It pays to assess risk properly in making IT and other big decisions. Here's what not to do.

Imre Kabai, Contributor

January 4, 2013

2 Min Read

5. Vendor hype. Most IT vendors are ethical and partner with their customers. And then there are those that just want to make a quick buck. What better way to make a profit than to emphasize some risks and provide convenient solutions? They have read Daniel Kahneman's book.

6. The Dark Side. The bad guys are innovating too. They have business models and sophisticated toolkits, and they've learned to be patient and persistent. They use technologies like GPU clusters and botnets. They form networks to ride Kleiber's quarter-power law of innovation.

7. Volume. As volume (data, I/Ops, Gb, Flop, etc.) grows, formerly solid technologies turn vulnerable. Infrequent drive failures aren't so unlikely in 100-petabyte-scale storage. Large distributed systems introduced such concepts as Brewer's theorem.

8. Intuition does not work. It would feel reasonable to multiply the likelihood of an event with the impact and invest a somewhat smaller amount to avoid the consequences. But this approach does not work when the event is extremely unlikely and the impact is extremely costly. Many IT disaster scenarios fall into this category.

9. Risk management in silos. It's much easier to focus on individual applications or systems instead of looking at the integrated business process crisscrossing the silos. By addressing the risks in the silos, the truly valuable business process is still at risk. Efforts to do business-impact analysis turn into system-impact analysis.

10. Over-engineering. Although this doesn't sound like a big deal, over-engineered technical solutions are bad. The extra capital and operational expense matters most when it's about marketplace survival.

11. Compliance confidence. Achieving compliance feels and looks good, but it doesn't mean that the risks have been addressed at the appropriate levels. Cybersecurity is a good example -- it's easy to create an IT solution that's perfectly safe while completely unusable.

12. Emerging technologies. Progress is disruptive in both a positive and negative way. Emerging technologies open doors to new possibilities and close others. And they also introduce new risks. One example is big data analytics: When combined, pieces of low-risk information may turn sensitive.

A smart person always delivers the problem to the boss with suggestions. After bringing you the list of risk-related anti-patterns, my suggestion to you is to listen to Goethe. And I hope the 0.4 micromort you expended reading this column was worth it.

About the Author(s)

Imre Kabai


Imre Kabai is director and chief architect at Granite, a $2.5B heavy construction company. Previously he worked as the enterprise architect of Stanford Healthcare, and chief architect of the SLAC National Accelerator Laboratory. His interests include enterprise architecture, systems engineering, emerging technologies, cyber security, and data science. Imre enjoys paddling and practicing aerobatics in his vintage airplane.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights