Business Risk Analysis: The New ‘Alba’-rithm
October 3, 2011 Alex Woodie
How big of a threat does Jessica Alba pose to your business? Consider this: the Hollywood starlet is credited with helping to bring down the Target.com website three weeks ago after she tweeted about how excited she was with one of Target’s new Missoni products. The event reveals the previously unforeseen impact that new social networking, mobile, and cloud technologies can have on businesses, and poses a wake-up call for executives to reevaluate their business risk strategies.
In early September, Target prepared for the launch of its new Missoni product line. The $67 billion retailer had hyped the colorful new line of Italian-designed products in marketing events and online, and had succeeded in creating a big buzz. The desire to get designer clothes and accessories at a steep discount, after all, runs deep in the American psyche.
But there are other things running just as deep in the American psyche today–namely, Twitter. Just prior to Target’s Missoni launch day, Jessica Alba tweeted that she had dreamt about the new Missoni bike. Actress Jessica Simpson picked it up, and sent her own tweet about how cute the bike was. With tens of millions of Twitter followers between them, the Jessicas exert tremendous influence in our always-connected, celebrity-obsessed culture.
Target launched Missoni on September 13, and soon Target’s website was swamped to the extent that it was down for the most of the day. The new Missoni product introduction was a huge hit for Target, but unfortunately the company’s website couldn’t take all the hits.
The question then became: How could Target, which runs one of the most respected IT organizations on the planet, make such a big mistake in anticipating traffic to its website? The answer is that the Internet’s dynamics are changing faster than organizations are able to respond to them. In particular, the use of social media from smart phones has skyrocketed, making it even harder to predict where Internet traffic will flow to next.
Many organizations are not doing proper business risk analysis to deal with this new chapter in the Internet’s evolution, says Pete Dupre, chief solution architect at Micro Focus. “Executives are so distracted with, ‘I’ve got to get my social networking house in order, I’ve got to get mobile, I’ve got to figure out cloud,’ that they’re getting distracted from the fundamental basic blocking and tackling of business risk analysis,” he says.
Dupre says the CIOs and CEOs in any organization that values its reputation should gather up their QA [quality assurance] teams, go back to the whiteboard, and try to understand how their mission critical business applications are potentially exposed to the rapidly changing nature of business risk.
“It sounds corny, but even a social networking comment on Twitter is going to drive completely unforeseen load on a website,” Dupre says. “It’s an unnatural act for those QA engineers who have been around for maybe 20 to 25 years. . . to think that some comment on a social network would drive absolutely massive, out-of-character load on a system that they otherwise thought was perfectly fine.”
Dupre says we’re facing “a new chapter in business risk analysis” that even the best IT organizations are not on top of yet. Examples of the “unnatural, foreign events” that should now be popping up on CIO’s radar screens include a celebrity making a comment on a social networking site, a big event in the financial world (such as dropping interest rates), or a new government regulation. CIOs should “break from the norm, log off from your Blackberry, and start white boarding with your team [and ask] ‘To what extent have we anticipated completely unnatural foreign acts occurring and driving load to our system?'” he says.
Large e-tailers with consumer-facing websites aren’t the only ones susceptible to the new threat paradigm. Even small and midsize companies that are launching new websites or mobile Web apps to allow their customers and partners to interact with their computer systems should re-think what kinds of unnatural events could hurt Web app availability, and take steps to bolster systems.
IBM i shops that are exposing their back office systems with new Web and mobile interfaces for the first time may be particularly vulnerable, due to their overall lack of experience with running production websites and Web applications. As IT Jungle recently reported, the percentage of IBM i shops moving apps to the Web is rising quickly, as respond to their customers demands and utilize the integrated HTTP server and the wide array of Web-enablement tools.
Once you have scoped out possible “unnatural events” that could impact your system, you need to prepare for it. Micro Focus offers burst load testing capabilities in its Silk tool, and other vendors make similar products. Dupre also recommends using some of the new cloud-based load testing simulators to test the meddle of new websites and Web apps. The cloud can also help with providing elastic computing power at runtime. (Target had moved away from a hosted Amazon environment weeks before the Missoni incident, but a Target representative has been quoted as saying that was not the source of the problem.)
And when your new website goes live, watch it carefully. There are a plethora of tools out there that can give you a real-time view into website performance, which can give you a leg up when things go wrong. Synthetic monitoring tools that ping your website using “robots” to imitate user transactions is most common. One of the vendors making a mark for itself in the area of web-based application performance monitoring is Quest Software.
The vendor’s Foglight software offers traditional website server availability and performance monitoring. But a potentially more promising Quest Foglight technique is called “user experience monitoring,” which can show an organization (like Target) exactly how the Web application is behaving for one or more groups of people.
For example, if a website visitor in Dallas, Texas, is experiencing trouble, Foglight can tell the organization if everybody in the Dallas area is being effected due to a localized IP issue, or if the organization’s system is the source of the problem, explains Quest’s Erin Avery.
“We can see when problems are starting to occur, so that you can start the resolution process,” Avery says. “Sometimes you start having problems on the backend that haven’t impacted your customers yet, and we can proactively pick that up. . . so you can see exactly where in the application stack the problem is attributed to, and start the trouble shooting there.”
Foglight doesn’t support the HTTP Server built into IBM i, but IBM midrange shops serving Web traffic from Windows or Linux hosts can take advantage of the software. Most IBM i shops are hesitant to put a Power Systems box in front of the firewall, so this is probably a more common setup for the typical organization.
The heterogeneous nature of today’s Web 2.0 workloads actually makes it tougher to identify weak links in the Web infrastructure, and makes detailed monitoring a more critical factor in helping to avoid serving customers “404” errors instead of meaningful words and pictures.
“Web applications are increasingly complex,” Avery says. “Gone are the days when things were very linear and served up from one server. Today information is served up from all over the place and you have things like content delivery networks and CICS transactions.”
Jessica Alba most likely doesn’t pose a direct risk to your Web applications. But through her Twitter activity, the actress inadvertently helped to expose a real risk to the availability of your organization’s Web applications, and therefore its reputation.
This article was updated to clarify Quest’s website monitoring capabilities.