Given the column inches devoted to DevOps you might be forgiven for thinking that it is the predominant model for developing applications. For cloud-native applications and mega-scale players like Google, Facebook and Amazon this is probably the case. However, in the enterprise, DevOps is only just beginning to reach maturity. A Gartner survey, conducted last year among 252 of their key enterprise customers, revealed that only 19% were using DevOps for any production systems. A further 19% were using DevOps in pilot phases and 12% had plans to do so by the end of 2016. That leaves 50% who either had plans to start developments using a DevOps approach in 2017, or had no plans at all.
Business leaders are hearing and heeding the messages about the increased agility, quality and velocity that DevOps can bring. They need these features to deal with fast moving, disruptive environments that threaten their existing business models. But most CEOs’ experience of enterprise level application development will have been of longer than expected delivery times, extensive bug fixing after implementation, suspect security, cost overruns and poor user satisfaction. DevOps leaders need to find ways of addressing the enterprise concerns.
In theory, traditional application development projects, using a Waterfall methodology, had defined timelines and project costs. The DevOps approach of continuous development and continuous delivery seems, on the face of it, to present real challenges around key areas of testing, security and project control. The fact that this is not the case will not provide the assurance enterprise business leaders will need as they contemplate investing in major DevOps initiatives.
Traditional development metrics, for example around individual developer performance, will be meaningless. A much more business value oriented approach, that focuses on outcomes rather than output, is required. The only metric that really matters is how new applications affect the business. How much revenue does a new feature deliver? How many new features are we delivering a month? What are these new features doing to our customer retention or churn rates? Are they positively affecting our net promoter score?
This in turn impacts the way in which IT needs to manage the performance of its development and operations teams. The focus needs to be on the team, not the individual. Team throughput, accepted number of new features, post implementation defect percentages are all part of a range of metrics that need to be based on the premise that the only things that count are what your end-users and customers say about your product. For further reading you should have a look at the Forrester report, “Build The Right Software Better And Faster With Agile And DevOps Metrics”.
The issue of quality is inherent in what we have been discussing. However, the enterprise will also have concerns about security, governance and assurance. The blurring of the lines between development and operations, the increased volume of releases and the ever-decreasing development cycle times, all pose a risk to existing governance and security tools and controls. Businesses cannot ignore these risks. ISACA, formerly known as the Information Systems Audit and Control Association, has a very useful overview of the challenges along with practical recommendations for DevOps practitioners. The report highlights risks and points to the benefits of involving all stakeholders early in the development cycle and the increased use of new automation tools and processes to mitigate those risks. As an example, there are moves to automate compliance, security and risk tests so that all code is tested every time it passes down the pipeline. This frees up staff and upskills them to focus on developing rules and tests and increases the repeatability and scalability of testing.
In summary, as DevOps goes mainstream, IT leaders need to provide the business with performance metrics that demonstrate clear business value while, at the same time, implementing new security and governance tools and controls that provide solid Board assurance. Let us know what concerns and challenges are holding you back from reaping the benefits of agile and DevOps development. We are experts in Business and IT modernisation. We have worked with a range of businesses to architect change, manage transformation and provide the assurance around people, process and technology to deliver business value.
To book a meeting with Peter Borner directly, please do so here.