Knowledge Bird

Create. Curate. Collaborate.

February 8, 2015
by Aprill Allen
0 comments

Can IT rise from the ashes of a bad reputation?

I’m delighted, this week, to bring you an interview with Gene Kim. Gene will be presenting one of the opening keynotes at the Innovating IT Service conference, and a workshop. He has been a founder, CTO, and author. Gene loves finding and fixing bottlenecks which impede and frustrate the entire organization, enabling management from each tribe to achieve the greater organizational goals.

1. Your keynote for the upcoming conference asserts that everyone needs DevOps. How do you explain what DevOps is to an IT manager working in a traditional enterprise IT environment?


My definition of DevOps is the following: it is the set of cultural norms and technical practices that enable organizations to have a fast flow of work from Development through Test and deployment, while preserving world-class reliability, availability, and security.

These norms and practices are what enable organizations to do hundreds, thousands, or even tens of thousands of deployments per day. This used to be associated with “unicorn” organizations such as Amazon, Netflix, Google, and so forth. But increasingly, large, complex organizations such as Nordstrom, Macy’s, GE, Raytheon, and even the US Department of Homeland Security are adopting these practices and replicating the unicorn-like outcomes.

Many of us, especially in the service management community, believed very deeply that you couldn’t be agile and reliable at the same time. And yet what we found in our benchmarking of over 14,000 organizations, is that not only is this possible, the only way that you can have high reliability is to be doing smaller deployments, far more frequently.

Here’s what we found in the benchmarking (citation: http://www.slideshare.net/realgenekim/2014-state-of-devops-findings-velocity-conference):

 

* Agility metrics

* 30x more frequent code deployments

* 8,000x faster code deployment lead time

* Reliability metrics

* 2x the change success rate

* 12x faster MTTR

* Organizational performance metrics

* 2x more likely to exceed productivity, market share, and profitability goals

* 50% higher market capitalization growth over three years

DevOps transforms how we work, whether we are in Development, Test, Operations, or even Information Security.

I’ve been studying high-performing technology organizations since 1999, and there is no doubt in my mind that DevOps is something genuinely transformative.

 

2. In The Phoenix Project, Bill Palmer and John Pesche are representative of the ongoing struggle between rapid deployment and security management. What kind of work do organisations need to do to make that partnership work?


This is a great question, Aprill. There are two chronic struggles that we tried to portray in The Phoenix Project: the first was the constant battle between Development and IT Operations, where Development would always want to go faster, but would often cause chaos and destruction downstream. The natural reaction, of course, is that Bill (the VP of IT Operations) wants to slow down the rate of change. Now you have Development and IT Operations at odds with each other.

The other chronic struggle is between the entire organization and Information Security, as embodied by John (the Chief Information Security Officer). John believes, often rightly so, that everybody is more worried about their own work, and never properly integrates security requirements or testing into daily work. Unfortunately, the outcome is that John is always viewed as being in the way, trying to slow everybody down, creating meaningless bureaucracies that sucked the will to live out of everybody in their path.

We all laugh at these situations, but I think for many of us, these situations are all too real and all too commonplace.

The reason why I’m so excited about DevOps is that it allows everybody to achieve goals and outcomes that we didn’t think possible—even five years ago.

3. Speaking of John Pesche, what thoughts did you have to explain his reappearing clean-shaven and helpful after going so far off the rails?

Haha! I’ve actually gotten some e-mails from people who scold me for putting Information Security in such an unflattering light. A friend of mine actually even wrote, “How dare you humiliate our profession. Whether you like it or not, Gene, you are still in information security practitioner.”

In actuality, John is my favorite character. A friend of mine, Jez Humble, said the real “phoenix” in The Phoenix Project is John. He transforms, seemingly overnight, from a shrill, hysterical, bottom-up controls person, to a person who seems to be willing to take risks that the rest of the organization is too scared to make.

For example, John proposes to outsource all of their cafeteria point-of-sale systems, so that there will be no cardholder data for them to protect. He actually reduces the number of security controls, because he realizes that there are downstream manual controls that can achieve the control objectives.

Frankly, I love the fact that John has such a dramatic visual transformation, as well.

 

4. You talk about the need for various IT teams within an enterprise to come together and build “super-tribes” to maximise throughput. To quote Seth Godin, “A tribe is a group of people connected to one another, connected to a leader, and connected to an idea… A group needs only two things to be a tribe: a shared interest and a way to communicate.” What is it about our workplaces that can make these two ingredients so hard to find, and is that a problem limited to IT?

Especially in IT Operations, we tend to have a very functional orientation—departments and silos to concentrate our specialties. For example, we may have a database team, a storage team, a networking team, a server team. And whenever we want to do significant work, like a code deployment, we may have to do 50 different handoffs. Functional orientation is typically done to “optimize for cost.”

The opposite is what we call “market orientation,” that allows us to “optimized for speed.” These organizations tend to be flat and composed of multiple, cross-functional disciplines (e.g., marketing, engineering, etc.), which often leads to potential redundancies but allows us to respond quickly to customer needs. This is how many DevOps organizations operate. In extreme examples, each service team is simultaneously responsible for feature delivery and service support.

You can see the DevOps bias towards “market orientation” in these pithy quotes from two friends of mine:

“The root of most DevOps problems comes from silos: siloed groups, siloed thinking, siloed culture, siloed tools.” — Damon Edwards

“DevOps means caring about your job enough to not pass the buck, wanting to learn all the parts as a whole, and not just your little world. Developers need to understand the infrastructure, Operations people need to understand code, people need to actually work with each other and not just occupy space next to each other.” — John Vincent

 

5. When I talk to devs and ITIL comes up, they roll their eyes and speak of the bureaucratic bottleneck of change management. Is there a good place for ITIL in these conversations or is it time to move on?

Ha! For over a decade, I’ve been a fan of ITIL (IT Infrastructure Library). It describes extremely well the underpinning processes we all need to deliver reliable service. But we all know people who will take ITIL very literally, and put in all sorts of bureaucracies that burdened everybody, just like John the CISO.

Although many people view DevOps as backlash to ITIL or ITSM (IT Service Management), I take a different view. ITIL and ITSM still are best codifications of the business processes that underpin IT Operations, and they actually describe many of the capabilities needed into order for IT Operations to support a DevOps-style work stream.

Agile and continuous integration and release are the outputs of Development, which are the inputs into IT Operations. In order to accommodate the faster release cadence associated with DevOps, many areas of the ITIL processes require automation, specifically around the change, configuration, and release processes.

The goal of DevOps is not just to increase the rate of change, but to successfully deploy features into production without causing chaos and disrupting other services, while quickly detecting and correcting incidents when they occur. This brings in the ITIL disciplines of service design and incident and problem management.

Think of DevOps as the service managers dream: releases are almost completely automated, there is rigorous automated testing that gives us confidence that errors will be caught long before it gets into production, and when errors do occur, we can detect and correct for them quickly.

Moreover, our configuration management database (CMDB) is created for every application and service automatically, and it is always up-to-date, and Development and Operations are working together to fix known errors and pay down technical debt.

My advice: Let’s not get hung up on literal definitions. Let’s figure out how to get fast flow and painless and successful releases.

 

6. How do you recommend organisations transitioning into a DevOps environment keep their support teams up to date on deploys?

All too often in software development projects, Development will use up all the time in the schedule on feature development. This leaves insufficient time to adequately address IT Operations issues. Shortcuts are then taken in defining, creating, testing—everything that the code relies upon, which includes the databases, operating systems, network, virtualization….

This is certainly one of the primary causes for perpetual tension and suboptimal outcomes between Development and IT Operations. The consequences of this are well known: inadequately defined and specified environments, no repeatable procedures to deploy them, incompatibilities between deployed code and the environment, and so forth.

In this pattern, we will make environments early in the Development process, and enforce a policy that the code and environment be tested together. When Development is using an Agile process, we can do something very simple and elegant.

According to Agile, we’re supposed to have working, shippable code at the end of each sprint interval (typically every two weeks). We will modify the Agile sprint policy so that instead of having at the end of each sprint just shippable viable code, you also have to have the environment that it deploys into—at the earliest sprint, so we’re talking sprint 0 and sprint 1.

Instead of having IT Operations responsible for creating the specifications of the production environment, they will build an automated environment creation process. This mechanism will create the production environment, but also the environments for Dev and QA.

By making environments (and the tools that create them) available early, perhaps even before the software project begins, developers and QA can run and test their code in consistent and stable environments, with controlled variance from the production environment.

Furthermore, by keeping variance between the different stages (e.g, Development, QA, Integration Test, Production) as small as possible, we will find and fix interoperability issues between the code and environment long before production deployment.

 

Thank you, Gene!

January 30, 2015
by Aprill Allen
0 comments

IT: The cultural revolution is here

The Innovating IT Service conference is coming to Melbourne soon. Dinsha Palkhiwala will be presenting a workshop and delivering a presentation. Dinsha works directly with CIOs and ICT leaders to enhance their careers and capabilities.

 

1. You’ve described yourself as a mentor and coach. What does your typical work day involve?

My mentoring and coaching is based on the philosophy of “Developing tomorrow’s leaders using yesterday’s champions working on today’s problems”. It is what I call active coaching and mentoring, whereby the mentee assimilates experience to enhance their capabilities. Hence, when I am engaged in these assignments, typically it will involve working through specific issues, facilitating thinking of options, creating self-awareness of risk and appropriateness of the options and encouraging the mentee to make the decision.

As my business name “Competency Catalyst” suggests, I see my role in the whole process as the catalyst and the mentee to be the prime ingredient. This approach allows the mentee to develop self-confidence and provides sustainable growth of individual and organisational capabilities.

2. You’ve been working in ICT for over 35 years. A lot has changed in that time. In 2015, you’re expecting to see new roles and functions emerge in IT. What do you think some of those will be, and what skills do you think ICT professionals should be aiming to develop?

2015 will see the emergence of new roles, functions and IT organisational structures that go beyond the traditional definitions. A number of researchers have indicated that in the next 3–5 years a number of traditional roles & functions will not exist, and a number of roles & functions, which we have not even thought of yet, will evolve. Internal IT focus will move from “service delivery” to “service brokering and orchestration”

In a world where customers will be more IT savvy and empowered, IT functions will have to make some real difference. Sourcing will be a multi-stakeholder activity and someone will have to take on the role of “conducting the orchestra”. As a result, some likely roles / functions that we can expect are Service Integrator, Service Outcome Assurance and Service Broker.

All IT functions and roles will have to incorporate a healthy balance between:

  • AGILITY – Business outcome: Market Leader/Risk Taker/High Growth

  • EFFICIENCY – Business outcome: Market Follower/Risk Averse/Mature

In everything IT does, it will have to think in line with the new paradigm, and will therefore need to:

  • identify and develop new competencies in IT staff; and

  • adjust and adopt new IT organisation structures.

In the evolving world of SaaS, IaaS, cloud sourcing, and BYOD, the very definitions and boundaries of infrastructure, application etc. will be redefined. In this situation the most unnerving scenario will have some senior members of IT management finding their roles, competencies and functions becoming irrelevant. One wonders in these situations how these “decision makers” will react. The ones that see this as an opportunity to reinvent will emerge with enhanced career opportunities. The ones who cannot see beyond their own turf will soon find the world has moved on, and they will be “decommissioned” along with the legacy systems to which they are so emotionally attached.

3. No doubt you’ve worked across the generational spectrum. What differences, if any, have you observed in the way Boomers, Generation X, and Millennials approach service management?

The best way to describe this evolution will be to use some of the concepts presented in one of the papers published by Gartner in 2010 titled, Critical Success Factor Choices and Road Maps to 2013.

This paper described IT profiles evolving through following four stages:

The Grinder

  • Primary role to manage existing service operations & delivery

  • With the focus on IT cost containment, service predictability and reliability, and continual service and unit cost improvement using governance as a means of self-protection

The Butler

  • Primary role to oversee shared technology operations & manage vendor integration using right-sized governance to manage business risk

  • With the focus on service over cost with evolving anticipation of business needs

The Team Player

  • Primary role to lead business in exploring and exploiting information services & technology for competitive advantage with the intent to maximise shared value and attain high business alignment

  • With the focus on business process, while remaining solution driven demonstrating IT value over time, not just cost

The Entrepreneur

  • Primary role to advise business units on exploring information services & technology innovation while taking “cradle to grave” responsibility for the service portfolio relevant to business

  • With the focus on managing business risk arising out of information & technology decisions relating to service portfolio.

In the time I have been in the industry, I have seen different colleagues and professionals in each of the above mindsets, and so I would be hesitant to associate a particular mindset to a particular generation. What I have experienced, even in my career is that increasing acceptance of IT and IT professionals to move from Grinder to Butler to Team player to Entrepreneur. The main difference I am seeing as the generation evolves is the shift from Grinder being the dominant profile to the Entrepreneur profile. To some extent this is driven by the change in the IT professional capability from technology dominant to business dominant. As the new generation arrives on the scene, we are seeing more of IT-savvy business managers compared to business-savvy IT managers. I predict that in next 5 to 10 years commoditisation of IT will have IT mainly lead by IT-savvy business managers.

4. The Baby Boomers are leaving the workforce at a rapid rate now, and taking their knowledge with them. What recommendations can you make for organisations that might be facing this challenge?

The ICT industry is presently at a crossroads. On the one hand, the influx of new entrants is declining; on the other hand there has been very little focus on conserving and harnessing the experience, already within the industry, which we are losing, through the exit of many experienced senior professionals leaving their full time roles from within the industry. The combined impact of the ageing workforce and the perceived apparent failure of many employers to upgrade, both breadth and depth of the workplace competencies could well mean that Australia risks being unable to sustain key ICT-based economic capabilities in the future (Building Australian ICT skills, report May 2006).

As such, the participation of mature age workers, (Grey Army), can be used to play a key role in tipping the balance between the number of future retirees, (this should include the so called transition to retirement element), and the number of workers available to support them. In fact, an extra 3% of retention would result in a $33 billion boost to GDP, (Increasing Participation among older workers, report by Deloitte Access Economics, 2012).

The industry needs to focus on preserving the experience of existing senior professionals for the overall benefit of the ICT industry, and as a result in supporting the broader community and the Australian national interest.

Even though Baby Boomers are often no longer permanently employed, this rich resource pool of “Grey Army” (ICT community senior members), still wish to share their years of valuable real life experiences. However they find themselves frustrated and disillusioned by the fact that there does not seem to be any coordinated effort to harvest their experiences, and to enable them to be visible to CIOs.

The irony is that while most of the CIOs and their direct reports are very clear on the importance of technology refresh, and hence invest a great deal of energy and time in creating an annual plan, very rarely do you find them mentioning “competency refresh”, in their annual strategy. Nor have they allocated any investment resources for it in the annual budget.

It appears that traditionally any competency deficiencies are addressed in an adhoc and uncoordinated manner, often by employing, contracting, or engaging consultants. This is not a sustainable solution. From various industry reports one can clearly conclude that when it comes to developing and nurturing internal competencies and capabilities, the traditional approaches do not seem to be delivering the most optimum outcome for the CIO, the organisation, or the stakeholders and shareholders.

I have been championing a “competency augmentation” approach as a sustainable way of increasing organisational competencies, through active coaching / mentoring by the existing Grey Army ICT resources to grow the intrinsic value of an organisation’s human resources. This approach is designed to help the ICT community, to identify the competency gaps, and at same time provide access to senior resources with the desired competencies, to bridge the gap.  Active coaching / mentoring means the coaching and mentoring is done through delivery of real tangible outcomes, that have organisational benefit and value, through partnership between the coach / mentor and the recipient of the coaching / mentoring. This approach encourages retired “senior members” of the ICT community to contribute their extensive experience.

5. For an organisation wanting to adopt a new framework, such as DevOps, Agile or Lean, what are the key areas people tend to overlook?

Any adoption of the new framework should be done with clear understanding of the strategic intent and business focused outcome. The idea is to be inclusive and avoid the temptation of throwing the baby out with bath water. There is a common misunderstanding that to successfully implement DevOps/Agile/Lean frameworks organisations have to go away from basic IT governance and service management good practices. This thinking is very dangerous as it assumes that one approach is replacing the other approach.

One has to remember, that IT has a dual role to “serve & secure”. Traditionally, IT has been more focused on the “secure” aspect – governance, control etc. As a result, even when focusing on the serve aspect, IT has appeared to be overly bureaucratic, sluggish and risk averse at the cost of being responsive and accommodating to business needs.

While adoption of new techniques like DevOps etc. allows IT to enhance the focus on the “serve” aspect, any effective transformation can only occur if the “secure” role is not totally ignored. Remember this transformation is not about taking the so called “cowboy” attitude of shoot first and aiming later, but maintaining a healthy balance between both perspectives. Be assured that business will not forgive IT if they drop the ball on “secure”. No one in their right mind will accept an automobile manufacturer that said “I will give you all the wonderful features you want very quickly, but by the way, some of them might fail while you are driving. But we can fix that once you have crashed”.

In reality any organisation adopting DevOps/Agile/Lean frameworks needs to ensure coexistence and integration with the existing IT service management eco-system. Every organisation operates within its’ own IT service management eco-system; it is important to understand the culture and context of this and adopt the frameworks to ensure these are appropriate and relevant.  A blind adherence to the exclusion of other good practices will only aggravate “fragmentation” within IT and result in a confrontational outcome. This is not advantageous for delivering quality IT Services.

6. What part should knowledge management play in these transformations? What really happens?

We have many times heard that “knowledge is power”, but it has to be right kind of knowledge. Traditionally, IT seems to be focusing on the knowledge about technology, infrastructure and assets, but with the changing role of IT, from service delivery to service integrator and service broker, the key artefacts of the knowledge are changing. Service catalogue, service profile, service category plans, contract database, vendor profiles, and market intelligence and trends are becoming more important artefacts than traditional technology architectures, product details and even the good old CMDB. The issue is that these knowledge artefact transcend the traditional boundaries of IT silos and go even beyond IT—into procurement, strategic sourcing, finance, legal, shared services and even business. Many times it is very difficult to find a single owner and single source of truth, so establishing this knowledge base is difficult.   When you add the complexity of many different stakeholders, each wanting different perspectives of the same knowledge, it can lead to a “too hard basket” situation and knowledge becomes fragmented and inconsistent.

On the flip-side, service providers and vendors are very good at reusing this type of information because it can make a huge difference to their competitive position. Hence when the organisations have to deal with service providers who are well-armed with these knowledge elements, lack of this knowledge within organisation can shift the balance of power to the service providers. This may lead to organisations ending up on the back foot in contract negotiations.

7. One assumes that your mentoring and coaching clients have sought you out because they want to improve the way their IT organisations run. What characteristics do you think these CIOs have that set them apart from those that haven’t?

Let us accept at the outset that this approach to enhancing organisational competency is not traditional, and to many IT professionals it is quite challenging to their mindset. Hence the CIO, or her / his direct reports, wanting to take the organisation down this path needs to be prepared to innovate in areas of capability management and be prepared to take some risk. They also need to be seriously committed to the belief that people are our best and most valuable resources.

As I said before, this approach is about “developing tomorrow’s leaders using yesterday’s champions working on today’s problems”. Inherently the approach focuses on identifying and developing transferrable capabilities while acknowledging the capabilities which are redundant. It also challenges the established organisation functional grouping. Hence for this to work, the CIO and her / his DRs need to have a strong belief in their capability, but at the same time they themselves need to be prepared to face the truth about their own limitation and see this as opportunity to reinvent their own careers. In summary, the CIO & their DRs, who are really the leaders and not just the managers, are most likely to see the benefit of this approach and be comfortable enough to take it up.

For this approach to succeed the CIO has to have a “capability refresh strategy” as part of their overall strategy and should be ready to lead from front. This has to be a top-down initiative. This is not something that will work overnight; it requires persistence and commitment to the objectives. Many times, when speaking about this approach to the CIO and their DRs their response is typically, “good idea, but I do not have time I have to get things done now, so I am better off getting a consultant or contractor from outside and get this done”. Unfortunately the lack of vision and planning gets them in this situation again and again, as they are reactive.

Thank you, Dinsha!

January 20, 2015
by Aprill Allen
0 comments

The Future of IT Service Delivery

Don’t worry, it’s not another predictions post. The Innovating IT Service conference will be held in Melbourne on the 11-12 March. Gene Kim is keynoting, so of course, I’m going to be there. I was at the hotel bar, suffering oversupply-of-quality-sessions burnout at Knowledge12, at exactly the same time as the only other opportunity I’ve had to see Gene present. I will forever berate myself.

With Gene Kim presenting, there is a cohort of DevOps-oriented presentations on the bill, including an opening keynote by Nigel Dalton of REA Group, who wants to warn us that DevOps may break the business. We’ll also hear from Ed Cortis of BankWest discussing IT agility and resiliency; and there’ll be lots of talk around lean, continuous delivery and the transformation of legacy services.

What I like most about this upcoming conference are the built-in knowledge sharing and round table sessions driven by conversations delegates want to have with the attending industry leaders. It may well be a live-on-stage example of market research, but who cares? It’s not often that an IT conference allows delegates to participate in topic selection.

Early bird prices are in effect until this Friday, 23 January.