It pays to assess risk properly in making IT and other big decisions. Here's what not to do.
5. Vendor hype. Most IT vendors are ethical and partner with their customers. And then there are those that just want to make a quick buck. What better way to make a profit than to emphasize some risks and provide convenient solutions? They have read Daniel Kahneman's book.
6. The Dark Side. The bad guys are innovating too. They have business models and sophisticated toolkits, and they've learned to be patient and persistent. They use technologies like GPU clusters and botnets. They form networks to ride Kleiber's quarter-power law of innovation.
7. Volume. As volume (data, I/Ops, Gb, Flop, etc.) grows, formerly solid technologies turn vulnerable. Infrequent drive failures aren't so unlikely in 100-petabyte-scale storage. Large distributed systems introduced such concepts as Brewer's theorem.
8. Intuition does not work. It would feel reasonable to multiply the likelihood of an event with the impact and invest a somewhat smaller amount to avoid the consequences. But this approach does not work when the event is extremely unlikely and the impact is extremely costly. Many IT disaster scenarios fall into this category.
9. Risk management in silos. It's much easier to focus on individual applications or systems instead of looking at the integrated business process crisscrossing the silos. By addressing the risks in the silos, the truly valuable business process is still at risk. Efforts to do business-impact analysis turn into system-impact analysis.
10. Over-engineering. Although this doesn't sound like a big deal, over-engineered technical solutions are bad. The extra capital and operational expense matters most when it's about marketplace survival.
11. Compliance confidence. Achieving compliance feels and looks good, but it doesn't mean that the risks have been addressed at the appropriate levels. Cybersecurity is a good example -- it's easy to create an IT solution that's perfectly safe while completely unusable.
12. Emerging technologies. Progress is disruptive in both a positive and negative way. Emerging technologies open doors to new possibilities and close others. And they also introduce new risks. One example is big data analytics: When combined, pieces of low-risk information may turn sensitive.
A smart person always delivers the problem to the boss with suggestions. After bringing you the list of risk-related anti-patterns, my suggestion to you is to listen to Goethe. And I hope the 0.4 micromort you expended reading this column was worth it.
6 Tools to Protect Big DataMost IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.
Big Data Brings Big Security ProblemsWhy should big data be more difficult to secure? In a word, variety. But the business won’t wait to use it to predict customer behavior, find correlations across disparate data sources, predict fraud or financial risk, and more.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.