A Lesson on Cost for Telecommuters
Virtual Private Networks seem to be a viable solution for providing remote access at a fixed cost. But as one Midwest, Fortune-1000 research and development firm learned, costs that are easy to measure can be replaced by other expenses far less tangible but every bit as hard on a budget.
Financial audits at the company uncovered remote access charges were averaging $125,000 per month. These expenses were mostly generated by 150 employees in the company's home state. At a cost of about $833 per employee per month, the company's financial team was ready to cancel all remote access and order all telecommuters and "road warriors" to return to the office.
The primary problem the company faced was understanding the origin of the high connection charges. The initial assumptions were that employees were surfing the Internet through company networks for personal reasons and that employees were dialing into the network for the day and leaving the connection up, whether or not it was being used. A simple calculation dispelled both accusations. A fault in the 800 service contract was inflating costs by a factor of 2.25.
The Approach
An IT manager lacking the authority to renegotiate the telecommunications contract was ordered to reduce costs. First, he asked users to call the company's West Coast access server, which would be an interstate 800 call. But the West Coast only had a few lines, and the WAN link was not fast enough to provide a good response to the headquarters' systems. Then the IT manager requested a second hunt group for local direct dial. This was denied by the IS organization, which did not want to spend money on additional access servers.
Finally, the IT manager resorted to a "pick your own ISP" plan, using the company's public Internet connection as an access point for remote work. He purchased a simple radius server and a firewall with a proprietary Virtual Private Network (VPN) feature. Each product featured an unlimited user license at a one-time cost of a few thousand dollars, and minimal support.
Unexpected Results
The IT manager picked sympathetic volunteers to try out the VPN solution. One volunteer e-mailed praise about "free access" to higher managers. But this volunteer's claim was based on a distorted definition of the word "free." He was dialing into a $10 per month Tier 2 Internet Service Provider (ISP) over bonded modems on two residential-class lines from six to eight hours a day.
This usage can be detected and rejected by the telephone company and the ISP, neither of which has revenue models to support this behavior. When GartnerGroup interviewed this enthusiastic volunteer, researcher found that he had installed a firewall without supervision, and neither he nor the IT manager could tell if the VPN was operating or what encryption strength was active. Even worse, the volunteer was unaware that the VPN product would violate U.S. export laws on his upcoming trip to Europe.
GartnerGroup also learned that the user’s PC had been reloaded three times in the past month due to corruption caused by the VPN client, and that the VPN sessions dropped randomly and crashed common applications such as Lotus Notes and Microsoft Outlook. The VPN also forced the user to perform multiple logins. In total, installation and troubleshooting of recurring problems had consumed about eight hours of tech support time and 20 hours of the user's time.
Furthermore, the IT manager did not account for the additional IS staff effort for maintaining secure access to back-office systems; the pressure of increased capacity and cost of Internet WAN access; the short-term support for multiple protocols; and the increased expense reporting cost and complexity, including processing ISP bills submitted by individual users. Any service and support leverage the company might have held over user access providers was lost. Instead of one or two nationwide high-value contracts, the helpdesk had to deal with dozens of small ISPs.
Finally, there were penalties to pay on the multiyear telecommunications contract because it had a projected usage increase requirement.
Lessons Learned
The lesson to be learned from this failed implementation is that organizations should not rush to the Internet without fully investigating the cost impacts and business practice changes that will affect the entire enterprise. Prototypical access methods should be treated as experiments, not cures that can be immediately scaled to an entire enterprise.
The company's remote access costs could have been reduced by more than half, with minimal user impact, if the telecommunications and financial managers had renegotiated the 800 service contract. While VPN access over the Internet seemed free to management, it caused a new set of problems -- with new costs -- such as new software installs, new procedures and training, reduced response time, reduced service levels, ISP charges, and increased expense report processing. These new complexities essentially forced the problems back on the end user. Most IS organizations want to avoid upsetting end users, but this seems not to have been the case for this company. The network's value was not considered equal to the value of the employees' work.
John E. Girard is vice president and research director of GartnerGroup's Network Center. He specializes in business, management and technical issues in the deployment of distributed computing solutions. He leads GartnerGroup's Telecommuting and Remote Access (TARA) research service and is chairperson of GartnerGroup's annual Remote Access Conference. He can be reached at network@gartner.com, or on the Web at www.gartner.com/remote.Analyzing the Data
Remote Access Usage Calculations
A Fortune-1000 company based in the Midwest had interstate 800 phone service for 8 cents per minute. A bill of $125,000 per month, at 8 cents per minute, equates to 1.562 million minutes – more than 26,000 hours -- per month. At this rate -- which is higher than prevailing rates -- each of 150 remote access users would be online for 173 hours per month, an average of 43 hours per week. This usage level seemed unreasonable, especially since some of the users were part-time telecommuters and sales force employees connected only a few times a day. On closer examination, the cause of the problem was found to be a flaw in the telecommunications contract. The company did have an interstate 8-cents-per-minute 800 contract, but the rate was only valid outside the company's home state. Within the home state, all 800 traffic reverted to the local carrier at a rate of 18 cents per minute -- 2.25 times the expected rate. After compensating for the higher rate, the average online time estimate dropped to about 19 hours per week.
Telco and ISP Usage Restrictions
According to the laws in most countries, telephone lines in the home that are used primarily or exclusively for business purposes are required to be listed and billed as business lines. Auditors can discover unclaimed business lines by examining expense reports. Telephone companies can discover them through calling patterns and service calls to a user's home. Enforcement of these laws is not consistent at this time.
Flat-rate, dial-up ISP contracts are generally month-to-month agreements that can have their billing rates changed or can be terminated at any time by the ISP. End users that continually hold open consumer-grade dialup ISP flat-rate lines during business hours can be denied service. As more users work from home, ISPs will no longer be able to afford to dedicate consumer-access modems and Internet sessions to business users at rates of $10 to $20 per month. Alternate services based on xDSL and cable modems are beginning to appear with flat rates and unlimited connections, and some already have higher tier pricing for business-grade access.