"A person with a watch knows the time, a person with two watches is never quite sure - why a single source of truth is so important"
One major over-arching challenge for organisations is building and maintaining a directory of "responsible" owners for all the different services being managed across several different directorates and departments within the Authority. Several different teams have created their own, often incomplete, versions over time.
As services migrate from being ‘live projects’ during the development and deployment phase, and as they become BAU services, teams disperse and the ‘owners’ melt into the under-growth – i.e., move on to other roles, change email addresses, leave the organisation altogether, etc.
Stale contact data leads to orphaned services with no known ownership, which leads to manageability, maintainability and security challenges.
Going back to the "watches" quote, here are five watches on a typical technology organisation's wrist:
- The PMO (Program Management Office) has a list of current contacts for current live projects
- The Cloud Platform support team has a list of contacts derived from incoming service requests and an out-reach program was conducted a significant amount of time before.
- The ITSM (Service Desk) team has a partial list
- The Enterprise Architects team is building an updated list as new initiatives make their way through the new governance framework as the processes start to bed in
- Many stakeholders have been around for a while and have connections with colleagues – but querying a distributed network of information purely in people’s heads is not a reliable, efficient or scalable (arguable, it’s inversely scalable – the broader the network, the harder it is to get an answer quickly and efficiently)
That’s five watches on the organisation’s wrist – some with a dead battery, some with a missing minute hand, others with no illumination so they’re hard to read, making that arm heavier and heavier. So, how do you tackle these challenges?
The answer is ownership and communication. Someone needs to own the problem, take responsibility and be given the remit and budget to resolve it, while keeping this in mind:
- Recognise that it won’t be addressed overnight and that you will have to keep working with incomplete information for some time.
- Technology should be part of the answer – a single agreed digital source of truth that supports both push and pull of information to the other down-stream systems if needed.
- Process is equally key – for example, part of the JML process (Joiners, Movers, Leavers) should poll to check who is the “responsible owner” and ensure a correct transfer of responsibilities before they are lost to the organisation.
It's not easy, but is such a crucial part of improving governance. It allows teams to deliver, faster, better and with clear ownership. By doing so, you also challenge the cloud status quo.
At Capacitas, we have worked with various clients to ensure that their CI/CD pipelines cover these 10 fundamental steps, which has helped – along with offering guidance across the rest of their DevSecOps journey – enable them to increase overall capability and organisational maturity supporting the technology growth, with use of automation to speed up development cycles without sacrificing quality and security.
For more information or to ask for more practical advice on the topics covered in this blog, please reach out to us via our website or to me directly at danielbennett@capacitas.co.uk
About the Author
Adrian Johnson is a Principal Consultant at Capacitas. Adrian supports customers with cloud cost optimisation, capacity management and performance engineering to identify and resolve performance and capacity issues, thereby reducing costs, enabling scale, and building capability.