On Eggs and Baskets
There's an old proverb, sometimes misattributed † to the character Sancho Panza in Miguel de Cervantes Don Quixote: “Do not put all your eggs in one basket”.
It seems to make sense. Put all our eggs in one basket and a single accident can destroy them all. But as Mark Twain points out, there is an alternative strategy:
Behold the fool saith, “Put not all thine eggs in the one basket” — which is but a manner of saying, “Scatter your money and your attention;” but the wise man saith, “Put all your eggs in the one basket and WATCH THAT BASKET.”
(From Puddn'head Wilson, by Mark Twain.
These are two good risk management strategies, and it's interesting to look at some situations where each of these strategies are employed.
When designing a computer system, redundancy is typically added so that loss of one computer or disk drive due to hardware or software failure will still leave an operational system. Often, remote mirroring will be used to ensure that the data is held at two or more physical locations. If a fire destroys one data center, another data center can take over its task. On the negative side, it costs more to run and protect two data centers from physical entry, physical damage, or hacking. In addition the communications between the two data centers creates a new vulnerability which must be considered. Finally, many losses are due to operator or logical errors, which may affect both data centers simultaneously.
RAID systems (Redundant Array of Inexpensive Disks) are based on the premise that it's easier and cheaper to build a reliable system using multiple not-so-good and not-quite-so-reliable disks than it is to build or buy a single ultra-reliable super-disk.
In the book Beneath the City Streets, Peter Laurie looks at secret civil defense preparations in the United Kingdom during the cold war. The author contrasts the use of buried telephone cables with microwave towers for transmitting phone calls. In the case of civil unrest, microwave towers can be defended; buried telephone cables are easily attacked and are impossible to defend. When the threat is external, the situation is reversed. Microwave towers are easy to identify and attack, so buried cables are be preferred. In addition, Microwave transmissions are vulnerable to interception by satellite — in the book Bravo Two Zero, Andy McNab describes a failed SAS mission during the 1991 Gulf War which aimed to destroy buried fiber-optic cables and thus force radio communications to be used.
Bank branches now carry relatively little cash, and as a result the frequency and seriousness of bank branch robberies appears to be declining. The Northern Bank robbery in Belfast in December 2004, which was one of the largest in history, highlights the eggs-in-one-basket approach. Cash handling operations were concentrated at the Northern Bank's Belfast headquarters. This made these operations easier to defend. But it also meant that a single location held a large amount of cash, making it a particularly attractive target for a criminal gang.
In Guerilla Warfare, Che Guevara describes the strategy for a guerilla army against a superior force. The attacker forces the defender to defend a large number of small targets (multiple small egg baskets in our terms). The attacker then attacks selected targets where the enemy is weak. If the defender responds by limiting his forces to a few strategic locations, then the attacker wins because the guerilla army's aim is to gain the support of the general populace, not to annihilate the defender's army. With the general populace now seeing itself as abandoned and undefended, it is easy to win it over to the attacker's cause.
In research and development, we can place all our resources behind a single project, or scatter our resources behind multiple projects in the hope that one succeeds. A single project may have a better chance of success due to extra resources, but it may also prove impossible or impractical leading to a waste of all the resources involved. However, if put too little resources behind a project, we can also doom it to failure.
So which is better, the old proverb or Mark Twain's approach?
The single basket approach is to be preferred when we can really “WATCH THAT BASKET!” This won't be true if we are uncertain about outcomes, whether it be the market acceptance of a product development, the reliability of a piece of hardware of software, or our ability to adequately defend that basket. We must also remember that our single basket full of eggs is that much more attractive to egg thieves.
The multiple basket approach only reduces risk where the baskets are independent and the loss of a single egg is not catastrophic. If, for example, all the baskets are made by the same manufacturer, are all shipped on the same cart, and are all stored in the same location, then we have done little to reduce our risk. In certain types of security breach the loss of a single egg has similar consequences to the loss of all eggs. (Consider, for example, the disclosure of an encryption key.) In these cases the risks are being increased rather than reduced.
Finally, a thought to ponder the next time you fly: the probability a two engine jet aircraft suffering an engine failure is more than twice as high as the probability of a single engine aircraft suffering an engine failure. In addition, a two engine jet is significantly more complex. Hopefully the manufacturer made the right risk management decision on that one.