In the good old days we had hardware and software, and for many small businesses this distinction is still workable. But over time the usefulness of this separation diminished. Operating systems software clearly belonged with the hardware and gradually more software came to be seen as part of the essential layers that enabled business applications, IT services, to be delivered. The separation of infrastructure and application is now more useful to managers as the two areas have different management needs, different risk issues and produce benefits in different ways.

Infrastructure investments are by their nature long term. It is anticipated that new applications will be added from time to time – and others phased out, while the infrastructure changes slowly. In fact, changes to the infrastructure will be additions of capacity, addition of new infrastructure elements, and repair and maintenance. These should be taking place in the framework of an architecture, an overarching design that aims at long-term evolutionary growth. Infrastructure investments tend to be large and the direct business benefit may be missing. Infrastructure may simply be ‘enabling’ – a necessity for being in business, but no return on investment may be calculable. In such a context, the risks can be high, if not extreme. Many of the major project failures that attract the headlines are infrastructural in nature.

The failure of public infrastructure such as roads, rails systems and ports is usually obvious, and the causes are few. The same causes apply to IT infrastructure: inappropriate design for the applications and services that build upon it; inadequate capacity to deal with the workloads; insufficient maintenance to keep it in proper repair. But IT infrastructure has additional risks and opportunities for failure, such as selection of standards, interoperability of components – especially during upgrades – and the capacity to support unanticipated applications in the future.

When infrastructure fails, all the applications and IT services that are built upon it are also threatened. The cost of rebuilding infrastructure that has gone beyond its useful life can be enough to challenge many organizations. There is a paradox that faces the infrastructure designer: legacy systems are risky and so are new systems. You’re damned if you do and damned if you don’t (hang on to legacy systems). Legacy systems become progressively more difficult to support, more expensive to maintain and more ‘frail’. They are, however, ‘the devil you know’  Their wholesale replacement by new systems can be equally risky. Phasing out maintenance of an old, fragile system when expecting the timely introduction of new, can be ‘very brave’.

— Extract from Beating IT Risks, Chapter 1: Thriving on risk —