[Music] welcome back to our listeners I'm John Lim and this is the Enterprise agility podcast French Champlain and Maro are back to give us some insight into the risk implications of teal debt Mark we were talking a little bit about how application portfolio management um works with with asset management and and really the the life cycle and Technical debt um when we think bit uh further about risk um tell me more about risk in terms of what our customers are using APM for as well as how we relate this to the larger risk u u landscape for an Enterprise right so one of the things that apm's all about bringing together or supporting other facets or or embellishing the operations of other facets of of the surf now platform one of those is irm so irm is all about the management of risk policies controls and and you know it's a classic part of the you know the governance part of govern GRC um so APM we have the list of the Enterprise applications right the the systems so those are Target entities for irm and we have various things that we support such as um controls policies audits all of these things we have out of the boox workflows that integrate and work with Iran for example when you conceptualize a new application you create that application a uh set of assessment questionnaires or launs to get evaluation on data classification Disaster Recovery um things like PTO and RTO or sorry recovery Point objective and recovery time objective so how fast do we need to recover at what point how much of the data do we have to recover so those things describe using those two attributes we understand what is your your Dr plan it leads to the the the requirements for Disaster Recovery all of these different facets including the data architecture of the business application that can be rolled into understanding the classification of these information this information is rolled into your risk analysis and appropriate policies controls audits on the on meeting the policies and the controls all of this process works together at the Strategic level at the APM level or the Enterprise application Level um rather than getting down to each individual component of it which there is value to that that is also part of what irm does but at the highest level let's govern from the top and have a clean implementation and clean management of all the way down that's what it's about so that's that's our main area of support uh for IR yeah thanks Mark that's a good good um overview and and I recently I wrote a a Blog um about how technical debt really isn't technical right and and it's not this is really a business consideration so um you know maybe we'd want to rename it a little bit but really at the end of the day it's it's um several different categories and layers of of risk that we're looking at and and there always will be technical debt um you know the day you write some code um that's at risk of becoming out ofd or obsolete or less effective right so um technical debt is just a part of a technology uh landscape doesn't matter what technology and so it's something that we know it's not a mistake people think about technical debt as a mistake or error and it's not it's just the inherent nature of technology so managing it as a business risk is is very natural and as you mentioned um it really comes into play in a lot of critical areas we think sometimes about you know how um agile is our our landscape our our technical landscape to enable business functionality but then that's one one um consideration of course but as you mentioned earlier it's really that business continuity um there's great examples out there in in real life where things happen they are un unplanned of course this happens all the time and our ability to recover uh is directly impacted um and influenced by our technical Deb and how have we managed that technical debt so technical debt never goes away it's just more about how do you manage it right it's your stance and recogniz exactly recognize that it's there have visibility to how things work what is this thing made of it's not just a black box understand what it's made of and by the way who owns all these various pieces and managing that deriving a great set of controls and policies to govern what is the best practice you know knowing that any piece of coat everything you do has got technical debt it is technical debt in and of itself as long as it's providing value and not generating risk then you've got a you're on the positive side of the equation it's when it starts generating risk it starts incurring risk either because and risk by the way isn't necessarily technical a risk could be I have a technology it's really great but I cannot for the life of me hire somebody to support it nobody has that skill Mainframe skills how many people are out studying Mainframe nowadays exactly and i' I've seen exactly Mark and I've seen situations where Mainframe even today uh there's code in production uh that that performs extremely well does the job if you will but inherently of course there there's you know over time this has become a a growing risk um so that Fitness of of a technology or the fitness of a particular solution you know I I like to say that can Decay over time but it's not exactly linear with time there's some kinds of technologies that work well I mean something that's been implemented works for quite a while and I've also seen the opposite of of code or an application or service that's been put in production which you know is part of a learning maybe from from a feature or you know early release they're trying to learn but we also learn very quickly that that's not the right fit so obviously you know that's a better way of doing it you can react and respond um but I have seen situations where that's not been intentional and by putting something out uh into production um it can be very painful so that's there very quickly a nonlinear uh technical that that that became an immediate issue to to deal with so you know this is not always predictable but the key is to to monitor it to proactively manage it understand this is dynamic and this really Mark is part of what Enterprise architecture is about as I mentioned um in our prior episode it's really that life cycle of managing applications and and we understand that or continuously operating intent and purpose and and with with a established set of well-proven building blocks that you know and understand you understand the risk the controls the audits all of the stuff that goes with it the professionalism that is required to operate in the world today that's right well Mark very good um thanks for for uh your insights here and we'll wrap this up and and we'll we'll catch up a little bit more about application portfolio Management in our next episode [Music]