InformationWeek Stories by Imre Kabai

InformationWeek Stories by Imre Kabaihttp://www.informationweek.comInformationWeeken-usCopyright 2012, UBM LLC.2013-03-26T11:12:00Z8 Reasons Enterprise Architecture Programs FailSuccessful enterprise architecture programs marshal the right people, support structures and approaches -- and dispense with the distractions.http://www.informationweek.com/global-cio/interviews/8-reasons-enterprise-architecture-progra/240151679?cid=RSSfeed_IWK_Authors<div class="inlineStoryImage inlineStoryImageRight"><a href="http://www.informationweek.com/cloud-computing/software/googles-10-best-gags-pranks-and-easter-e/240151036"><img src="http://twimgs.com/informationweek/galleries/automated/965/Google_Gags_01_tn.jpg" alt="Google's 10 Best Gags, Pranks And Easter Eggs" title="Google's 10 Best Gags, Pranks And Easter Eggs" class="img175" /></a> <div class="storyImageTitle">Google's 10 Best Gags, Pranks And Easter Eggs</div>(click image for larger view and for slideshow)</div> "If you want to build a ship, don’t drum up people to collect wood and don’t assign them tasks and work, but rather teach them to long for the endless immensity of the sea." -- Antoine de Saint-Exupery Enterprise architecture was conceived some 25 years ago to address the increasing complexity of IT systems and their poor alignment with business goals. The same problems still exist today, amplified by the accelerating pace of technology change. Why is it that EA programs are more likely to fail than succeed? Here are eight typical failure modes, followed by recommendations on how to avoid them. 1. Lack Of Sponsorship. Your architects need three tools to do a good job: access, leverage and goodies. [ Change your life or career or both with better decisions. Read <a href="http://www.informationweek.com/aroundtheweb/government/7-ways-to-improve-your-decision-making/544d7a324d6e6d793652726d6d416c497a63417a61773d3d?itc=edit_in_body_cross">7 Ways To Improve Your Decision Making</a>. ] Access means the ability to interact with the appropriate stakeholders, often at the C-level. Leverage includes the right place in the reporting chain, involvement in governance, ability to influence the technology budget, and authority to stop inappropriate technology implementations. Sometimes even the seemingly small change of a title from technical architect to chief enterprise architect can make a significant difference. Goodies include the ability to give out new technologies for testing, "lend" technology experts to struggling projects, and get access to exclusive information that can be traded for favors. <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"><div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"><a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a><div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div>Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy.</div> </div>   Well-sponsored architects will be able to build trust by consistently delivering meaningful results. Lack of sponsorship will destine even the best architects to fail. 2. Hiring Or Promoting The Wrong Person. The skills that earn someone the EA position don't necessarily make the person a strong EA. Often the most technical people get promoted when they lack other important skills. These include interest in the business, the ability to translate technology into simple business outcomes, and the ability to listen, communicate, present and market infectious enthusiasm for new technologies. 3. Building An Ivory Tower. Some EA programs hire a bunch of brilliant architects who retreat for a long time and return with sophisticated frameworks. They then present them to key members of the leadership and the organization, most of whom will have no clue what the architects are talking about, so their complex reference architectures will be ignored. Ivory towers tend to increase the complexity and upset the stakeholders. The new CIO will gain immediate recognition among his business partners by firing the EA team, with the result that enterprise architecture becomes a "bad word" deeply embedded in the institutional memory. Roger Sessions wrote a great <a href="http://www.objectwatch.com/whitepapers/ITComplexityWhitePaper.pdf">white paper</a> on driving simplicity through connected enterprise architecture. 4. Policing And Insensitivity To Culture. I have seen a project manager burst into tears in the crossfire of enterprise architects' questions during a technical design review. I have been on a 2 a.m. call struggling to comply with unreasonable and obsolete technology standards just to get the chief architect's signature and meet the budget deadline. In that particular case, the turning of enterprise architecture into a policing function resulted in its failure. It takes a lot of effort to convince, and regularly re-convince, your business and IT partners of the value of enterprise architecture. A gentle approach makes the function more likely to succeed. The best architects I've known spoke softly and carried a really big carrot. They followed Exupery's advice. 5. Maintaining The EA Artifact Factory. Some EA teams keep busy documenting as-is states. They have an incredible array of diagrams at their disposal to represent the various aspects of everything. The world of diagrams is addictive, and perfect is the enemy of good when it comes to diagrams. Instead, these teams should focus on producing frequent, meaningful and measureable business outcomes. It isn't easy to come up with good KPIs to measure enterprise architecture. This <a href="http://www.gao.gov/assets/650/648827.pdf">GAO report</a> clearly shows the challenges of defining good EA metrics in the government sector. 6. Clinging To A Particular Framework Or Tool. There are more than 80 EA frameworks, and you'll find no silver bullets among them. The best approach is to read all of the major frameworks, discard most of what you have learned, and blend the remaining 10% in a way that fits your organization's culture, maturity and business goals. As an example, here's a <a href="http://antipatternzoo.com/tea/">lightweight, blended approach</a> for tree huggers. When it comes to tools, go fancy if you have the money. But most of the time fancy isn't necessary. Visio, Excel, Word, FreeMind, Prezi and a collaboration team site works well. Limit the time spent on selecting tools and frameworks and instead focus on using them. 7. Thinking Enterprise Architecture Equals Technology Architecture. Most EA programs are initiated by IT and never progress beyond the technology domain. Although technology standards, technology roadmaps and solid engineering practices will produce simpler, cheaper, portable, reusable and more supportable solutions, they don't align your IT investments with business goals and won't power your business with technology innovation. 8. Taking The "Enterprise" Word Literally. "Enterprise" does notnecessarily mean the entire enterprise. It means stepping back and taking a look at the higher-level context before making a decision. Moving architecture to the real enterprise level requires a mature and committed organization. If you try to push the enterprise aspect too far too early, you'll crash and burn. Mike Rollings of the Burton Group has a great <a href="http://www.workingtitleconsultants.com/wp/wp-content/uploads/2011/03/MoreThanEngineering_EA.pdf">article</a> on this subject Recommendations: -- For the sponsor of the EA function: Make sure that your organization is ready for an architecture-driven approach and that the EA function is well sponsored. When you interview EA candidates, ask about the failure modes of the function. Keep looking if the person doesn't know the usual failure modes by heart. --For the EA: When you interview for a new position, make sure you have what it takes to do a good job. Take into account your own abilities, the company culture, the level of organizational maturity and the level of sponsorship. If you're uncertain, walk away. Life is too short to spend years making no difference. Two tech experts square off. A CIO compares working without IT standards to anarchy, while a CTO claims that standardization stalls creativity. Also in the new, all-digital <a href="http://www.networkcomputing.com/nwcdigital/031913s?k=axxe&cid=article_axxt_os">The Standardization Debate</a> issue of Network Computing: Next-gen data centers and the politics of standards. (Free registration required.)2013-02-28T09:06:00ZHow To Improve The IT Decision-Making Process"Essentially, all models are wrong, but some are useful." --George E. P. Boxhttp://www.informationweek.com/global-cio/interviews/how-to-improve-the-it-decision-making-pr/240149564?cid=RSSfeed_IWK_AuthorsOne of my most embarrassing memories from college: My lab partner and I went to a nuclear research reactor to expose samples to thermal neutrons and measure the decay spectrum. The reactor, one of two such facilities in the country, had to be started up. Technicians in white lab coats were busy turning knobs, and a large vacuum tube display indicated the increasing power output. Around the reactor core the bluish glow of the Cherenkov radiation outlined the deep underwater structure. The machine was amazing. Then the chief scientist looked at our lab results from the previous week's experiment and noticed that we skipped the error calculations. He promptly gave us Fs and sent us home. The reactor had to be powered down. We wasted the time of many people. How many times do we prioritize our IT projects and services based on "objective" scores while all the numbers are well within one standard deviation of one another? How many IT decisions should get an F because, behind the numbers, there's an unknown degree of uncertainty? [ Change your life or career or both with better decisions. Read <a href="http://www.informationweek.com/aroundtheweb/government/7-ways-to-improve-your-decision-making/544d7a324d6e6d793652726d6d416c497a63417a61773d3d?itc=edit_in_body_cross">7 Ways To Improve Your Decision Making</a>. ] All IT decisions should be based on forecasts. We try to predict the immediate and future impact of our decisions, such as picking a product, choosing a vendor, funding a project or launching a new IT service. Forecasting is nothing but the collection of information and the improvement of the signal/noise ratio until we find the option with the best probable outcome. Here is where it gets complicated. We have to evaluate tangible and intangible criteria such as risk, capex, opex, TCO, ROI, strategic value, business outcome, competitive advantage, fit in the current environment, institutional memory, customer perception, future IT trends and sustainability. Since testing the different options -- implementing them and waiting a few years to see the results – isn't feasible, we use models instead. These models can get rather sophisticated. We can bring in the vendors for short intro projects or install proof-of-concept pilot systems. <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"><div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"><a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a><div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div>Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy.</div> </div>   We usually make decisions within a group of business and IT experts who come from various areas and share little common ground or knowledge. And when it comes to new information technologies, often the only deep expert in a room is a biased vendor. So how can we improve the IT decision-making process? Here's a small collection of ideas: Human Factors -- Express technology in terms of business outcome and value. -- Assemble a well-balanced team of business and IT experts. -- Deploy devil's advocates to shake the group out of groupthink. -- Don't give short shrift to culture and institutional memory. -- Be aware of <a href="http://en.wikipedia.org/wiki/List_of_biases_in_judgment_and_decision_making">biases</a> such as anchoring, availability heuristics and loss aversion. -- Use collective intelligence (<a href="http://en.wikipedia.org/wiki/Delphi_method">Delphi Method</a>). -- Spend time to get on the same prior beliefs (Aumann's Agreement Theorem). -- Don't decouple authority from accountability. Bad decisions must have consequences. -- Incorporate sound governance. Optimize to the right level between local (group) and global (enterprise). -- Understand the long-term value and cost. -- Don't throw good money after bad. A past bad decision isn't a good reason for the next one. -- Don't conduct a "supporting analysis" when a decision has already been made. -- Spend time uncovering the hidden costs and risks (<a href="http://en.wikipedia.org/wiki/Ambiguity_effect">ambiguity effect)</a>. -- Understand that you often don't know what you don't know when it comes to new technologies. -- Understand that learning is part of the process of making a good decision. Techniques -- Use models, pilots and proof of concepts to improve the signal/noise ratio. -- Remember the quote from Mr. Box: Models are just models. Although they can be useful, they're not equal to reality. -- When it comes to models, apply Occam's razor: Go for the simplest one. -- Avoid analysis paralysis. Cap the time spent on the decision. -- Use decision matrices and sensitivity analysis when appropriate. -- Remember that Magic Quadrant winners aren't always the best technology choices for your particular situation. -- While delaying the decision is an option, understand the associated costs and risks. -- Find out vendor weaknesses from competitors; they have in-depth knowledge. -- Find your own references. Every vendor has a few great success stories. -- Use sound requirements-gathering practices And when all else fails, dial 1-800 psychic hotline. Great reads on human factors are Daniel Kahneman's <a href="http://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374275637">Thinking, Fast and Slow</a> and David McRaney's <a href="http://youarenotsosmart.com/">You Are Not So Smart.</a> For techniques, I loved Nate Silver's <a href="http://www.amazon.com/dp/159420411X">The Signal And The Noise.</a> Other IT worst practices and "core incompetencies" are discussed on the <a href=http://antipatternzoo.com>AntipatternZOO</a>. Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple Deployment at the NEW Mac & iOS IT Conference. Use Priority Code DIPR02 by March 2 to save up to $500 off the price of Conference Passes. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies, and the latest technology. Register for <a href="http://www.interop.com/lasvegas/?CID=MP_ILV_IWK_Article_TL&_mc=DIPR02">Interop</a> today!2013-02-05T09:06:00ZUnlock The Value Of Data: Share ItHow can your business open up data to others? It's more than time to ask.http://www.informationweek.com/global-cio/interviews/unlock-the-value-of-data-share-it/240147782?cid=RSSfeed_IWK_AuthorsInformation becomes more valuable when somebody can make a good decision based on it. A list of winning lottery numbers may be worth millions before the drawing and nothing afterward. The correct information at a doctor's fingertips may save a patient's life. To discover, generate, collect, store, protect, mash up, analyze, distribute and retire information, we use technologies to manage the information lifecycle. Notice that we just defined information technology. Some information has unique properties. When I buy milk at the grocery store, I pay $3. I lose the money but get the milk in exchange, while the merchant loses the milk and gets the money. But when information is shared, the source may not lose anything -- it still retains the information -- while the other party gains. This is a positive sum game and one of the key elements that made the Internet and open source a huge success. By opening up and sharing some of their information, companies can create rich external ecosystems that process and mash information from various sources to unlock its hidden value. This sharing can be very beneficial to the source of the information too. [ Are you investing in your past? Or planning for the future? See <a href="http://www.informationweek.com/global-cio/interviews/my-theory-of-it-reach/240146417?itc=edit_in_body_cross">My Theory Of IT Reach</a>. ] According to Gartner, the <a href="http://www.gartner.com/technology/research/nexus-of-forces">four great forces in IT</a> today are mobile, social, cloud and information. I disagree with these categories, because the first three are part of the more fundamental fourth category of unlocking information's value. Mobile delocalizes information. Social creates opportunities to share information and an environment for innovation. Cloud decouples technology from information, putting the emphasis on the "I" in "IT." This <a href="http://www.pwc.com/en_US/us/technology-innovation-center/assets/pwc-cio-of-the-future.pdf">PricewaterhouseCoopers article</a> discusses the "I in IT" concept. My experience is that few companies have strategic plans to unlock the hidden value of their information. Few shops ask: Why shouldn't we share this particular information? How could we make our information more valuable? This isn't just a dilemma for companies. As IT gets consumerized, we're not only setting up wireless home networks, but also being forced to answer questions like: What sort of information should I share to maintain my privacy while making technology more responsive to my needs?   <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"> <div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"> <a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a> <div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div> Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy. </div> </div>   By sharing information we can create new industries. In 2000 the U.S. government made <a href="http://en.wikipedia.org/wiki/Global_Positioning_System">high-quality GPS</a> signal available, spawning roadside sensor networks that gather traffic data (Waze, for instance, crowdsources real-time road conditions). When combined with digital maps, that data provides new value. Based in part on all of that work, self-driving cars, a potential <a href="http://www.forbes.com/sites/chunkamui/2013/01/22/fasten-your-seatbelts-googles-driverless-car-is-worth-trillions/">trillion-dollar business</a>, according to a Forbes contributor, are becoming a reality. My view is that unlocking the value of information is a "slow hunch" (see <a href="http://www.ted.com/talks/steven_johnson_where_good_ideas_come_from.html">Stephen Johnson's TED talk</a>) and may be the greater force underlying Gartner's four forces. Slow hunches tend to reach a point where the curve turns from linear to exponential. Remember the adoption of the PC and Internet? Are we at the turning point of unlocking the value of information? <center><img src="http://twimgs.com/informationweek/1357/pingandpong31_600.jpg" width="600" height="260" alt="pingandpong comic" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center> We must go beyond "faster and cheaper." As you evaluate your company strategy, consider whether you have plans to make your information more valuable. See if you could share some of that information or use information from others to unearth hidden value.2013-01-16T12:33:00ZMy Theory Of IT ReachIf you're implementing an IT solution and it doesn't increase the human or functional 'universality,' you're investing in the past.http://www.informationweek.com/global-cio/interviews/my-theory-of-it-reach/240146417?cid=RSSfeed_IWK_AuthorsDavid Deutsch, in his brilliant book <a href="http://www.amazon.com/Beginning-Infinity-Explanations-Transform-World/dp/0143121359">The Beginning of Infinity</a>, discusses the unique capabilities of the human mind. Humans use the scientific method to construct ever-improving explanations with increasing reach. "Good explanations," such as the Theory of Relativity, have an incredible reach and are valid well beyond the human scale of space and time, he writes. Here's my theory. Let's call it Information Technology Reach. Increasing universality or reach is one of the fundamental properties of ever-more-sophisticated information technologies. And it has both a human and a functional aspect. Let me give you an example. [ Hoping for a more affordable iPhone? Read <a href="http://www.informationweek.com/mobility/smart-phones/8-ways-apple-could-make-a-cheaper-iphone/240145965?itc=edit_in_body_cross">8 Ways Apple Could Make A Cheaper iPhone.</a> ] I have a beautiful HP-67 pocket calculator. A slightly simpler version, the <a href="http://en.wikipedia.org/wiki/HP-65">HP-65</a>, was the backup to the guidance computer on the Apollo-Soyuz mission. I also have a <a href="http://sliderule.mraiow.com/wiki/Pickett_N600">Pickett N600 ES</a> slide rule, the same model Neil Armstrong and his buddies took to the moon just in case the flight computer broke. Finally, I also have an iPhone. I thought I would apply the scientific method to test my theory. I asked my teenage son to divide 237 by 23 using an iPhone, the HP-67 calculator and the Pickett slide rule.  <div class="inlineStoryImage inlineStoryImageRight"> <img src="http://twimgs.com/informationweek/1356/pocketcalc_175.jpg" alt="Pocket Calculator and Slide Rule" title="Pocket Calculator and Slide Rule" class="img175" /> </div>  I gave him the manuals for the three devices. This is a non-trivial task for a modern-day teenager -- my son had never used a slide rule before and the HP-67 runs the <a href="http://en.wikipedia.org/wiki/Reverse_Polish_notation ">reverse Polish notation</a>. Since he's an Android-head, the iPhone was new to him, too. I also thought about asking him to calculate the results with a Turing Machine, but that would have been cruel. Following are the results of the experiment: It's rather incredible: The iPhone, with its 0.2-page manual, is way more universal than the HP calculator or the slide rule. That is, almost anybody can use it without much effort. Calculating with the iPhone requires a priori versus posteriori knowledge. The technology is transparent, and the focus is on the outcome from the user's perspective. The iPhone is an emphatic device, and this is the human aspect of universality in the theory. <center><img src="http://twimgs.com/informationweek/1356/device_chart.jpg" width="595" height="195" alt="Device Chart" hspace="0" vspace="0" border="0" style="margin-bottom:7px;" /> </center> How about universality of function? In the 1970s the HP-67 was also called the electronic slide rule. It can do all that the Pickett does and a lot more. It can also run a Turing Machine, so it's close to meeting the criteria of a universal computer. How about the iPhone? Well, check out these three applications. One is a <a href="http://www.testtubegames.com/sliderule.html ">slide rule for the iPhone</a>, the second app is an early <a href="https://itunes.apple.com/us/app/vintage-45/id506402272?mt=8">HP-45 calculator</a>, and the third is a delightful <a href="http://mobile.clauss-net.de/Turing/">Turing Machine</a>. The iPhone can do it all. It's the most universal technology. And it's cheap -- the HP-45 cost $395 in 1972 and $2,094 in 2011, while the HP-45 simulator app costs only $1.99. <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"><div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"><a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a><div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div>Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy.</div> </div>   What happened is that the iPhone dematerialized the Turing Machine, the slide rule and the HP-67, as well as my old digital camera, MP3 player, paper calendar, bookshelf, dictaphone, notebook, alarm clock, paper maps and desktop phone. Those objects don't need to exist anymore. This all makes sense. Increasing functionality results in increasing complexity, which requires expanding human reach through perceptive, self-adapting, context-aware technologies. Why would the idea of Information Technology Reach be relevant for an IT professional? Well, if it is indeed universal and has a significant reach, then it is easier to align our actions with it and difficult to go against it. To put things simply: If you're implementing an IT solution and it doesn't increase either or both the human and functional universality, you're investing in the past and likely to fail. When you look at your iPhone, you see the slide rule of 2030. Many of the objects around you today will be dematerialized in 20 years. I wonder if I will be able to get an iPhone simulator in 2050 for my cortical cognitive implant. Maybe I will be just like Star Trek's <a href="http://en.wikipedia.org/wiki/Relics_%28Star_Trek:_The_Next_Generation%29">140-year-old Scotty</a>, who returned from the transporter's pattern buffer and declined the offer to join the crew of the Enterprise-D. For the 16th consecutive year, InformationWeek is conducting its U.S. IT Salary Survey. To date, more than 200,000 IT professionals have participated in this survey. Take our <a href="http://informationweek.2013ITSalarySurvey.sgizmo.com/s3/?iwid=pl">InformationWeek 2013 U.S. IT Salary Survey</a> now, and be eligible to win some great prizes. Survey ends Jan. 18. 2013-01-04T12:30:00ZReading This Column Will Cost You 0.4 MicromortIt pays to assess risk properly in making IT and other big decisions. Here's what not to do.http://www.informationweek.com/global-cio/interviews/reading-this-column-will-cost-you-04-mic/240145562?cid=RSSfeed_IWK_Authors <div style="margin:0; padding: 0 0 10px 10px; width:135px; float:right; text-align:center;"> <img src="http://twimgs.com/informationweek/1354/goethe_image.jpg" width="110" height="147" alt="same as caption" hspace="0" vspace="0" border="0" /> <div style="margin:4px 0 0 0; padding:0; font-weight:bold;">"The dangers of life are infinite, and among them is safety" -- Goethe</div> </div>  We all tend to misjudge risks. Which animal is the most dangerous: the hippo, shark, bear, lion or tiger? Most people wouldn't guess that those friendly looking hippos cause <a href="http://www.animaldanger.com/most-dangerous-animals.php">more human deaths than those other animals combined</a>. But even hippos are safe compared to texting while driving, with its 6,000 annual casualties. The subject of risk and risk perception is elegantly outlined in <a href="http://www.amazon.com/Science-Fear-Shouldnt-Ourselves-Greater/dp/0525950621">The Science of Fear</a> by Daniel Gardner. Unlikely events are unintuitive. Various biases influence people to make wrong gut decisions. Nobel Prize winner Daniel Kahneman gives a great introduction to these biases in <a href="http://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374275637">Thinking, Fast And Slow</a>. Here are some that play a role in risk evaluation: -- Confirmation Bias: I see what I already believe. -- Anchoring and Adjustment Heuristic: I am influenced by the first piece of information I receive. -- Ambiguity Effect: I avoid options with unknown probabilities. -- Bandwagon Effect: I tend to do what others do. -- Availability Heuristic: The story I remember is more powerful than data. As a society we pay little attention to truly risky events such as asteroid hits and the overuse of antibiotics. At the same time we are overly sensitive to such relatively small risks as the dangers of using nuclear energy. [ BYOD brings risk into the IT environment. Read <a href="http://www.informationweek.com/global-cio/interviews/5-ways-to-stay-ahead-of-consumerization/240145037?itc=edit_in_body_cross">5 Ways To Stay Ahead Of Consumerization Of IT</a>. ] A light-hearted approach to personal risk is the use of <a href="http://en.wikipedia.org/wiki/Micromort">micromorts</a>. A micromort is a micro-probability, a one in a million chance of dying. A lifetime probability of dying is one mort, so one day costs about 39 micromorts for the average person. Smoking 1.4 cigarettes costs a micromort, same as living within 20 miles of a nuclear power plant for 15 years. Micromorts are a good way to compare relative risks.   <div style="margin:0; padding:0 0 10px 15px; width:244px; float:right;"> <div style="margin:0; border-top:1px solid black; border-bottom:1px solid black; padding:6px;"> <a href="http://www.informationweek.com/global-cio/"><img src="http://twimgs.com/infoweek/1217/217ID_GlobalCIO_75.jpg" width="75" height="75" border="0" align="right" alt="Global CIO" style="margin:0 0 6px 6px;"></a> <div style="margin:0 0 6px 0; font-size:1.3em; font-weight:bold; color:#113e53;">Global CIOs: A Site Just For You</div> Visit <a href="http://www.informationweek.com/global-cio/">InformationWeek's Global CIO</a> -- our online community and information resource for CIOs operating in the global economy. </div> </div>   So how does this analysis apply to IT? Here's an example: I was tasked to drive the technical infrastructure design of a complex manufacturing system. We had to make decisions about the failover capabilities. We used some of the usual tools (component failure impact analysis, fault trees) to hit the sweet spot: acceptable availability with a reasonable price tag. The business owners didn't like the design; they wanted to spend more money and increase the availability. When we pointed out that, based on historical data, 90% of the outages were due to human errors, the light bulbs came on: We could have spent an extra million dollars to move the technical environments to five 9s, but it would have an impact on only 10% of the unscheduled downtime. Exposing the relative risk helped us to make the right investment decision. Following are a dozen risk-related IT anti-patterns and worst practices. 1. Whose signature is it anyway? Often the inappropriate person takes the risk. IT is seldom the owner of the business process or steward of the information. IT can help express the likelihood of an event, offer solutions and calculate costs. Signing off on a particular solution and associated risks should be the responsibility of the business owner. 2. Complexity. Growing IT complexity increases the probability of losing data integrity, confidentiality and/or availability. Gaining control over the complexity inspired the <a href="http://en.wikipedia.org/wiki/Zachman_Framework">first enterprise architecture frameworks</a> in the 1980s. Despite many similar efforts, success stories of addressing IT complexity are rare. 3. Intangible risks. Some impacts are difficult to measure. Therefore, calculation of such risks is up to subjective interpretation and politics. 4. Human error. Studies agree that the most common cause of system downtime is human error. Focusing on the technical aspects won't address this problem. The best way to approach this risk question is to look at the whole people/process/technology stack.5. Vendor hype. Most IT vendors are ethical and partner with their customers. And then there are those that just want to make a quick buck. What better way to make a profit than to emphasize some risks and provide convenient solutions? They have read Daniel Kahneman's book. 6. The Dark Side. The bad guys are innovating too. They have business models and sophisticated toolkits, and they've learned to be patient and persistent. They use technologies like GPU clusters and botnets. They form networks to ride <a href="http://en.wikipedia.org/wiki/Kleiber%27s_law">Kleiber's quarter-power law of innovation</a>. 7. Volume. As volume (data, I/Ops, Gb, Flop, etc.) grows, formerly solid technologies turn vulnerable. Infrequent drive failures aren't so unlikely in 100-petabyte-scale storage. Large distributed systems introduced such concepts as <a href="http://en.wikipedia.org/wiki/CAP_theorem">Brewer's theorem</a>. 8. Intuition does not work. It would feel reasonable to multiply the likelihood of an event with the impact and invest a somewhat smaller amount to avoid the consequences. But this approach does not work when the event is extremely unlikely and the impact is extremely costly. Many IT disaster scenarios fall into this category. 9. Risk management in silos. It's much easier to focus on individual applications or systems instead of looking at the integrated business process crisscrossing the silos. By addressing the risks in the silos, the truly valuable business process is still at risk. Efforts to do business-impact analysis turn into system-impact analysis. 10. Over-engineering. Although this doesn't sound like a big deal, over-engineered technical solutions are bad. The extra capital and operational expense matters most when it's about marketplace survival. 11. Compliance confidence. Achieving compliance feels and looks good, but it doesn't mean that the risks have been addressed at the appropriate levels. Cybersecurity is a good example -- it's easy to create an IT solution that's perfectly safe while completely unusable. 12. Emerging technologies. Progress is disruptive in both a positive and negative way. Emerging technologies open doors to new possibilities and close others. And they also introduce new risks. One example is big data analytics: When combined, pieces of low-risk information may turn sensitive. A smart person always delivers the problem to the boss with suggestions. After bringing you the list of risk-related anti-patterns, my suggestion to you is to listen to Goethe. And I hope the 0.4 micromort you expended reading this column was worth it.