Insurance Companies: Open Source is Safer than Windows
Mark Edwards explains why he thinks hacker insurance premiums might be higher for Windows-based companies than for open-source-based companies.
May 28, 2001
A little more than a year ago, I wrote a column about a new service in the high-tech industry: hacker insurance. The column pointed out that by and large, crackers (often mistakenly referred to as hackers) control the premiums of such policies because crackers perpetrate the break-ins. I was only partially correct in those statements. As with other types of insurance, premiums for hacker insurance are based on risk factors, including the potential for attacks against your network. However, other factors also play a role in policy premiums—namely, the software you use and your staff's ability to manage that software.
I read an interesting article this week that talks about how one insurer, J.S. Wurzler Underwriting Managers, has begun charging clients between 5 and 15 percent extra if those clients use Windows NT with the Internet. The added charge stems from statistical analyses that Wurzler performed.
In the course of business, Wurzler has audited more than 400 networks. What the company found is interesting to say the least: Administrators who work with open source systems are better trained and stay with a given employer longer than Windows-related administrators. According to Wurzler, administrative turnover rates in companies that run Windows can reach 33 percent per year. As result, Wurzler considers open source-based networks safer than Windows networks (because of better administration).
How does Microsoft respond to these claims? According to the article, Microsoft spokesman Jim Desler said, "There's not enough history or business to draw conclusions about rate-setting practices." In addition, the article says Microsoft predicts that "as the market matures, rates are likely to be based on best practices, rather than on platforms or products."
Microsoft's statements seem to justify Wurzler's insurance rates. After all, who establishes best practices in regard to network administration? Individual companies do. And who performs those best practices? The companies' network administrators. But how will Windows administrators develop better practices if they constantly move from company to company? They won't. So Microsoft's comment seems circular to me; it points to the problem as if it's the solution.
The problem here is two-fold: companies that don't deliver best practices across their networks, and administrators who take class after class and continually change jobs to get better pay, benefits, and perks. It's a Catch-22. How can companies deliver best practices when the employees don't stay long enough to make the practices consistent and effective? Somewhere in the open-source realm resides an answer because apparently companies that use open-source platforms don't suffer these problems to the same degree that Windows-based companies do.
I have a friend whose situation is good justification for Wurzler's policy rates. My friend learned about computers in the military—on very dated technology. After leaving the military, he began earning his MCSE. Since then, I've watched him change jobs more often than I wash my car. He started at an entry-level job, where he made less than $40,000 a year. Now, 5 years later, this man carries the title of vice president at a medium-size company where he's in charge of solution development. His pay is more than $120,000 per year, plus benefits and perks. When I ask why he changes jobs so frequently, his answer is always the same: training and money. He gravitates to companies that will pay for his desired training and pay for the expertise he's gained in the training he's already received.
Even with all his training and experience, where does he go when he needs security advice? He comes to me because he isn't retaining enough knowledge to become a standalone worker (with regard to security). He relies on outsiders to fill in any gaps in his security knowledge. Could this knowledge gap have anything to do with frequent job changes? I think so.
Better pay, benefits, and perks do help retain workers, but not for long. Compensation in this industry is like a freeway: No matter how fast you drive, someone will pass you. And likewise, no matter how much a company offers someone, another company will offer more. Some companies have long used training as an employee-retention tactic. For example, when I worked at EDS, the company offered all kinds of training. However, if I took any of the training, I was bound contractually to work for EDS for a given time period. And if I chose to leave EDS before that time ended, I couldn't use the training at another firm for a specified length of time.
This tactic does, in fact, help companies retain employees. It also can help identify who intends to stay with your firm, by virtue of who accepts training contracts and who doesn't. I've yet to come across any tactic as effective in retaining personnel, other than offering relative creative freedom.
The jobs I've stayed with longest are the ones that allowed me considerable creative freedom, both with work and the time involved in that work. For me, these things are priceless, so the related pay becomes tertiary. I think many people have the same perspective, and perhaps this perspective points out how freedom can translate into employee loyalty and retention. This perspective might also help explain why open source is so successful in gaining its vast following: the associated creative freedom, which translates into loyalty. Perhaps the creative freedom of the open-source philosophy carries over directly into the workplace and is revealed partially in Wurzler's audit findings.
How do Wurzler's findings compare to what you've observed in your own company? How does your company entice its employees to stay? Click Comment on this article, and let me know your thoughts. I'd love to hear what you've learned about keeping good employees.
About the Author
You May Also Like