Risk Exposure

Costs of Downtime

IT costs are only part of the picture. The ability to maintain high levels of availability and security also has major bottom-line implications.

It is a truism that downtime costs money. In world of globalization, Internet and mobile commerce, and social media interaction, 24/7 availability has become the norm for a growing number of systems.

The impact not only of unplanned (i.e., accidental) outages, but also of repeated planned outages for tasks such as software updates and scheduled maintenance may be substantial. Operations may be disrupted, orders and shipments delayed, and a wide range of other activities affected. Customers may be alienated and business lost.

Costs of downtime have been widely documented for core business as well as e-commerce systems. In some industries, they are clearly increasing. Among businesses that operate tightly integrated, lean supply chains, for example, there is growing evidence that disruptions at any point may cascade rapidly through the entire supply chain. The effects may continue to be felt long after service has been restored.

E-commerce companies have also learned that their customers expect 24/7 access, and that even short outages can impact sales and customer relationships. Users are only a few clicks away from competitors, and once they divert to these, they may not return.

Next-generation applications are proving to be equally if not more sensitive to uptime. For example:

  • Mobile users are more demanding than their desktop and laptop counterparts, and tend to lose interest if
    they cannot access information or services within three to five seconds. In mature economies, mobile users now account for a quarter to a third of e-commerce sales, and the proportion is typically higher in developing geographies. Everywhere, numbers are increasing.
  • Social media users expect the same level of access as through conventional Internet channels. The effects of downtime in lost business and dissatisfied customers are proving to be equally severe.
  • Cloud networks are subject to the same dynamics. Core business systems delivered through clouds remain as sensitive to availability as on-premises equivalents. Among companies that contributed to this report, clouds had been widely
    dopted to interact with customers, suppliers and business partners spread across multiple geographies and time zones.In other cases, clouds delivered key sales, customer relationship management, financial, human resources, collaboration and other applications. Among all users, interaction with and/or use of current data generated by core business systems was the norm. Not only unplanned, but also planned outages could disrupt service to key users.A further point should be noted.Quality of service delivered by cloud service providers as well as private clouds was affected by underlying platforms. Clouds based on Windows and x86 Linux systems are subject to the same availability limitations as in non-cloud environments.
  • Analytics increasingly require continuous uptime. As decision-making cycles accelerate, delays in obtaining and acting upon information may have a wide range of negative impacts. In state-of-the-art supply chains, for example, decisions about ordering, stocking and deliveries may now be made in realtime.If key systems are down, users will at best be working with stale data.Time sensitivity increases as companies move to solutions that embed analytics into transactional systems, enabling delivery of information and decision-making in real time. Most major ERP, CRM and supply chain management (SCM) vendors – including leading suppliers of IBM i-based systems – have
    adopted this approach, which is rapidly gaining traction among best practice users.


Where next-generation applications depend upon data supplied by, or interoperability with core business systems, the bottom-line impact of outages affecting these is magnified.

There are marked differences between platforms in this area. The availability strengths of IBM i and Power Systems have been widely demonstrated. Industry surveys, as well as user experiences, have consistently shown higher levels of uptime than for any other platform employed by midsize businesses.

Planned outages are shorter and less frequent, and unplanned outages less common. These differences are reflected in significantly lower costs of downtime; i.e., bottom-line business costs due to outages.

In the same companies that form the basis of IT cost calculations, costs of downtime averaged 72 percent less than for use of Windows and SQL Server, and 79 percent less than for use of x86 Linux servers with Oracle.

Figure 3 illustrates these disparities.

Calculations for all companies include costs of supply chain disruption caused by core business system outages. Costs for manufacturers and distributors also include related costs such as late delivery and imperfect order fees. Retail company costs also include costs of lost sales and in-store disruption.

Figure 3: Three-year Costs of Downtime – Averages for All Installations

Allowance is also made for costs of downtime affecting next-generation analytics, mobile, cloud, social media and collaborative (e.g., IBM Connections) applications that draw data from and/or interface to core systems.

The impact of core system outages on next-generation applications was striking. The ability to process customer transactions was interrupted. Queries went unanswered because current information was not available.

Salespeople were unable to quote inventory availability and delivery schedules. Service departments were unable to resolve problems. Processes supported by cloud applications were disrupted.

Comparisons allow for use of Microsoft AlwaysOn, a new SQL Server 2014 high availability (HA) feature built upon Windows Server Failover Clustering (WSFC); a comparable Linux-based solution; and the IBM equivalent, Independent Auxiliary Storage Pools (IASPs). The basis of these calculations is again described in the Detailed Data section of this report.

Security and Malware Protection

Hacking and infection by malware (malicious code) remain ubiquitous threats for organizations of all sizes. Most midsize businesses experience both on a regular basis. Many intrusions are not detected for long periods, or not detected at all.

There are, again, bottom-line impacts. Businesses that experience customer data breaches may incur fines and other penalties, along with costs of remedial actions such as notifications, credit monitoring subscriptions, query handling and technical fixes. Risks of customer loss and reputational damage may be even more significant.

As incidents such as the recent data breach affecting U.S. retailer Target have demonstrated, prevention of data loss is moving to the forefront of IT strategy. Even if customer data is not compromised, other types of sensitive information may be stolen, and malicious damage to systems and software may occur.

In these areas, differences between IBM i and competitive platforms are not merely significant – they are dramatic. IBM i security incidents are rare, and malware infection is virtually unknown. These strengths reflect the system’s object-based architecture. Objects are encapsulated in a manner that places strict controls on data as well as system code, making it extremely difficult for unauthorized instructions to execute.

Capability differences are reflected in data compiled by Secunia, one of the industry’s leading security and malware authorities.

Figure 4 summarizes numbers of advisory notices issued by the company between the beginning of 2008 and the end of June 2014 for the most recent versions of IBM i, the two principal Linux distributions – Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES) – and the Windows Server operating system.

Figure 4: Comparative Advisory Data – January 2008 through June 2014

Data was not available for the latest version 7.2 of IBM i, which was introduced in April 2014. The importance of malware resistance should be highlighted. For some time, the trend among cybercriminals has been toward use of malware that harvests information over time. Malware is now so prevalent that even minor security lapses may lead to infections.

The significance of these strengths is reinforced by two factors. One is that costs of protecting data are lower than those for competitive platforms. The time and effort that must be spent on routine security and malware protection, and in patching, auditing and other tasks is a great deal less.

Companies have invested in information security for decades. The sophistication of cybercriminals continues, however, to evolve, as do the techniques and technologies they employ. In response, expenditures on security tools, personnel and services continue to escalate. IBM i provides an opportunity to break this cycle.

A second factor is that, most security authorities recognize, perimeter defenses are no longer sufficient.
Penetration of these has become increasingly common, and they do not prevent insider abuse. The trend is toward creation of data firewalls, which provide a further level of protection for the most sensitive data resources within enterprises. IBM i provides such protection, with no additional effort or cost.