But...surely you're also missing another point of consideration:
Single point of failure fails, taking down all your systems for an indeterminate length of time:
1. Risk: moderate (an auto-updating piece of software without adequate checks? yeah, that's gonna fail sooner or later)
2. Impact to business: high
3. Impact to manager: varies (depending on just how easy it is to spin the decision to go with a single point of failure rather than a more robust solution to the compliance mandate)
Single point of failure fails, taking down all your systems for an indeterminate length of time:
1. Risk: moderate (an auto-updating piece of software without adequate checks? yeah, that's gonna fail sooner or later)
2. Impact to business: high
3. Impact to manager: varies (depending on just how easy it is to spin the decision to go with a single point of failure rather than a more robust solution to the compliance mandate)