The financial industry uses the term ‘Value at Risk (VAR) to quantify various aspects of risk. This statistical technique calculates the amount of financial loss that can occur within a portfolio or investment over a specific period of time. A mathematical way to figure out the ripple effect of a risk is to figure out if an investment should be made and how much it will cost if things go wrong.
Even in the world of cloud computing, especially cloud computing architecture, it is necessary to determine the maximum expected loss every day. You cannot eliminate risk, but you can manage it. First, you need to understand the pros and cons of using different technologies at different price points.
For example, triple redundant storage uses different cloud service providers to reduce the risk of a single cloud service provider going down, affecting primary and secondary storage systems. It also uses additional redundant storage systems from other cloud service providers.
This will dramatically reduce the risk of the storage system being shut down in any case. The risk itself doesn’t go away, but the cost of reducing it is nearly three times higher. That is, if a single storage system costs $300,000 annually, triple redundant storage costs $900,000.
Now let’s move on to the next question. Is it worth the extra storage cost to lower the risk? The answer is to consider the maximum expected loss for each technology choice and configuration decision.
Consider the value of extra IT resources running on standby. The cost easily doubles, but you have to evaluate how much risk it reduces and how big the business impact is. The assessment requires a good understanding of the risk components of the business and the technologies that can reduce it.
Let’s take two extreme examples.
At one end are companies that believe that cloud service providers will continue to deliver great uptime without any disruption. Although there is a risk, it is not risky enough to incur additional costs. One can think of an industry where an IT system can go down for hours and continue to operate, and the failure does not seriously affect the business. There aren’t many companies that fit into this category today, but they do exist. Risk is not a big concern for these companies. In technology selection and configuration, little consideration is given that the chosen technology may one day fail.
At the other end, risk prevention is the most important consideration for companies. Many businesses, including banks, can’t stand system outages and can lose more than $1 million an hour in lost revenue. The value of the maximum expected loss and risk reduction is much greater, and the most expensive system is chosen to reduce the risk that the system may be down.
Most companies are somewhere between these two extremes, and the value of risk aversion is not clearly defined. These companies must first conduct an analysis to determine how well they can tolerate risk and define the value of risk avoidance.
Few cloud architects today know how to correlate risk and value. You may decide that you have to spend money to avoid unnecessary risk, or conversely, the cheapest solution will suffice.
Most of the cloud architecture solutions are based on false assumptions about risk tolerance, so either too much or too little. It doesn’t take rocket science to figure out how much risk you need to avoid to optimize value. Just take your time and calculate the maximum expected loss. [email protected]
Source: ITWorld Korea by www.itworld.co.kr.
*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!