Risk and the Ten Commandments of Cloud Computing

The ten commandments of cloud computing show a refreshingly mature attitude to risk.

Early this week I attended the media launch of Data Sovereignty and the Cloud – a white paper from the University of New South Wales’ Cyberspace Law and Policy centre.

The event was refreshingly free of a lot of the hype or hysteria that cloud computing events usually lead to. I’ve covered some of the panel session’s discussion for Business Spectator.

One thing that stood out in the presentation was the Ten Commandments of Cloud Computing which are a good guide to what businesses owners, directors and executives need to consider when looking at online services.

ten-commandments-of-cloud-security copy

Another refreshing aspect of the UNSW launch was the mature attitude towards risk – the overwhelming view of the panel, which included insurers, lawyers and academics, was that all technologies have an element of business risk and it’s a matter of identifying and managing those hazards.

Hopefully, we’ve moved on from the 1980s management view that risk is something to be eliminated at all costs. The result of that philosophy was just to shift risks into other, unforeseen areas.

The UNSW report on cloud risks is a weighty read, but it’s worthwhile if you want to get a realistic handle on exactly what the hazards are in moving to the cloud.

After all, if you don’t know what the risks are then you can’t identify, understand or manage them.

Similar posts:

Little shots at the moon

Everyday there’s thousands of people risking all on their own little moonshots.

Today I wrote a story for Business Spectator on the Google Loon project, a pilot program to see if high altitude balloons can provide affordable internet access for the developing world.

What really fascinates me about Loon and the projects in the Google X program is the concept of the ‘moonshot’. Google explain it on their solve for [x] website.

Moonshots live in the gray area between audacious projects and pure science fiction; instead of mere 10% gains, they aim for 10x improvements. The combination of a huge problem, a radical solution, and the breakthrough technology that might just make that solution possible is the essence of a Moonshot.

Great Moonshot discussions require an innovative mindset–including a healthy disregard for the impossible–while still maintaining a level of practicality.

Missing in that definition is the concept of risk – it’s easy to propose a radical, audacious solution to a problem when it’s not your money or career on the line.

On the other hand, most organisations that have the resources to experiment with breakthrough technologies stifle any thought of true innovation or radical solutions.

The advantage Google has is that parts of the organisation encourage those moonshots, although there are divisions of Google which are just as bureaucratic and staid as a chartered accountant’s or quantity surveyor’s office.

Interestingly Apple were the reverse with only one guy allowed to do moonshots and everyone below him followed him either to the moon or hell, as this wonderful story tells.

Which brings me to the little folk – the startups, small businesses and backyard inventors who don’t have the resources of Google, Apple or the US space program.

For that matter there’s also the writers, painters, musicians and other artists who are risking everything for their vision.

Everyday these people are risking everything for their little ideas as their homes, livelihoods and sometimes their relationships are on the line for their one big idea or audacious vision.

These are the real risk takers and every day they are taking little shots at the moon.

Similar posts:

Exploiting the weak points

The Great ATM Heist illustrates weaknesses in outsourcing business processes

The Great ATM Heist, where a crime gang subverted the credit card system, could well be the digital equivalent of the Great Train Robbery of the 1960s.

While the logistics of the operation are impressive with hundreds of accomplices across twenty countries, the real moral from the story comes from how the gang targeted outsourced credit card processing companies to adjust cash limits.

Again we see the risks of throwing your problems over the fence, a system is only as reliable or secure as the weakest link and, regardless of how tight commercial contracts are, outsourced services can’t be treated as someone else’s concern.

No doubt banks around the world will be having a close look at their systems and how they can trust other organisations’ outsourced operations.

Similar posts:

Risky business – is crowd funding too rich for investors and innovators

Do recent kickstarter failures show that crowd funding is too risky for most entrepreneurs and investors?

It’s sad when a Kickstarter project fails to meet its promises and the story of the Collusion Pen, a stylus designed for iPads, is a salutary lesson of how many people don’t understand when they buy into or set up a crowdfunding proposal.

The idea behind crowdfunding sites like Kickstarter is that artists, designers and inventors can publicise their projects, interested supporters can pledge funds in return for benefits like advanced previews, a signed book or an early version of version of the product.

For the Collusion pen, it’s the early version that’s upset supporters who’ve complained that the device is unusable in its current form.

Not getting the product when it was promised is standard for Kickstarter projects, late last year CNN Money reported how 84% of the site’s top listed ventures missed their target delivery dates.

The reason for Kickstarter’s apparent failures is that ideas are risky. Often, entrepreneurs and artists overestimate their skills and underestimate the scale of the task they’ve given themselves.

Added to this, Kickstarter is an expensive way to raise capital. When another Australian startup Moore’s Cloud went onto Kickstarter to fund their internet connected light, they found that to cover the $285,000 development costs they had to win pledges worth $700,000.

Moore’s Cloud missed their target and have gone on to raising money independently.

Apart from the those risks we set our expectations too high – we believe the first versions will be perfect out of the box and every idea will make the founder a billion.

In his article The Fake Church of Entrepreneurship, US business founder Francisco Dao discussed how much of the start up community is based up on religious beliefs about the sanctity of founders and that everyone can become rich by selling their idea to a greater fool.

The sad thing is that ideas are like armpits – most of us have a couple and almost all of them stink.

Not that people shouldn’t have a go; having a hare brained idea and making it a reality is the foundation of human progress. It’s just that most ideas don’t work out.

Making matters worse is our inability to evaluate risk; notable in the Sydney Morning Herald story are the consumer and investor protection angles.

If someone isn’t getting what they thought they had been promised, then “the government aught to do something.”

The biggest risk of all to Kickstarter and other crowdfunding sites is that governments will regulate them either as stores or as investments.

As investments crowdfunding projects will be hiring lawyers and bankers to draft densely worded product disclosure statements which will see ventures like Moore’s cloud having to raise a couple of million more to cover their legal costs.

Should crowdfunding be considered as a consumer issue, then projects will have be expected to deliver or face action from consumer protection agencies which would make most nonviable.

The stories of crowdfunding successes have to be considered in the same way as most artistic and entrepreneurial ventures; we hear about the winners, but we don’t hear so much about those who didn’t ‘succeed’.

While we – as consumers, investors and entrepreneurs – don’t think through those risks, we’ll be disappointed in tools like crowdsourcing which would be a shame as its a good way for some ideas to get a healthy start.

Failure image courtesy of cobrasoft on sxc.hu

Similar posts:

Smelling digital garbage

Excel spreadsheets lie at the core of business computing, but what happens when they go wrong?

Excel spreadsheets lie at the core of business computing, but what happens when they go wrong?

James Kwak writing in the Baseline Scenario blog describes how Excel spreadsheets have an important role in the banking industry and their key role in one of the industry’s most embarrassing recent scandals.

In the early days of the personal computer spreadsheets; it was company accountants and bookkeeping clerks who bought the early PCs into offices to help them do their jobs in the late 1980s .

From the accounts department, desktop computers spread through the businesses world and the PC industry took off.

Over time, Microsoft Excel displaced competitors like Excel 1-2-3 and the earliest spreadsheet of all, VisiCalc, and became the industry standard.

With the widespread adoption of Excel and millions of people creating spreadsheets to help do their jobs came a new set of unique business risks.

The weakness with Excel isn’t with the program itself, it’s that the formulas in many spreadsheets aren’t properly tested and often incorrect data is put into the wrong fields.

In his story Kwak cites the JP Morgan spreadsheets that miscalculated the firms Value-At-Risk (VAR) calculations for synthetic derivatives. The result was the London Whale debacle where traders were allowed to take positions – some would call them bets – exposing the bank to huge potential losses.

It turns out that faulty spreadsheets had a key role as traders cut and paste data between various spreadsheets and the formulas that made the calculations had basic errors.

That a bank would have such slapdash procedures is surprising but not shocking, almost every organisation has a similar setup and it gets worse as a project becomes more complex and bigger numbers become involved. The construction industry is particularly bad for this.

Often, a spreadsheet will show out a bunch of numbers which simply aren’t correct. Someone made a mistake entering some data or one of the formulas has an error.

The business risk lies in not picking up those errors, JP Morgan fell for this and probably every business has, thankfully to less disastrous results.

My own personal experience was with a major construction project in Thailand. One sheet of calculations had been missed and the entire budget for lights – not a trivial amount in a 35 storey five star hotel – hadn’t been included in the contractor’s price.

This confirmed in my mind that most competitive construction tenders are won by the contractor who made the most costly errors in calculating their price. Little has convinced me otherwise since.

In the computer industry there’s a saying that “garbage in equals garbage out” which is true. However if the computer program itself is flawed, then good data becomes garbage.

Excel’s real flaw is that it can make impressive looking garbage that appears credible if it isn’t checked and treated with suspicion. The responsibility lies with us to notice the smell when the computer spits out bad figures.

Spreadsheet image courtesy of mmagallan through sxc.hu

Similar posts:

Are there any plans to help us?

A blizzard in New York illustrates how we struggle with evaluating risk in a connected society.

Another winter storm descends upon the North Eastern United States and dozens of people get caught in the blizzard.

The New York Times describes the plight of those stuck on the Long Island Expressway and quotes Lorna Jones who was stuck in her car overnight with nothing but a bottle of Listerene for supplies.

“It’s terrible. It’s cold. I don’t know how long I’m going to be here,” said Ms. Jones, 62, a nurse who stalled near the town of Brookhaven, less than a mile from her destination. “Are there any plans to help us?”

One of the conceits of modern society is that we have help at our fingertips, that we only have to dial 911, 112 or whatever emergency code is in use and a helicopter will come to pluck us from whatever predicament we find ourselves in.

As those stuck on the Long Island Expressway found, when a real emergency hits you will join the queue in the wait for overwhelmed emergency services.

To the west, Franklin Simson’s, 18-wheeler got stuck on an exit ramp as he tried to deliver corn flour to a tortilla bakery at 3 a.m.

He said he had called the police every two hours but had received no assistance. He tried several towing companies, but they all said they were overwhelmed, he recalled. He had heat in the truck and had slept for two hours, but had no food or water.

No doubt Franklin eventually got a feed and was able to deliver his flour, which illustrates a different type of risk in an economy built around just in time logistics, but he and Lorna got off lightly – plenty of people die in these situations.

It all comes down to our modern inability to identify and evaluate risks.

Another article in the New York Times from Jared Diamond discusses the little risks in life – the one in a thousand chance events such as slipping in the shower.

These apparently small risks are actually almost certainties – if you shower once a day, you have a risk of slipping once every three years.

While it’s understandable we discount those small risks, modern communications and the perceived safety net of government regulations lull us into a false sense of security with bigger risks.

As a consequence, we invest in financial instruments we don’t understand, we rely on technologies we barely comprehend and, most importantly, we put ourselves into physical danger by venturing out into blizzards, floods or fires when anybody sensible stays at home or bunks down at the office.

Ultimately the plans to help us don’t work when dozens, hundreds or thousands of people are affected. The best we can do is to evaluate and manage risks as best as we can.

We have the tools to do this, the tragedy is we are far better informed about the risks around us than our forebears, which makes our modern inability to judge the risks we take so much more of a paradox.

Image courtesy of ColinBroug through sxc.hu

Similar posts:

In it to win it – does overcompetitiveness hurt entrepreneurs?

Does the winning at all costs mentality actually hurt entrepreneurs when business isn’t a zero sum game?

I’ve written before about entrepreneur and venture capital investor Mark Suster and his writings about business are always worth reading.

His recent post pulling together writings on the DNA of an entrepreneur is interesting reading however one point jars – competitiveness.

In Steve’s view competitiveness is about winning at all costs and crushing the opposition.

That’s fine when competing for a customer, fighting over market share or pitching to the same VC investor, but business usually isn’t a zero-sum “if I win, you lose” equation.

Sometimes its about complimentary strengths. In the early days of PC Rescue I tried to partner with an old colleague who had set up a competing business.

Mark was actually a better computer tech than I was, my strengths lay more in sales and administration, had we teamed up we’d have been a good combination.

Unfortunately Mark took Suster’s view of ‘winning at all costs’ and when I foolishly referred customers to him because I was either busy or thought he could do a better job, I found he was stealing those customers.

Eventually I had to cut ties with him, and it cost him money and the chance to be part of something bigger. Mark was greedy but I’m sure he thinks he ‘won’ against me when there really wasn’t a contest.

Geeks are particularly poor at admitting they have weaknesses, in fact their lack of self understanding could be their greatest weakness of all. So drumming a ‘win at all costs’ message into their heads is almost certainly counter productive.

It may well be that this win at all costs view is damaging the mental health of many entrepreneurs, by viewing what others are doing through a prism of “I have to win” almost guarantees depression as often the life of an entrepreneur is more steps backwards than forwards.

As most reporting of startup and entrepreneurs is distorted by survivor bias, we often gloss over this latter point – in reality starting your own business, particularly one that’s under-capitalised, is hard and tough work with a high chance of failure.

That chance of failure means a ‘win at all costs’ mentality could result in a generation of mentally damaged former entrepreneurs.

Mark Suster’s views are really good on what drives the Silicon Valley model of business. We need to take care though we don’t take the wrong lessons which end up hurting our businesses, families and our own mental well-being.

Jackpot image from Henriette via SXC.HU.

Similar posts: