CTO Blog

CTO Blog

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

What’s Acceptable Risk in the MashUp World?

Category :

I had an experience many of us encounter last week – the hard drive on my laptop failed. Now, as a CTO who understands how IT works, of course I had all my data backed up and in any event I am completely immersed in leveraging the Web model and so my personal local data storage is frankly an irrelevance. And of course, this is my alter-ego talking, not the real me who is now praying our super hero desktop support colleagues can save the day and recover my data! So of course, just like most of us I use my personal hard drive as a store of useful content I can personally access whenever and however I want – with or without an Internet connection - and I’ve found Microsoft Outlook to be a pretty good personal knowledge management system – combining document content with context of real-world events and other content (conversations) associated with it. I leverage internal and external Web assets like we all do as part of the mix. This of course is no surprise. We all use whatever IT is around us to help get the job done in the easiest way. And we all have a personal perspective on what is acceptable risk. Perhaps this very human behaviour can be summed up by a story a colleague once shared with me. The story goes that there was an infamous railway crossing in Canada in a forest which was a known accident blackspot. The authorities acted and removed trees for a half mile either side of the crossing to provide excellent visibility. Unfortunately this made no difference to the number of accidents. Research showed drivers ended up taking greater risks because the visibility was better. The drivers had their own acceptable risk position in mind to get across the crossing with as little delay as possible to their journey – and this differed to that of the authorities. And so back to the hard drive. Despite the kind warning of an imminent failure, my focus remained just like most of us on our urgent 50 things to-do list. With hindsight, in the back of mind of course, I knew physical data recovery techniques are excellent these days and so this was the subconscious plan ‘b’ – now of course the plan ‘a’. I also knew most of the content was available elsewhere. I think this is perhaps a sobering thought if we consider how much shadow IT is used to support enterprise processes these days and extrapolate where Web 2.0, MashUps and Software as a Service concepts are going. The more we know, the more we have a personal informed view of acceptable risk. But if we add up the collective risk position taken by us as individuals, and that being taken through the use of many external services not provided by corporate IT, where might that leave business exposure from the IT services it relies on? And this is not just from a service reliability and availability perspective – information pedigree (how much do you trust external content for example?) becomes a serious factor too. And what and where is personal data (and by inference corporate data) these days? If we consider a simple and well known approach to determine the guaranteed service level from an end-end infrastructure supporting say a single set of line of business processes – while each IT component has a high degree of reliability and availability, add them all up (multiple 99.99% component availability x 99.99% say 20 times and watch the horror unfold!) and the overall business service level drops surprisingly rapidly. Perhaps increased personal know-how of IT, increased use of personal IT, and increased use of services outside of corporate IT to deliver business processes might make the _collective individual_ service availability and reliability position very different to the corporate expectation. Now, off to recover the hard drive… :)

About the author

C. Bate

Leave a comment

Your email address will not be published. Required fields are marked *.