The product risk analysis vs. the cloud risk analysis

Posted on by

What is the difference between a cloud risk analysis and a product risk analysis? I’ve tried to create this list to show waht the differences are:

  • The result of a cloud risk analysis is a 3D model of the risks. It gives insight in the damages and chance of failure per characteristic, object part and layer.
  • The larger amount of stakeholders, like for IT the Enterprise architects, owner of the cloud layer, 3rd party service suppliers, and for the business Marketing and end services users.
  • Within clouds, a service is the relevant object part as a part of a business process. Functionality, for example, is no longer formed by a number of subsystems but by services. The characteristic functionality can be subdivided into the various services and the totality of the object parts is the business process. The same reasoning applies to the remaining characteristics. To get a complete overview of all services and business processes, which fall within the scope of the cloud project, the object parts are arranged by characteristic in a table.
  • Agreements on what are and what aren’t standard services (step 3). These standard services are not tested separately, but only in the end-to-end test. The 3rd party service supplier can be enforced to comply with a Statement of Work (SoW) where the expected quality of the service is agreed upon. The use of Quality Gates can help in getting transparency in the quality of the service.
  • Functional testing is of lesser importance. As their supplier approves the functional requirements of the standard services, functionality is of lesser risk. But non-functional requirements are not sufficiently allocated in the tests of the supplier. Integration of the standard services in the cloud has the priority of test, for example performance, security and integration testing. Non-functional requirements should get a higher risk class compared with functional requirements.
  • Chain risks are always determined in a cloud project, as a cloud consists of multiple layers they should always be tested at least once in an end-to-end test.
  • Because of the greater complexity and dependence of standard services the risk classes of High, Medium and Low are not always sufficient. A more empirical method of risk classes is preferred, like for example numbers.
This entry was posted in Clouds, Ewald Roodenrijs and tagged , , by Ewald Roodenrijs. Bookmark the permalink.

About Ewald Roodenrijs

Ewald is employed by Cognizant Benelux. Currently he’s responsible for research & development of testing. He's been a forerunner in the field of test innovation for the last 5 years. Ewald has been working on different (global) test innovations like testing clouds, model-based services, and using new media in testing. In the field as a manager or consultant he’s always been working in the ‘grey’ area between IT and Business. In 2011 Ewald won an internal Innovation Award in Testing. He also co-authored books on quality and testing in IT, he speaks at conferences around the world, authored various national and international articles in expert magazines and created various training courses.

295 thoughts on “The product risk analysis vs. the cloud risk analysis

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Before you submit form:
Human test by Not Captcha