and log temperature, humidity, differential air pressure and other conditions monitoring, require a large capital outlay for primary hardware as well as backup and redundancy systems. Ongoing costs include repair, replacement, maintenance and upgrades over time.

Server-based systems also require a physical footprint.

Expenses include all costs associated with build-out and construction as well as energy and physical maintenance. (Ironically, there are usually monitoring costs incurred to protect the sensitive hardware that is processing the other monitoring data.)

Before totaling the tally, don’t forget staffing costs. Local IT systems require the watchful eye of a skilled (translate: expensive) staff to maintain, update and scale, all at significant expense to the enterprise's bottom line.

How much money would be saved simply by nixing the dollars expended on the platform physical plant and employees/contractors who make sure it’s running?

Then there’s the security issue, ironically, brought about by the IoT and the system itself.

Toto, I’ve a feeling we’re not in Kansas anymore

In 2009, the first internet search engine designed to look for internet-connected Internet of Things (IoT) devices (such as the smart meters monitoring rooms, hallways and physical plant equipment) was launched to catalog the number of smart devices on the internet.

In 2015, the University of Michigan created another web-crawler called Censys to index and tag IoT smart devices, including those used in building automation/control (BAS) platforms.

Data pools from both crawlers are readily available, easy to use and utilized by security researchers and hackers alike.

There is now a trove of information available to legitimate interests and those of a more nefarious nature that includes system version, host ID/license, host name and even the name of the building where the device resides. Once a device is located, existing software applications now make compromising the device a relatively easy task.

Ransomware and other malware attacks have been targeting healthcare facilities for years, and the costs can be staggering.

In 2015, one hacking exploit alone named “CryptoWall” cost victims $18 million in productivity loss, legal fees, IT services, network mitigation and countermeasures as well as the purchase of credit monitoring services for employees or customers, according to the FBI Internet Crime Complaint Center.

By October 2016, some 14 hospitals had been hacked coast-to-coast, and an attack on Hollywood Presbyterian Medical Center in Los Angeles subjected the company to $3.4 million in ransom and reduced patient in-processing and communication to stone-age technology.  

The threat has not diminished. Ransomware attacks continue to target healthcare enterprises, prompting Raymond Pompon, a principal threat researcher with F5 Labs to opine in April 2017 that “[R]ansomware ha[s]proven itself as an existential threat to medical service delivery in modern hospitals.”

Significant sums are being spent protecting against the ongoing IoT security hack, and exponentially more is at risk for victims.

There is an alternative, however, to DIY data centers and the measures required to secure them.

Cloud-based services, such as Sonicu’s SoniCloud for example, require no additional hardware, software or physical space; no IT resources; and are always updated to the latest version with no added expense or downtime.

What’s more, those hosted on Amazon Web Services AWS US East-West, are FedRAMP Compliant, providing unsurpassed system security.

According to the AWS website: The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring for cloud products and services. 

Government agencies using AWS cloud services include the FDA, CDC, NASA and US Department of State, and commercial enterprises like Netflix, Spotify and Instagram are just drops in the bucket of digital companies using the AWS cloud platform.

Not only does the AWS cloud provide continually enhanced security in a dangerous digital landscape, it also provides continually enhanced performance – at no additional cost.

Software and firmware updates are generally included with cloud-based subscription agreements, and all platform maintenance is performed within the agreement as well, eliminating the need for IT departments or third-party contractors for system maintenance.

“Beware of little expenses. A small leak will sink a great ship.”

Thinker, statesman and putterer-extraordinaire Benjamin Franklin came up with that one long ago.

We’ve considered some of the greater expenditures and risks required by onsite enterprise monitoring platforms. What about all those small items that ultimately add up?

Check back soon.

By the way, anyone know if Acme’s meter will work with Ace’s software/reporting platform when we expand?

Could be a problem.