Let’s imagine that Amazon have thought a lot about it and eventually taken up the Golden Buckets idea and let’s think forward a few months, to the moment when we’ve done the planning, done some programming, and are starting to approach possible financial backers.
As such people do, the backers appreciate our excitement but see it as their job to contribute the prudence that we evidently lack. Alternatively, they are a bunch of cynical pessimists looking to talk down the value of our project so they can get more of it for their money. It doesn’t really matter which description you choose: the fact remains that they come up with a list of possible things that might go wrong. For each risk, they want to know how likely we think it is to happen, how much it will cost us if it does happen, and how we can protect or insure against it. Even if we don’t have backers and are funding it all from our own pocket money, we still need to consider these risks and ask ourselves the same questions.
I’ve divided the risks into seven classes:
- Credit risk: what if people get stuff from us and then don’t pay? This doesn’t apply to the Tunesafe project because, with golden buckets, none of our users pays us anything anyway. The only people who do pay us are Amazon, and their creditworthiness can be neatly considered under…
- Commercial risk: this business depends entirely on repackaging one service from one supplier. How vulnerable are we to that supplier’s actions?
- Technical risk: this business assumes that Amazon S3 works. What if it doesn’t, or is unreliable?
- Legal/contractual risk: does the contract we have with Amazon allow us to run Tunesafe? Could it be used to stop us later?
- Political risk: could users of Tunesafe be sent to prison?
- Client-side risk: what if people can’t run the Tunesafe software? Worse, what if they do run it but something happens later on that makes them unable to connect to their data?
- Slashdotting and doshslatting: what if our site is overwhelmed with traffic and we are bankrupted as a result? This doesn’t apply to the Tunesafe project because users pay for their own data transfer directly, so it doesn’t cost us anything, but it is still a risk that concerns a lot of potential Amazon S3 users.
Next time: commercial risk. How dependent are we on Amazon’s commercial decisions? What can Amazon do to reassure us? What can we do to protect ourselves?