Managing Strategic Technical Risk

Successful business and technical organizations empower their employees to own their world.

As owners of technical products, it is our job to think about the strategic risks the technologies we rely on pose to our organization.

This article will outline two specific classes of strategic technical risk and how to mitigate them.

1. Loss of External Resources

If your organization’s core business relies on an external API to deliver value to customers then you are exposed to this type of risk. What happens to your business if the external service suddenly goes offline/gets hacked/revokes your access? Suddenly your business is dead in the water.

A great example of this occurred in 2018. Facebook was in the middle of [one of its worst privacy scandals in 2018] they began locking down their API. This resulted in many businesses losing access to an external resource that was core to their process and value delivery chain.

Due to the proliferation of available, off-the-shelf services today many businesses have serious exposure to loss of external resources.

To a certain extent it will be unavoidable in every business. It is important to be aware of this risk and minimize it where possible though. Organizations can accomplish this by:

  • Running their own build systems rather than outsourcing to services like CircleCI or Travis
  • Avoiding platform-specific cloud services where possible
  • Leaning on Open Source solutions
  • Building relationships with the humans who maintain and operate the external services you do rely on

2. Institutional Knowledge Failure

Organizations may find themselves exposed to a failure in institutional knowledge if they distribute operational business knowledge across too few people.

If Bobby Tables runs your entire data pipeline, what happens if he gets hit by a bus? More realistically speaking, what happens if he suddenly decides to leave or is forced out of the company?
Will you still be able to deliver your product to customers?
How long will it take your team to figure out what the hell he was doing when things break?

Although this class of risk is something every technical organization must live with on a daily basis, there are cultural best practices that can dramatically limit the impact of a failure in institutional knowledge:

  • Implement and value cross-disciplinary code reviews. Although potentially expensive from a time perspective, it may even be worth while to pair on reviews with one engineer reviewing from an expert perspective and explaining feedback to an engineer in another discipline.
  • Lean heavily on common open source packages and applications. If a core developer for a django project jumps ship it will be much easier for another engineer to pick up where the last left off than if the project was written in some custom framework

Leave a Reply

Your email address will not be published. Required fields are marked *