Tom Peruzzi's thoughts on digital, innovation, IT and operations

the wrong trust in cloud computing

Posted in BCM, general failures, startup failures by opstakes on April 29, 2011

What we have seen last week is that even large companies like Amazon can fail – on whatever reasons and with their tons of engineers, processes, procedures, technologies and mass of systems and servers. The question for you as a (potential) customer should not be why did they fail?

They had a rapid growth and even with the best engineers ever both growth and quality cannot run the same speed, their must be some sort of risk even if we still talk about human created systems. And to be honest I really believe that it can happen to all service providers out there soon, maybe tomorrow, next week or never, the likelihood to fail is a built-in function.

But what’s the question you should ask and answer yourself: How could I survive if my (wherever) instances or data goes down? It is not the fault of your provider if you miss all your data, it’s your fault if you had no strategy on how to deal with such a disaster? Nobody will expect you to come back to live and operations within 30 min if such a case occurs but you should have your BCM work done before. I know, if you – like many running on clouds now – are within online business time and speed matters, risk is ok as long as it is not happening, afterwards you get asked what happened and why you had no plan against …

So keep in mind, data security (integrity, authenticity, availability) is always your job, you can outsource (move to cloud) parts of the technical stuff, but the management and umbrella function always belongs to you. Yes it is a pity if your service provider goes done, but it is a shame if you have no plan how to cover such scenarios and come back to ops immediately.

This is the wrong trust in cloud computing, cloud computing can help you a lot, it can mitigate your volatility, it can enable you immediate growth, fast test and beta and whatever but you should know what your cloud provider is and what he delivers, do not overtrust. The provider delivers technology, you do the mesh-up, so keep an eye on the availability and security of your mesh-up!


Ops is only in focus if it fails

Posted in 1, BCM, organizational by opstakes on April 19, 2010

You know that story, you work as good as you are and you will never get that funky stuff until your apps get public attention. So how do you mostly get attention? By failure as nearly all major projects of operations only affect people (in a bad manner) if something wrong happens. (a user will never see any change in his day to day live by getting a new IP address, but what happens if exactly that IP isn’t working …., just a silly change of an address with potential fatal attraction).

So is this either good or bad to only get money on demand? How does business think? Definitily, you – as an IT leader – has plenty of options to inverent but mainly two:

  • accept and push your budget
  • start building awareness via BCM or quality improvement programmes

The first one is the more reactive, you ask for more money, you don’t get it. If anything fails you always have the option to push back and say something like “I asked you for more money to mitigate those risks but I did not get it …” So your direct Head is responsible for your perosnal fiasco …

The second is much more aggressive. You try to offer solutions for potential scenarios, you interact directly with all related departmens and they will start putting pressure on the CEO to get money to mitigate/diminish their business risks (you hear, it is no longer an IT risk, it has changed to a business risk) You drive the BCM initiative and get the money via the involved departments, everybody happy but:

  • BCM never stops, don’t forget to block money/resources in your budget for the upcoming years
  • after a BCM initiative is before a BCM initiative, risks/business changes and you should discuss those changes in an open minded environment.
  • a failure after such an initiative could potentially risk your job, so be aware to make sure that you get what you promised!

There will always be some risks you never can mitigate that easy, but most of them should fit into a BCM initiative.

So how to start? Talk to the departmens, understand their demands, get their OK for BCM and start your BCM lobbying parties … after a while make a good presentation at C* level and declare how and when and what happens, if BCM will not start. Sounds easy, is easy, but it will need you and the awareness of all involved departments. It is not a fight IT versus board, it is the “we make it better” party!

But what to do if it still fails? Open dialogue, fresh information about your plan to react and a fast closing project after you have installed some work arounds are the only way to get back respect and trust.

We know it better

Posted in BCM, ISMS, ITSM, KnowHow, Skill, startup failures, technical by opstakes on November 17, 2009

Potentially yes, but how to be sure? It is of tremendous importance that a growing organization knows what it is able to deliver and how to get additional knowhow/expertise/resource on board. This is not a prayer for externals but:

  • understaffed organizations fail on a long term view
  • there is no more space for innovation, thus you stop developing you, your employees, your organization
  • Peaks should be offloaded, innovation stream not be broken
  • you cannot know everything the way the market does

So keep in mind, that you should only run your strategic stuff and if you start innovation, bring the market experience in. This does not mean that external partners do all the work. Where necessary, they should support, assist, coach you, but you are the one who knows your business best and if you bring in externals, do not forget to manage them. They are just people, maybe good ones with special expertise, but they are people like your employees are, the need order, direction and management. An uncontrolled external is a potential high risk for your organization as he is seen as a special knohow carrier and he can not only break your project, he can damage your organization too.

So to summit, two things to say: Bring in external partners where necessary, nobody expects you and your org to know everything better than the market. And last manage partners to deliver successful and in-time projects.

BCM is not Infrastructure

Posted in BCM by opstakes on November 16, 2009

It is all time the same. Nobody know why, but the myth of “we must have bcm” is in everyone’s ear within IT department. First enthusiasts start reading what BCM (Business Continuity Management) should look like and immediately the first failure begins:

  • BCM is a Business topic
  • IT should be invited to join business wide BCM and not vice versa
  • BCM is a process driven topic, not infrastructure

So BCM is much more a company wide umbrella and as IT Service Continuity Management in ITIL v2 already claims, the mission of the IT is to support the Business Continuity, not to run, drive it.

What we often see ist that there is often seen a direct link between resilience, high availability and BCM. Yes, at the end, all those kinds of providing a more robust service will likely be part of the mitigation plan of the BCM initiative but keep in mind that BCM for IT is:

  • Define business critical processes
  • Define technical services supporting those
  • Assess and analyse risks assiociated to those services
  • Define action plan for those risks (accept, mitigate ,delegate, solve)
  • Define operations handbook and declare how desaster process is invoked by ops stuff
  • ….

Reading those lines shows that only the mitigation/solve in the risk plan is a real “technology” part.

Definitely it is always a good idea to think about risks and how to mitigate, solve or whatever. BCM is much more a method to drive your thoughts/ideas to the mission critical services, nearly nobody will need a resilient lab 🙂 in terms of a desaster (except you are a research organization). So focus on your value supporting technology and do your best and stop thinking in a tech-way only, it is the business which should be supported, not the nice blinking light in your Rack ^^

Tagged with: , , , ,
%d bloggers like this: