Managing the the Technical Debt lifecycle. In this presentation we explore the evolution of the metaphor, the value it brings to organizations and challenges to successful adoption.
The full audio and video can be viewed at http://blog.acrowire.com/td-webinar.
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]日本マイクロソフト株式会社
日本マイクロソフト株式会社
クラウド&ソリューション事業本部 サイバー セキュリティ&コンプライアンス統括本部 コンプライアンス技術営業本部
小野寺 真司
リモートワークが普及し、他者の目を意識する機会が減った結果、意図的・偶発的な内部不正事案が増加しています。
本セッションでは Microsoft 365 E5 Compliance による内部不正対策についてご紹介いたします。
【Microsoft Japan Digital Daysについて】
Microsoft Japan Digital Days は、お客様が競争力を高め、市場の変化に迅速に対応し、より多くのことを達成することを目的とした、日本マイクロソフトがお届けする最大級のデジタル イベントです。4 日間にわたる本イベントでは、一人一人の生産性や想像力を高め、クラウド時代の組織をデザインするモダンワークの最新事例や、変化の波をうまく乗り切り、企業の持続的な発展に必要なビジネスレジリエンス経営を支えるテクノロジの最新機能および、企業の競争優位性に欠かせないクラウド戦略のビジョンなどデジタル時代に必要な情報をお届けいたしました。(2021年10月11日~14日開催)
This presentation of which title is "Successful point for the IT Project Management" is for PMI Japan Monthly Seminar in March by Mr.Shinji, Notohara,Director,
IT innovation,inc,Japan.
7 Steps to Pay Down the Interest on Your IT Technical DebtCAST
Dr. Bill Curtis - Dr. Bill Curtis, Senior Vice President and Chief Scientist with CAST - lays out the “Technical Debt Management Cycle”, a 7-step process for analyzing and measuring Technical Debt so you can relate executive business priorities to strategic quality priorities for reducing business risk and IT cost. It includes a formula to benchmark your Technical Debt against industry data, or adjust the parameters to best fit your organization’s own maintenance and structural quality objectives, experiences, and costs.
S08_Microsoft 365 E5 Compliance による内部不正対策の実践 [Microsoft Japan Digital Days]日本マイクロソフト株式会社
日本マイクロソフト株式会社
クラウド&ソリューション事業本部 サイバー セキュリティ&コンプライアンス統括本部 コンプライアンス技術営業本部
小野寺 真司
リモートワークが普及し、他者の目を意識する機会が減った結果、意図的・偶発的な内部不正事案が増加しています。
本セッションでは Microsoft 365 E5 Compliance による内部不正対策についてご紹介いたします。
【Microsoft Japan Digital Daysについて】
Microsoft Japan Digital Days は、お客様が競争力を高め、市場の変化に迅速に対応し、より多くのことを達成することを目的とした、日本マイクロソフトがお届けする最大級のデジタル イベントです。4 日間にわたる本イベントでは、一人一人の生産性や想像力を高め、クラウド時代の組織をデザインするモダンワークの最新事例や、変化の波をうまく乗り切り、企業の持続的な発展に必要なビジネスレジリエンス経営を支えるテクノロジの最新機能および、企業の競争優位性に欠かせないクラウド戦略のビジョンなどデジタル時代に必要な情報をお届けいたしました。(2021年10月11日~14日開催)
This presentation of which title is "Successful point for the IT Project Management" is for PMI Japan Monthly Seminar in March by Mr.Shinji, Notohara,Director,
IT innovation,inc,Japan.
7 Steps to Pay Down the Interest on Your IT Technical DebtCAST
Dr. Bill Curtis - Dr. Bill Curtis, Senior Vice President and Chief Scientist with CAST - lays out the “Technical Debt Management Cycle”, a 7-step process for analyzing and measuring Technical Debt so you can relate executive business priorities to strategic quality priorities for reducing business risk and IT cost. It includes a formula to benchmark your Technical Debt against industry data, or adjust the parameters to best fit your organization’s own maintenance and structural quality objectives, experiences, and costs.
IDC & Gomez Webinar --Best Practices: Protect Your Online Revenue Through Web...Compuware APM
Did you know that 85% of users complain about slow response time? Poor web application performance can directly impact your bottom line
The success of your critical eBusiness initiatives depends on your ability to deliver quality web experiences. Unfortunately, 65% of applications are not properly load tested prior to launch, resulting in lost revenue, increased support costs and brand damage. So how can you ensure success when launching new applications, adding features, deploying new infrastructure, rolling out marketing campaigns, or preparing for seasonal spikes like the holiday shopping season?
Join us as our guest speaker, Melinda Ballou, IDC’s Program Director for Application Life-Cycle Management research discusses challenges, drivers and best practices for effective web performance testing and quality life-cycle management for today’s rich and complex applications. Additional topics that Imad Mouline, Gomez’s CTO will cover in this session are:
Best practices for ensuring the success of critical eBusiness initiatives
The end-user experience and business impact of emerging web technologies like Rich Internet Applications, virtualization, cloud computing and Web 2.0
A new approach for web performance and load testing that’s easy to use, delivered on-demand, and enables you to find and fix problems before they impact customers
Who Should Watch: Line of Business and eCommerce Managers, Interactive Marketing, Brand Managers, Project Managers and IT Operations Executives.
Cutting IT Costs by Applying Lean Principles CASTCAST
Review our presentation on how the Lean practices pioneered in the Toyota Production System apply to the Application Development and Maintenance (ADM) of business software.
Adaptive software development processes epitomized by Agile methodologies are based on continual improvement – incremental changes that emerge as teams iterate and learn about the product they are developing. This appears to conflict with the world of the program office, responsible for defining the software development lifecycle (SDLC), in which a stable and repeatable development process with well-defined ownership and controls is a common objective. Using recent examples in which agile methods have been successfully introduced into large organizations with existing SDLCs, we consider the difficulties of creating a verifiable process when the process itself is continually being modified, and look at how software development can be managed and controlled without stifling the benefits of adaptive software development processes.
A Data-Driven Approach to Balance Delivery Agility with Business Risk
While there are many ways to define and measure Technical Debt, one thing is clear—it has been growing exponentially as maintenance is starved and development teams are forced to cut corners to meet increasingly unrealistic delivery schedules. CAST clearly defines Technical Debt as the cost of fixing the structural quality problems in an application that, if left unfixed, are highly likely to cause major disruption and put the business at serious risk. Once Technical Debt is measured, it can be juxtaposed with the business value of applications to inform critical tradeoffs between delivery agility and business risk.
Transform Your Application Portfolio - and Keep Your Focus!Software AG
Application Portfolio Management is a discipline used to justify and measure the business value of each application in comparison to the cost of maintenance and operations. But Enterprise Architecture Management http://www.softwareag.com/corporate/products/aris_platform/aris_design/business_architect/capabilities/default.asp also plays an important role in solving this challenge. How do these two disciplines fit together? Is Application Portfolio Management a pure IT-related topic? Find out how Software AG’s ARIS Enterprise Architecture Management solution provides the methodology, the tools and best practice to answer these questions. To watch the full video, visit the Software AG resource center http://www.softwareag.com/corporate/rc/rc_perma.asp?id=tcm:16-105334.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Managing Technical Debt
1. Webinar:
Managing Technical Debt
Audio and video of this presentation are available at the link below
http://blog.acrowire.com/td-webinar
1
2. Ted Theodoropoulos
President
Acrowire
ted@acrowire.com
Michael Milutis
Director of Marketing
Computer Aid, Inc. (CAI)
Michael_milutis@compaid.com
2
3. Ted Theodoropoulos
President of Acrowire Technology Consulting
•Application Development
•Business Process Improvement
•ALM/Tech debt assessments
Programming since 1982
•TI-99/4a using BASIC
Microsoft SQL Server Team
10 years at Bank of America
•Development Team Manager
•IT Auditor
•Senior VP in Operational Risk
Undergrad in Mathematics & MBA from UNC
Six Sigma Black Belt/CSM/MCP
3
4. PDU CREDITS
FOR THIS WEBINAR
The Project Management Institute
has accredited this webinar with PDUs
4
7. 1. Introduction
Outline
1.Introduction
2.What is technical debt?
3.Opportunities and challenges?
4.Business impacts
5.Foursquare case study
6.Managing the lifecycle
7
9. 2. What is technical debt?
Evolution
Ward Cunningham
Invented the wiki in 1994
Coined the term at OOPSLA in 1992
Technical Debt includes those internal things that you choose not to do
now, but which will impede future development if left undone. This
includes deferred refactoring.
Technical Debt doesn't include deferred functionality, except possibly in
edge cases where delivered functionality is "good enough" for the
customer, but doesn't satisfy some standard (e.g., a UI element that isn't
fully compliant with some UI standard).
9
10. 2. What is technical debt?
Evolution
Jeff Sutherland
Cofounder of Scrum
Opined at Scrum Gathering in 2006
Described the following technical debt scenarios:
• The code is considered part of a core legacy system, in which its functionality is
connected to so many other parts of the system that it’s impossible to isolate any
one component.
• There is either no testing or minimal testing surrounding the code. Although it
may sound redundant, it is necessary to point out that without comprehensive
unit tests, it is impossible to refactor the code to a more manageable state.
• There is highly compartmentalized knowledge regarding the core/legacy system,
supported by only one or two people in the company.
10
11. 2. What is technical debt?
Evolution
Steve McConnell
Author/Software Engineer
Proposed First Taxonomy in 2007
I. Debt incurred unintentionally due to low quality work
II. Debt incurred intentionally
II.A. Short-term debt, usually incurred reactively, for tactical reasons
II.A.1. Individually identifiable shortcuts (like a car loan)
II.A.2. Numerous tiny shortcuts (like credit card debt)
II.B. Long-term debt, usually incurred proactively, for strategic reasons
11
12. 2. What is technical debt?
Evolution
Martin Fowler
Author/Software Engineer
Established TD Quadrants in 2009
12
13. 2. What is technical debt?
Evolution
Gartner, Inc
IT Research and Advisory
Estimated $500 Billion of “IT Debt” in 2010
Gartner Estimates Global 'IT Debt' to Be $500 Billion This Year, with
Potential to Grow to $1 Trillion by 2015
"The issue is not just that maintenance keeps on getting deferred, it is that
the lack of an application inventory and the absence of a structured review
process for the application portfolio. This means the IT management team
is simply never aware of the true scale of the problem”
13
14. 2. What is technical debt?
Current
Ted Theodoropoulos
Technical Debt Practitioner
Proposed “Stakeholder Perspective” at SEI in 2011
“Technical debt is any gap within the
technology infrastructure, or its
implementation, which has a material impact
on the required level of quality.”
14
15. 2. What is technical debt?
Stakeholder Perspective
Business Development
Executives Team
Internal
Risk Infrastructure
Managers Team
Technical Environment
Board of Directors Internal
Auditors
External
Customers Analysts Shareholders Regulators
External
Auditors
Stakeholders need better transparency and engagement around
issues affecting quality in the technical environment.
15
16. 2. What is technical debt?
Quality Requirements
• Gaps impacting required levels of quality represent technical debt
• Teams can “borrow” against the ideal solution to speed initial delivery
• Interest is then paid in the form of lower productivity and/or incremental risk
• Maintenance and enhancement activities become more onerous and expensive
• Interest compounds as workarounds are applied on top of workarounds
16
17. 2. What is technical debt?
Deficits and Surpluses
• Yellow section shows gap in maintainability on which interest is paid
• Conversely blue represents unneeded functionality that must be maintained
• Deficits and surpluses in application quality cost the organization money
• Ideally green area would fill area within dashed line
17
20. 3. Opportunities and Challenges
Opportunities
Prioritization
• Business leaders always want to build new stuff
• Quantifying gaps in dollars levels the playing field
• Getting the business to recognize the value of refactoring is difficult
• New initiatives can be prioritized based ROI against debt reduction
20
21. 3. Opportunities and Challenges
Opportunities
Transparency
Know what is beneath the surface!
21
22. 3. Opportunities and Challenges
Opportunities
Risk Management
Know what is beneath the surface!
22
24. 3. Opportunities and Challenges
Challenges
Concept Fragmentation
Vendor Support Debt
Quality Debt P airing D e b t
Documentation Debt
Configuration Management Debt
Testing Debt
Legacy Debt Access Control Debt
SEO Debt
Platform Experience Debt
Refactoring Debt
Data Quality Debt
Design Debt
“Cruft is technical debt!” “Cruft isn’t technical debt!”
-Ted Theodoropoulos -Uncle Bob Martin
24
25. 3. Opportunities and Challenges
Challenges
Unknown Future State
• No standards organization currently manages to concept
• Uncertainty around what technical debt is headed
• Adoption will be hampered by this uncertainty
• SEI is leading efforts to move the concept forward
25
27. 4. Business Impacts
Platform Stability
• Technical debt is often fragile or difficult to maintain code
• Has a destabilizing effect on production systems
• This type of technical debt decreases agility and increases
defects
• Increases risk of production issues with customer impact
• Decreases ability to seize market opportunities
• Increases fire drills which impacts morale
• Lower employee satisfaction makes talent retention challenging
27
28. 4. Business Impacts
Cost of Change
• Technical debt typically compounds over time
• This phenomena increases CoC exponentially
• Customer responsiveness is inversely proportional to CoC
28
29. 4. Business Impacts
Technical Bankruptcy
• Unabated technical debt leads to ballooning interest
payments
• Over time the interest payments become all consuming
• First there are no resources available for enhancements
• Then interest payments exceed the available resources
• This is known as technical bankruptcy
29
31. 5. Foursquare Case Study
Background
• In Spring 2011, Amazon had a major outage in AWS
• Multiple availability zones (AZs) were impacted
• While the outage was disappointing it did not violate the SLA
• As Gartner points out below there were no SLAs for impacted services
Amazon’s SLA for EC2 is 99.95% for multi-AZ deployments. That means that
you should expect that you can have about 4.5 hours of total region
downtime each year without Amazon violating their SLA. Note, by the way,
that this outage does not actually violate their SLA. Their SLA defines
unavailability as a lack of external connectivity to EC2 instances, coupled
with the inability to provision working instances. In this case, EC2 was just
fine by that definition. It was EBS and RDS which weren’t, and neither of
those services have SLAs.
31
32. 5. Foursquare Case Study
Architecture
• Amazon is an infrastructure as a service (IaaS) provider
• IaaS consumers can design applications as they see fit
• Individual requirements dictate architecture
• If an app requires HA then it must be accommodated in the design
• Failing to satisfy requirements introduces risk into the environment
• Foursquare replicated across AZs instead of across data centers
• Best practices for HA were not followed
32
33. 5. Foursquare Case Study
Technical Debt
• Implementing full redundancy is not cheap
• Startup capital is a scarce resource and must be used wisely
• Replicating across AZs was cheaper than across data centers
• This architecture created a requirements gap which represents debt
• The principal of the technical debt is the cost to provide full HA
• The interest takes the form of the incremental risk
33
34. 5. Foursquare Case Study
Debt Calculation
• Based on optimal design risk of an event is 0.5%
• Design shortcuts increased risk to 4%
• Incremental risk associated with design is 3.5%
• If outage occurs, damage to brand and investor confidence
• Additionally, there will be lost users and market share
• The estimated cost of such an event is $1M
Incremental Risk: 4%-0.5% = 3.5%
Cost of Failure: $1,000,000
Interest: $35,000
34
35. 5. Foursquare Case Study
Prudent Debt
• Technical debt can be leveraged responsibly just like financial debt
• Assume the appropriate design cost add’l $100K to implement
• That relatively large investment would eliminate $35K in risk
• Such an investment would provide a 35% ROI
• Each dollar invested would give $0.35 back to the business
• Currently, paying off debt might be a questionable use of capital
Principal: $100,000
Interest: $35,000
Return on Investment: 35%
35
36. 5. Foursquare Case Study
Imprudent Debt
• Sometimes the risk/reward equation is out of balance
• Assume the appropriate design cost add’l $5K to implement
• That relatively small investment would eliminate same $35K in risk
• Such an investment would provide a 700% ROI
• Each dollar invested would give $7 back to the business
• Currently, paying off debt would be a wise use of capital
Principal: $5,000
Interest: $35,000
Return on Investment: 700%
36
37. 5. Foursquare Case Study
Initial Focus
Am a z o n S e rve r
T r o u b le s T a k e d o w n
“Massive failure at Amazon Web Services causes havoc…” R e d d i t, F o u rs q u a re
-GeekWire & H o o ts u i te
-M ashable
Am azon E C 2 O u tage H ob b le s We b s ite s
-Information Week
“Amazon Server Outage Blanks
Popular Websites”
-Fox News
“Amazon’s Web Services outage: End of cloud innocence?”
-ZDNet
Am azon M alfu nction R ais e s D ou b ts Ab ou t C lou d C om p u ting
-NY Times
37
38. 5. Foursquare Case Study
Retrospective Focus
"In short, if your systems failed in the Amazon cloud this week, F ailing to p lan is
it wasn't Amazon's fault,“ p lanning to fail
-O’Reilly Media -A crowire
“The AWS story
shows how We designed for failure from day one. Any of our instances, or
any group of instances in an AZ, can be “shot in the head” and
important it is to our system will recover.
think about -SmugMug
engineering when
you're designing
systemswere some websites impacted while others were not? For Netflix, the
Why for the
cloud.“ answer is that our systems are designed explicitly for these sorts of
short
failures.
-DataPipe -Netflix
“Lessons from a cloud failure: It’s not Amazon, it’s YOU!
-Webmonkey
38
40. 6. Manage the Lifecycle
Lifecycle Phases
Technical
Debt
40
41. 6. Manage the Lifecycle
Define
• Define what qualifies as technical debt in your organization
• Think through the implications of the defined boundaries
• Process must be collaborative and not done in a vacuum
• Will key stakeholders (i.e. audit, risk mgmt, IT) buy into it?
Business Development
Executives Team
Internal
Risk Infrastructure
Managers Team
Technical Environment
Board of Directors Internal
Auditors
External
Customers Analysts Shareholders Regulators
External
Auditors
41
42. 6. Manage the Lifecycle
Define
Framework Alignment
42
43. 6. Manage the Lifecycle
Identify
Signs you might have it…
• Don’t we have documentation on the file layouts?
• I thought we had a test for that!
• If I change X it is going to break Y….I think.
• Don’t touch that code. The last time we did it took weeks to fix.
• The server is down. Where are the backups?
• Where is the email about that bug?
• We can’t upgrade. No one understands the code.
43
45. 6. Manage the Lifecycle
Measure
Calculating Principal
n = Number of resources required
R = Rate (hourly average) of resource
H = Hours required
C = Costs associated with benefits, payroll, recruitment (usually ~40% of hourly rate)
HC = Hardware Costs
SL = Software Licenses
MI = Migration and Implementation expenses (e.g. consulting engagements, training, etc)
45
46. 6. Manage the Lifecycle
Remediate
Prioritization
ROI
• Refactoring initiatives can be evaluated
• Quantifying gaps in dollars levels the playing field
• Getting the business to recognize the value of refactoring is difficult
• New initiatives can be prioritized based ROI against debt reduction
46
47. 6. Manage the Lifecycle
Govern
Capital Structure
• Evaluate free cash flow volatility over time
• Determine appropriate technical debt to equity ratio
• Monitor your technical balance sheet diligently
• Establish centralized debt registration database
• Implement credit limits for high risk areas of the infrastructure
• Foster a risk management culture within the organization
47
49. Ted Theodoropoulos
President
Acrowire
ted@acrowire.com
Michael Milutis
Director of Marketing
Computer Aid, Inc. (CAI)
Michael_milutis@compaid.com
49
Editor's Notes
The web browser didn’t become popular until 1994 so inventing the wiki then is impressive