Arvind Jain

Subscribe to Arvind Jain feed
My observations in IT, Business Services, Cloud, SaaS, Security, Product Management, Compliance and SOA.Arvind Jain
Updated: 4 hours 41 min ago

Reality hits me home, with aging parents and uncertainties of life. I learn about OPLL

Mon, 2017-01-09 16:11
I never thought that I will be writing out something way outside my comfort zone of IT technology.

But a recent mishap accident with my father has made me realize that there are far more difficult and significant things in life than I had yet to confront and I was not prepared to handle it alone.

Diwali the festival of lights had just gone by and we were all in a cheerful mood. My brother and his family were back home in India and the grand parents were having a good time with grand kids. My dad has just returned back to India after a pleasant three month stay with me here in USA.  

Then came the scary Halloween trick for me. On a fateful day of Oct 30th 2016, just after Diwali in Bhilai, India my dad slipped and fell and the back of his neck hit the swing base. It was not a major accident by external measures, no external bleeding or wound, but it was severe enough to compress the nerves to a point were he could not move or stand up. He was lying on the floor, lifeless and could not move his both legs and one hand.

He was fortunately able to make an audible alarm and was picked up , lifted and transported to hospital.  He was immediately admitted to Bhilai Sec-9 hospital in Chhattisgarh, India. There it was diagnosed that he already had a case of OPLL () and this fall and immobility are symptoms of  a final breakdown.

OPLL is a calcification of the soft tissues that connect the spinal bones which results in a narrowing of the spinal canal and compression of the cervical spinal cord.

The cause of OPLL is unclear and I could not get a certain answer from anyone, but was told that people of Asian heritage especially Japanese have a higher likelihood of developing OPLL. Also more men seem to be affected than women.
OPLL SymptomsMost patients with OPLL are asymptomatic with no symptoms at all, but others may experience mild pain and numbness in the arms and/or legs to complete numbness in the extremities. The symptoms are similar to those of cervical cord compression.
Treatment of OPLLThis depends on the stage of OPLL and in my case , my dad is at stage 4 and that is the severest stage. Conservative treatment like activity modification and exercises may help relieve the pain caused by OPLL but I was told that open spine surgery is required.

If pressure is not relieved on the spinal cord then future damage and loss of neurological function is very much possible. At sec 1 Bhilai hospital, my brother was told that this may affect respiratory functions as well. So they advised immediate surgery and there is a major risk when you open up the spine.

Since then in last 2 months we have gone through many things and are working on getting this thing taken care of. It is a big help that my brother is back home in India and can execute on many on site things.  Simple things like opening zipper or buttons that we take granted for in life start to seem like mammoth tasks. What you can do in person on site, is a significant thing in such circumstances.

I would like to thanks and credit the following websites for some of my research. Indian Government portal surprisingly had a good amount of research papers at NCBI.

We have undergone surgery since then and in future articles I will share more details, but if anyone is in similar situation, I will be glad to share detailed notes. I was helped by many known and unknown people so my heartfelt thanks goes out to them and I plan to pay it forward.



Micro segmenting using Adobe Target leading to personalization

Thu, 2016-12-01 20:34
Using DMP and DSP tools like Adobe Target, Adobe Audience Manager, LiveRamp.. you can practically (not legally) deliver real-time personalization. What they really do is micro targeting / micro segmentation. But today it has reached that fine level of granularity where ads / messaging shown to end users have started looking creepy. We are being watched all the time.

Realtime micro targeting is possible, in the same way as it is with any other type of CRM data - data is pre-loaded into Adobe Audience manager (AAM) and as soon as AAM sees that particular user in realtime, it can show specific segment messaging based on their segment qualification. They key here is how finely you define your segments. The more micro targeting you do, the more personal the message will appear.

The thing that is not realtime is sending CRM data to AAM, but once the data is dropped to AAM it is available later for real-time use after some sync duration.

Thanks for reading


How can companies prevent cyber attacks like that of Dec 2013 Target credit card data theft ?

Fri, 2014-01-24 18:07
1//24/2014 By: Arvind Jain

By now we all know that passionate hackers are very smart and they will always have a edge over whatever known systems we can create (Firewall, IPS etc). Even the best SIO (Security Intelligence Operations) team cannot possibly know of each and every malware in advance so a traditional approach of IPS or Malware detection based on signature is so stone age thing now.

So what could have been done at Target? I am sure many experts are pondering over it but here is my simple thinking. A combination of proactive people, process and tools would have prevented it.

We need people for behavior analysis or analytics.  BlackPOS creators and Hackers in general know what a Firewall can do. So they timed data transfer to normal business hours, merged it with FTP traffic and used internal dump servers in Targets own network. This is what I gathered from iSight comment in the WSJ article today.

"ISight, hired by the Secret Service and Department of Homeland Security to help with the investigation, said the bug had a "zero percent antivirus detection rate," meaning even updated security software couldn't tell it was harmful.  So a endpoint security system or antivirus software would also have been ineffective to detect the malware.

This is where you need a joint effort on part of system, people, and process to detect anomalies.  Something like a Cyber Threat Defense solution (like the one offered by Cisco) is a good way to detect patterns and flag them.

The hack involved several tools, a Trojan horse scanned the point-of-sale system's memory for card data which was stored unencrypted in memmory. Another logged when the stolen data was stashed inside Target's network. Yet another sent the stolen data to a computer outside the company. The coordination of those functions was complex and sophisticated, but could have been easily seen as an anomalous pattern.

Like if there is traffic jammed up in freeway you know something is wrong ahead. For that matter if all traffic goes to a different side than normal for that route then also you know something is not right. To detect anomalous activity, you have to look at traffic timing, volume, direction etc. to detect activity.

These are good indicator that something has happened and potentially it requires immediate attention from people and processes. You could then take the traffic flow (using a tool like NetFlow) and look for anomalous traffic patterns.  You would have encountered something that is never before seen and that would have triggered deep packet inspection of dump files.

Typically Malwares siphoned data and stored it in local Intranet (to disguise it as internal traffic over a temporary NetBIOS share to an internal host inside the compromised network) and then attempt to send the data to the attacker over a legitimate call like via FTP or HTTP.  Compromised data was collected in .DLL files (in this case, track data, which includes all of the information within the magnetic strip) and is periodically relayed to an affected “dump” server over a temporary NetBIOS share drive.  In this particular case the DLLs weren't malicious (they just contained normal data so no system could have tracked it without insight from people or Target IT staff).

Tools like Lancope StealthWatch help you detect such anomaly. The dump server was not a host that the POS systems were required to communicate with. So when POS systems attempt to communicate to one another or to a unidentified server a Host Lock Violation alarm is generated. Similarly once the data started to be sent to the dump server, it could have triggered a Relationship High Traffic or potentially a Relationship New Flows alarm.

Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP anomalies can be detected using network-monitoring tools provided by companies like Cisco or its recent acquisition

So you do have all the tools at your disposal, all that was needed was a good brain with commonsense to do correlation between the series of activities that were happening anomalously and could have been detected by monitoring tools.


Of course if you do not have time for all these or the tools or the in-house security expertise, Cisco Advanced Services for Managed Cyber Security is at your service. Feel free to reach out to me for recommendations.


What is behind these recent acquisitions by Palo Alto Networks and FireEye ? Domain Talent and Virtualization

Tue, 2014-01-14 20:17

Security is a red hot fascinating sector right now, acquisitions are happening left and right and I have stopped trying to do a financial valuation, there is something else happening. When money is cheap, I see these acquisitions happening as a race to get ahead with talent and new technology. But payoff will come for those who are first with economies of scale.

The two outstanding reasons for these acquisitions in my opinion are Virtualization in Security and Talent with domain expertise. Many security startup are focusing on use of in-situ virtual sandboxes to investigate suspicious files to detect malware before letting them loose in the main network.

Blue Coat Systems acquired Norman Shark, which had developed a sandboxing technology platform for malware analysis.  Palo Alto network acquired Morta Security  (CEO Raj Shah) a Silicon Valley-based security startup to bolster its cloud-based WildFire malware inspection technology. Aim was to get NSA talent as well as the virtualization technology. A week earlier FireEye acquired Mandiant which provides endpoint security software and is well known for its threat intelligence research and incident response services.

So what next ….. I am waiting to see some big - Bigdata plus Security related acquisitions and they are coming sooner than you will expect ….

Safe Surfing …

A day in Kunming China

Sun, 2013-11-17 09:08
Kunming is a important location for transit passengers traveling via China Eastern.I had a unplanned 24 hour stay and I am glad that I found a reasonable accommodation. So for those that are looking for simple, straightforward transit stay in Kunming,  Dhaka Hotel Ph# 135 2933 2392 is a good option if you are within a budget. They have WiFi, Airport Transfer and South Asian food options.

Complete Gross Margin improvement framework

Tue, 2013-05-28 00:48

Posted above is a time tested framework for significant gross margin improvement to your business unit's overall gross margin.

Simple but very powerful. If you can deploy these buckets wisely then GM savings can be anywhere in thousands or millions .. depending on your operations scale.


Pricing strategies for services

Thu, 2013-05-02 00:11

How can a services provider (Advanced Services, Technical Services or Professional Services) make sure it has priced its services just right?
There are three ways to do pricing
1)      Cost Plus
2)      EVC (Economic Value to Customer)
3)      Competitive Marketplace

Just going by Cost Plus, you leave money on table. EVC is theoretically best pricing but you cannot price case by case (so you set list price and give discounts to adjust for case by case basis). Competitive Marketplace is what most people do but then you are treating your services as commodity.

I suggest that you follow a more methodical approach about pricing strategies for services.
1)      Creating a pricing model, which takes into account your fixed costs and business strategy.  A baseline formula would let you know what price range is NOT feasible.  Say your prices will not be less than this amount so that you maintain your Gross Margin and survive in the industry.

2)      Break down your costs into buckets (Server, support, manpower, gas, commute, task time, delivery model and expertise) and then have a variable formulae based on weightage to what you have in plenty and what is scarce for you.

Research your industry (business cycle, technology trend)

Research your customers (segment the market, are you their strategic partner, long term potential).

There is a constant pressure on services to invest in new practice areas, either because these investments would help meet business unit sales quotas or because the business units need more people/partners out there, evangelizing new sort of technologies. Evaluate those opportunities so as to keep your costs low.

Five pillars of Gross Margin Improvement

Mon, 2013-04-22 17:00

When growth comes to standstill or products start to become commodity …nothing else matters as much as maintaining your Gross Margin.

A company can have stagnant revenue but Wall Street will still reward it's shares if it show profitability growth and how do you do it? Look no further than Gross Margin.

Essentially the five pillars of Gross Margin improvement are:

  1. Financial Planning
  2. Operational Effectiveness
  3. Pricing Optimization
  4. Product Management
  5. Sales Effectiveness
Want to know more? I am working on a Gross Margin play book. Drop me a note and will be glad to share.

Operational effectiveness as a Gross Margin tool

Mon, 2013-04-22 15:54
Effective Operations can help your company move in the right direction w.r.t. Gross Margin.

The 8 top most things that come to my mind when we look at GM in high-tech industry from an operations perspective are (in no order of importance).

Operational Effectiveness
NMS - (Fixed + variable) OthersPortfolio AlignmentNMS - Freight SavingsOver HeadTransformation SavingsSupplier SavingsProduct and Theater MixRoyalty Management

We will drill down into each some other day in a white paper.

How is SaaS Product Management different from traditional Product Management?

Tue, 2010-02-23 00:27
As Enterprise Architects we are inclined to always question that how a particular technical architecture is going to benefit business strategy of my company. In the same thoughts I had a debate with my colleague that Product Management for a SaaS or Cloud based product is very different than a traditional approach to product management.

As SOA Architect I can see some of the challenges with reuse or creating global services. So here are some of the key differences between traditional product management vs SaaS product management, that I can think of. Please comment your thoughts or elaborate more.

In Saas product management you have to worry about all these additional things,

1) Data Management of customer data (Backup, recovery, export, migration)
2) Additional security around Access & Authorization
3) You earn your money every day and every moment, so it is not a traditional sell once and forget till the next new producty is available. If you fail customers may not and will not renew the subscription. So you have to develop SaaS with some stickiness feature like creating a website with lowest bounce rate and higher CTR (click through rate). so that there is highest probability of customers renewing.
4) Special considerations for On Demand / Multi Tenacy of the product / solution.
5) Much higer emphasis on Disaster Recovery, Peak Load and High Availablity.
6) One size does not fit all, so how would you provide innovation in cloud? How to empower customers in cloud so that they can maintain their cuttting edge by intelligent customizations.

I am thinking there will be additional issues like Multi Tenant Pricing that will be of concern (based on usage pattern, product differentiation etc.) so please comment your thoughts or elaborate more if you can.

MIT South Asian Alumni Association - MBA Panel Discussion

Tue, 2010-02-09 01:42
MIT South Asian Alumni Association had invited me to a panel discussion at the Stanford University campus to share my MBA experience and guide future business school applicants. It was a good debate and most importantly I belive the assosciation is doing a great service to public. More details can be found here

Some very interesting Web 2.0 Links that can help in Smart Marketing & positioning

Sun, 2010-01-24 17:53

This page contains links to some very interesting websites that I use as part of my Product Marketing SEO tasks, they help you gain strategic edge using IT (information technology). Anyone interested in Search Engine Marketing (SEM) must pay attention to these tools:

  • Google Trends - find temporal trends in search word usage on the internet
  • Google Insights for Search - estimate relative importance of search terms with trends by geographical regions

  • Google Analytics - web analytics solution that gives insight into your website traffic and marketing effectiveness

  • Quantcast - monitor website traffic and effectiveness of marketing communications to customers. This give Demographics info of Visitors. You can also use Microsoft AdCenterLabs to analyze demographics.
  • Hitwise - ISP data, can be used to analyze how people get to, spend time in and depart from websites, large sample size

  • Alexa - web traffic metrics based on voluntary anonymous tracking of people who have signed up for free, large sample size
  • Comscore - web traffic metrics based on voluntary tracking of people who have signed up for a fee, gives much more detailed information but sample size is small

  • CrazyEgg - Click density analysis, find out where people are clicking on your webpage (is your design driving people to the right place?)  
When you use Google AdWords be sure to use Ad Preview Tool at

Landmark achievement for my team - Cisco announced as overall winner for SOA implementation award by CIO magazine and SOA Consortium.

Mon, 2009-11-02 20:13
Landmark achievement for my team - Cisco announced as overall winner for SOA implementation award by CIO magazine and SOA Consortium.

Cisco SOA Team Wins SOA Consortium / CIO Magazine Award

Cisco has been selected as the overall winner of the 2009 CIO Magazine “SOA Case Study Competition“ organized by the SOA Consortium. Please see detailed news article here.

Cisco was recognized by industry experts for its SOA initiatives, platform and implementation successes.
The SOA Case Study Competition highlights business success stories and lessons learned to provide proof points and insights for other organizations considering or pursuing SOA adoption. The contest was open to organizations of all sizes, including government agencies that have successfully delivered business or mission value using an SOA approach.
CIO Magazine, launched in 1987, produces award-winning content and community resources for information technology executives. The SOA Consortium is a group of renowned industry experts and practitioners, who through the years honor companies for outstanding achievement with this award.

If you are interested in the case study then please contact me offline at

How to configure Standalone Fuego BEA Aqualogic Oracle BPM Studio to work with Secure Web Services?

Mon, 2009-01-26 18:00
While evaluating BEA BPM Studio I had to struggle a bit with how to configure Standalone Fuego BEA Aqualogic Oracle BPM Studio .... I am trying to give credit to all companies here :) to work with Secure Web Services?
Now I have secured web services orchestrated and also using encryption in my BPM Processes. Here is the meat of the matter ...
In order to communicate with secured webservices using SSL encryption (those with WSDL end point starting as https:// ) you need to have certificates from those servers installed in your keystore.
For BPM Standalone these are the steps. And before you begin set JAVA_HOME to C:\OraBPMStudioHome\eclipse\jre if you have not done so already.
1. Download the .cer file from server. (One way is you can use IE browser to get that file and export it from browser to a local directory)
2. Put this file in %JAVA_HOME%\jre\lib\security. You can put it anywhere you want.
3. Run the following command at a command prompt:
C:\Program Files\Java\jre1.6.0_02\bin>keytool -import -trustcacerts -alias <CERT ALIAS NAME> -keystore ..\lib\security\cacerts -file ..\lib\security\gd_<cert file name>.cer
4. You will be prompted for a password. If you have not changed the password, it will be "changeit".
5. You will then get the following message if all is successful - "Certificate was added to keystore".
6. Restart Tomcat (inbuilt server in BPM Studio).
This should solve your problem.
Pls note that if you have not configured your keyStore then first do so. you will find this document handy to do so.
Quick tip: To see a list of keys in keystore
%JAVA_HOME%\bin\keytool -list -keystore ..\lib\security\cacerts

Switched from Oracle BEA BPM Enterprise Version (on Weblogic) to the Standalone Version for Evaluation Purposes.

Wed, 2008-12-03 19:03
Last week was a very short week during which I tried to install an Enterprise BEA BPM on Weblogic. There were a lot of configurations needed for Enterprise WebLogic Edition (Directory Server, Database, Deployment within the WebLogic JVM etc). I have listed the steps below.
It was taking too much time and was not very straightforward. I had to ensure that I have installed and configured the BEA WebLogic application server properly even before I could debug & play with the BPM engine.
<?xml:namespace prefix = o />

At end of last Tuesday I made a call to switch to Enterprise Standalone but the efforts put in were good learning and useful for Standalone Installation as well. So for the purpose of proceeding with evaluation going forward I have shifted to Enterprise Standalone Version as my focus is BPM.

Some learnings or observations .... On the Oracle website they refer to downloading Oracle BPM <?xml:namespace prefix = st1 />Enterprise Administration Guide.pdf but in real scenario there was no such file name. I realized that it was same as Oracle BPM Admin Guide.pdf and the same goes for configuration guide as well. So will not get confused in future :)

Ok so with the ultimate aim being to Deploying and Publishing a New BPM Project I had to go through a series of steps. (For standalone I needed a much smaller set but the practice and drill was worthwhile learning in terms of infrastructure and operationalization of product.

The whole list of steps:

  1. Creating Directory Service ( need to configure Directory Database Schema)
  2. Creating a Process Execution Engine ( need to configure a separate Execution Engine Database Schema)
  3. Configuring Weblogic Server
  4. Creating Weblogic Server Domain
  5. Create Oracle BPM Deploy User
  6. Installing Oracle BPM Deployer
  7. Creating JDBC Data Sources on BEA Weblogic Server
  8. Creating JMS Server, Module & Resources
  9. Configuring the Deployer and Deployment Targets
  10. Enabling Clustering
  11. Building and Deploying Application EAR Files
  12. Deploying and Publishing a New BPM Project

As of now I have Standalone Enterprise BEA BPM configured with Directory (Oracle 10g DB). Engine DB configuration has some issues due to privileges. Make sure you have a friendly DBA to help out.

I am trying to come up with a set of use cases to test out different features.

More next week as I try to put together a list of features .. dully prioritized that I will like to test out.

If you have a challenge for me ...Bring it ON :)

Currently evaluating Oracle BPM 10gR3

Fri, 2008-11-21 15:49

For the next one month I want to be critically evaluating Oracle BPM 10gR3. 


Yes this is the new face and name of  BEA Aqualogic BPM 6.5 , now with Oraclelization it is called as Oracle BPM 10gR3. Too early to make a comment.


My aim is to see how well Oracle has leveraged and integrated the BEA Aqua logic BPM products with its other products to offer a complete suite.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />


Getting started was easy .... Installed Oracle BPM Studio  from the link below. To get started

Please visit:

Here you will find download link – for initially getting your feet wet purposes, download of studio should suffice. Also, there is a tutorial and link to docs.


Installation was smooth, took around 60 Minutes. I referred to this site for the product documentation


One glitch ....

It took me 20 minutes to figure out why the "Launch Workspace" icon was disabled. Figured out that after designing the process I had unfortunately clicked on either "outline" or the "Log Pane" that exist below and clicking on those panes dynamical change the Menu and disable certain icons.


More later



Finished Half Marathon of my pursuit of MBA

Sun, 2008-11-16 01:25

I have been quite busy last few months with double MBAs. One one side
was the collaboartion, group study, projects, assignments and homeworks
for CMU MBA. The other side was my younger one growing up. That was
another MBA (Managing Baby Administration)

Things are finally getting easier as I am approaching the final year of
my MBA. This was a perfect time for me to learn about "Marketing
Management", "Financial Accounting", "Production & Operations
Management" , "Macroeconomics", "Corporate Finance" & "Marketing
Research". With the current ecomonic situation I feel that every day I
use my Business & Financial learnings to analyze situations.

Here is a recent picture from one of the CMU social networking events.


Carnegie Mellon Tepper School of Business - Part Time MBA Program

Wed, 2008-04-16 22:34
Quite many people have contacted me about the Carnegie Mellon part time MBA Program since I started the same in 2007. After having been through the experience for a year now, I can see direct applications of many of the Business School teachings to SOA world.
After all ... SOA & BPM is mostly about Business & IT alignment within an organization and in its partner eco system. So I though that it will be a good idea to write a summary about the CMU MBA program here in this blog.

Program Overview: I have been fortunate that the CMU MBA program is offered at Cisco Campus apart from their West Coast campus ( CMU West - ) in the Moffet Field (you can see signs on 101 north near Moffet Field exit). This is very handy at times when I need to hop out of meetings and join the class within minutes of getting out of office. It is first time at Cisco but the program itself was started in 1996.
It is delivered to corporate campuses in real-time via video-conferencing technologies and CISCO is leading the way with its TelePresence technology which is as real life as it can get. Others in the MBA class are from companies like Lockheed Martin, Goldman Sachs, United Technologies, Oracle, Intel, Applied Materials, Pitney Browns etc.

Tepper MBA program is highly known in Financial & Operations Research area due to its stress on analytical approach to problem solving and decision making in complex and dynamic business environments. CMU Tepper is ranked 3rd in Wall Street Journal Rankings.

Part Time program has same admission/graduation criteria as it exists for Full/Part-time students in CMU Pittsburg Campus. More info at:

If you need more information please feel free to get in touch.


Disclaimer: Opinions expressed are my own and CISCO does not sponsor or endorse this program.

SOA on SOA !! - Bring the discipline of SOA to service development and creation in your organization.

Fri, 2008-03-07 18:22

SOA on SOA!!

It was difficult to put the most appropriate words to my thoughts but what I am trying to bring out is that SOA implementation should not burden the service providers and consumers to go through the burden of learning all the latest standards, tools & technologies.

They should just worry about their business logic and there should be a framework which transparently takes care of making that business logic a service as in SOA world while adhering to their company's enterprise policies, processes and standards.

How to enable this? Enterprise architects should closely watch two upcoming standards - SCA & JBI.

JBI is JSR 208 and called as Java Business Integration. SCA is Service component architecture.

JBI is used by system integrators during physical deployment (customers and end users do not see this). It helps in management & interoperability of your SOA infrastructure.

SCA has a design and composition perspective. It is used by developers to annotate or put notes in their code to describe service and their dependencies.

The aim is to create a virtual container for hosting services. This way services can be plugged into ESB or into an existing Policy Manager. It will be independent of language and will help as a framework for exposing business logic as service.

The other significant benefits I see are
- Consistent deployment & management
- Location Transperancy (Virtualization)
- Policy Enforcement
- Consistent Security Model
- SOA does not means every developer needs to know about WSDL or WS-* or other standards. They need to know the core business logic.
- It might possibly help in transaction coordination.

So let us try to use our own methodology SOA to help in implementation & adoption of SOA.


How to take Build vs Buy decision in case of Software Products?

Mon, 2008-02-25 13:09
In the world of software development once in a while everyone reaches that crossroad where he needs to decide - Should we build that software or buy it? Build vs Buy !! Deal or No Deal !!

Here are suggestions that will help you. When making a Buy vs Build decision do the following:
  • Consider only the costs that are affected by your decision (example you may or may not decide to buy additionaly 24X7 support)
  • Include all Opportunity Costs (are you going to miss on some other core oppurtunity / project in your own industry)
  • Ignore Sunk Costs, these are costs that have already been incurred (example can be hardware cost as either version of bought or in house build software will require similar hardware)Calculate total costs of each option. Total cost = fixed (avoidable) costs + variable (avoidable) costs
  • Considering "Soft" or "Intangible" cost/benefits, for example future use of product or learning, team reputation or burden (in terms or learning or development), derivative products.

Other Important Hints/Viewpoints
  • A very important consideration is to look at the Marginal cost i.e. the cost for deploying an additional host (cpu) with the same software.
  • For coming up with oppurtunity cost - look at the nature of technology/product and its maturity level - analysis in the Short Run and in the Long Run
  • Look at the service/product provider and its industry - will you be price taker or price chooser? How much can you negotiate? What are hidden benefits/costs of partnership?
  • Evaluate options using the net present value (NPV) & internal rate of return (IRR) approach
  • A little known fact is about the Basic Accounting ... Is it favourable for company's accounting? - This is very important as software bought is a depreciable asset for organization while software built will be treated as an ongoing expense without any balance sheet asset created out of it.
Hope you have some food for thought and solid points to make your case in your next board/council meeting.