Monday, August 3, 2009

Be wary of rating agencies

Ruv Cohen, over at Elastic Vapor, proposed an interesting idea for a Cloud Service Rating Agency. The idea was furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r defined as a "Cloud Performance Ability (CPA) that estimates it's ability to meet certain service levels"; similar in intent to Standard & Poor's Claims-Paying Ability rating for an insurance provider explained as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "financial capacity to meet its insurance obligations".

I love cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 concept of some standard, some metric that allows us all to look at a complex issue and agree what we're looking at, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are a few problems:

  • Metrics and ratings hide nuance, by design, which may be a relevant factor in your personal evaluation of a provider
  • Every single rating agency has shown cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365mselves vulnerable to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 introduction of complex artefacts - look at what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 introduction of CDO's ushered in and how credit scoring behaved
  • Most rating agencies are for-profit entities, which means that while integrity is a priority in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir branding, it is almost certainly not cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 topmost priority in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir business objectives

(more issues with credit rating agencies can be found on wikipedia)

Now, before you think I pick on rating agencies unfairly, ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r public trusts (such as public audit firms) have suffered from conflict of interest problems, that have led to bad decision making (Arthur Andersen's involvement in Enron is a canonical example and one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reasons for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 existence of Sarbanes-Oxley legislation).

So bottom line, if you establish for-profit providing rating services, ultimately cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 integrity (intentionally or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise) will come into question.

Experience has also taught us that self-administered assessments - unless exceptionally detailed - are at best somewhat informative, at worst cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365atre (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 early days of PCI-DSS come to mind).

If we were to build a Cloud Service Rating Agency, what we would really need is an independent, non-profit entity, something like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 North American Electric Reliability Corporation (NERC). An entity with claws and a focus on assurance, so while I agree with James Urquhart that data is not electricity, I think it's an interesting industry to draw lessons from.

No comments:

Post a Comment