Friday, February 27, 2009

On levels of decision makers and event processing - part I

I am sitting now in my living room, watching the heavy rain outside.Rainy; We did not get a lot of rain this winter, however when the rain comes it tends to come in the wrong times, like weekends (Friday is part of our weekend which is Friday and Saturday, Sunday is a normal work day, it is used to catch up on things since in this day our colleagues from abroad are idle and there are no conference call and other interactions).

Today I would like to concentrate on the question --- what level in the Enterprise is event processing for, I had a recent discussion with somebody who investigated the BRMS market and asked him this question about BRMS, and the answer was the mostly BRMS products concentrate in the operational level, the typical example of BRMS is assignment of rate to insurance policy, which is clearly an operational decision. What is the situation in event processing ? There is a famous analyst presentation that talked about "detecting threats and opportunities" as part of the ROI for event processing pattern matching. Let's examine what's behind this title. Sometimes there are risks in the operational level, such as security attacks, but since this presentation have concentrated in the business area and not the IT, the meaning has been seeking opportunities for the business and mitigating risks for the business, which is beyond the operational level, such detection is probably in the tactical level, but the outcome can flow to the strategic level, since there may not be an answer to specific threat or opportunity within the current strategy. On the other hand, event processing is also associated with being done on-line (what some people call "real time" or "near real time" when they are not sure if it is really "real time", which is even worse as a term).

Some interesting questions on this topic are:

1. Whether organizations are really doing tactical and strategic decisions on-line ? in the illustration on the top of the page taken from the Microsoft site
the authors believe that tactical decisions is matters of days to months, and strategic decisions are done in resolution of quarters or years. Is there benefits/feasibility to change it online ?

2. Do we need different variations of event processing for the different levels ?

3. Is the semantics of events the same among all levels ?

4. Are there different complementary technologies, and different platforms in the different levels, or can we look at a single event processing system across levels?

Today I am just posting the question, will try to address each of these questions in subsequents postings.


Msx said...

Hi Opher,

I'm always pleased to read your posts, since i feel we're close together in our thinking of (complex) event processing. Usually, I don't comment your posts as i'm a newbie in event processing (i've been working on it for 3 years only) and then i haven't interesting stuff to add. But maybe this time, so i do.
The company i'm working in is familiar with these concepts of strategic, tactical, operational levels of decision making.
The main difference is not the time scale, but the decision making objectives. Going from strategic to operational is the same as going from "what to do" to "how to do".
Strategic : to reach this goal, this must be done,
Tactical : to do this, those resources must be used,
Operational : to do this, the resources must be used like that.

As EP are often used for supervision, that becomes,
Strategic : Intent assessment from an holistic view of the course of actions (what are the consequencies of the current situation)
Tactical : Forecast the conclusion of a course of actions (what should happen next)
Operational : assess the current activity/situation (what is going on)

The time scale is then a side effect of those different level of interest.

Q1: To be at a high level of decision making doesn't avoid being reactive, so even if it's not critical, it can be useful to be on-line (eg, to have a lot of information and build a strategy on top of it, or to detect an intent).

Q2: I think that the event processings are enough generic to be used at any level. The most important is not the processing but the reasons to do it.

Q3: the semantic of events doesn't change, maybe what could change is the interpretation of them. But they aren't exactly the same: the higher level, the less "on the field" activities. A useful event at an operational level, is (often) useless at a strategic, because too specific.

Q4: I hope we can use a single event processing system across levels, since it is exactly what i'm working on (as an example of application domain, security : from local site surveillance to homeland security).

Nicolas Museux

Marco Seiriƶ said...

Clearly interesting questions. I surprised by the total focus by most vendors on high-performance. The benefit from these vendors perspective seems to be that it's performing better than other types of tools. With Moore's law and all that, this feature will certainly have less impact in the future.

For example I have never heard a vendor to talk about event mining? Just put your event streams in some kind of (traditional) database. Then apply analytics that might take hours to run. There's no performance feature involved but still it's a brand new way of doing things.

I'm eager to hear your answers too...

Msx had some interesting things there too. (An MSX computer was actually something I learned to program on...)

Opher Etzion said...

Hello Nicholas (Msx).

Thanks for your comments, I'll respond in a subsequent posting.

Opher Etzion said...

Hello Marco. You are right, I personally never believed that high perfomrnace (which by itself is not well-defined term which usaully stands in this context for enabling high throughput of input events) is not the main benefit of EP systems, it is required in some specific types of applications that capture small part of the market, but the bias stems from the fact that some of the early adopter applications in capital markets required high throughput.

There is work on mining related to event processing both in IBM and Oracle, and also been used with some customers. This is also appropriate for some types of applications, you cannot solve all problems with mining techiques. I'll blog about mining in the future.

Keep doing your good work on Rulecore.



Hans said...

I believe that the general consensus among those who study this kind of thing, is that any decision made wholly by a computer is an operational decision, even if it affects the behavior/tasks of many people or sub-components. Online decisions, being a subset of automated decisions, would then be operational in nature.

With respect to the idea that "opportunities and risks" implies going beyond the operational level. That depends on what you mean by opportunities and risks. There is room for misinterpretation. There are plenty of opportunities and risks detected by online algorithms every day, from shopping recommendations to trading signals to computer security - and all of them are operational.

The information flow/use is maybe different from actual decision making, and a complimentary question to (1) might be: how many organizations make tactical or strategic decisions in a time frame where online data analysis could help?

Also, an interesting play on words: There is plenty of research into automated decisions in military tactics. Can't get much more tactical than that.