Like many universities, some researchers at mine have sensitive data. Since a data breach would be calamitous, all university computers, laptops and desktops, must be encrypted. We just changed vendors for our encryption software. The new vendor requires a new version of the operating system. This requires backing up all of the data on a computer, installing the new OS and encryption functionality, and then reinstalling the backed up data (more on this in a later post). The process requires each computer user to bring their computer to our IT department and be present to provide log in credentials multiple times. If all goes smoothly (more on this in a later post), the process takes 2-3 hours of both the user's time and the techie's time. They estimate that this must be done for 7,000 university computers.
It will take 14,000 to 21,000 hours of just techie time, or 7 to 10.5 person-years at 2,000 hours per work-year to accomplish this task. I think this means that about half of the IT department's staff will be working on just this task full-time for a year. Suppose the average of techie's and staff/faculty salary is $80,000 to $100,000. This means that for a 2,000 hour work year, each hour is worth $40-$50 not counting benefits. The total value of lost time could easily be in the $1.1 million to $2.1 million range. I strongly suspect these costs were not fully taken into account when selecting the new vendor. I strongly suspect that this is greater than the marginal benefits from the new vendor.