So far, I only have covered the technical aspect of such a project, neglecting the financial aspect for text clarity. But by now the reader should already have a good idea of where the costs are going to come from: software licenses. Indeed, you will have to account one software license per workstation on the network for each software that you want to deploy. Which is why it is important to reduce cost by checking which software can be reused (antivirus, for example) and by simplifying deployment procedures. The same is true for Security Expression, since its license is based on the number of machines of your network. For bigger networks, a corporate license is usually available and can offer a good licensing alternative.
The other cost-factor is workforce. Everybody knows it; qualified technical workforce is rare and expensive. This is why it is important to have an efficient deployment scheme to simplify the task and reduce the number of staff needed. We can easily count between 1 hour and 1 hour 1/2 per machine for a technician sitting at a machine and implementing mechanically all the things covered in this document, on top of the time necessary for the initial analysis phases of the project (identification of standard software, definition of configuration, tests, etc.). It is a complex and repetitive task that is error-prone and where mistakes can leave a big hole open in your network that you worked so hard to secure. By automating the task as we have seen in the preceding chapter, the same analysis phase is still necessary, but the deployment time can be drastically reduced to approximately 5-15 minutes per PC for the same amount of work, depending on various technical factors like processor time and network speed. Nonetheless, the savings in time and workforce is enormous, given the level of security obtained by these measures.
7. Deployment
9. Integrated commercial solutions vs. independent products