Scaling Automated Governance: A Short Story Series

Introduction

Can automated governance scale? Can it assist disparate teams within various organizations—including business partners and subsidiaries—in establishing a unified automated governance approach? What are the things that make that possible or keep it from happening? Is there a secret formula or enchanted process that will unlock the ability to make that happen? 

The truth is there are things that prevent the business accelerating DevSecOps philosophy from succeeding at scale. Lack of trust, complex policies, rigid standardization, and communication silos all inhibit an organization’s ability to achieve its full high-performing potential.

• Trust is the fuel for innovation, speed, and delivery. Without trust, teams fall apart and energy is diverted to posturing, theater, and power struggles. Leaders start to value processes over outcomes, risk aversion over experimentation, and friction over propellant. How do you rebuild trust? What does it take to reboot a culture and embed trust back into the very fabric of its way of working?

• Policy is important. Sure, it can create a feeling of dread for anyone who has been caught in a web of obsolete policies or the high viscosity vat of bureaucracy. But those principles, rules, and guidelines are often there for legitimate reasons. At the minimum, their intentions were usually good. When done well, policies can provide a framework for consistent actions, acceptable behavior, and compliance with regulations in various domains such as government, business, and healthcare. However, those policies, no matter how virtuous, can become so numerous, so onerous, and so complex that they become impossible to follow. Managing that complexity through modern automated means is required in order to stay compliant, to stay secure, and to scale with growing business demands.

• Standardization can be powerful. Common tools, methods, and architectures allow the development of new capabilities and progressive features to be easily reproduced and deployed throughout an entire enterprise. However, hyperstandardization with no tolerance of deviation can inhibit innovation and stop essential evolution. Organizations often bounce between rigid standardization of technologies and a hyper-diverse landscape of tools. Determining the right balance can be a force multiplier using standards while creating space for innovation.

• Communication is key. The flow of information and knowledge across an organization is critical to addressing problems, taking advantage of new opportunities, and directing capital to needed areas for growth. In many organizations, this central nervous system can be anesthetized by silos and institutional barriers. Teams that are able to easily collaborate, communicate, and contribute to each other unleash a superpower of potential that can move mountains and deliver unparalleled results.

In the story we present in the following series of posts, you will be introduced to the characters and challenges of Freedom Investment National (FIN), a fictional company in the financial sector. The small group of employees at FIN took on the financial industry and changed the world. Their fresh approach and innovative products helped them expand and triple in size in just a few short years. Along the way, they faced the dragons of regulatory compliance, audits, and security reviews. Notices from regulators piled up and threatened their survival. But they overcame the odds. They shifted left and introduced automated governance, as was illustrated in the book Investments Unlimited. They faced headwinds from skeptics and resistance from their own teams, but they still delivered. The conflicts and challenges made them better. Teams bonded together, overcame the odds, and succeeded. But they are about to face one of the most difficult challenges yet as FIN merges with a larger company.

The goal of this paper is to help enterprises rethink their approach to governance and how software is built inside larger organizations. It will highlight the importance of trust, how to tackle policy at scale, address standardization across the enterprise, and embrace ways to promote communication. By introducing concepts, tools, and ideas to reimagine governance at scale, we hope to convey a more humane way to enable high-velocity software delivery that inspires trust and is inherently more secure.

We hope that the story will look familiar and will inspire you to explore some new ideas that will help you create, use, and scale governance in a fun and business-empowering way that helps deliver on your organization’s objectives.

We will be posting the story in a series here on the blog over the next several days. You can read the first chapter here. Or, read the full story in the Fall 2023 DevOps Enterprise Journal.

- About The Authors

Jason Cox

Jason Cox is a champion of DevOps practices, promoting new technologies and better ways of working. His goal is to help businsses and organizations deliver more value, inspiration and experiences to our diverse human family across the globe better, faster, safer, and happier. He currently leads SRE teams at Disney and is the coauthor of the book Investments Unlimited. He resides in Los Angeles with his wife and their children.

Follow Jason on Social Media

• 
• 

Sean D. Mack

Christina Yakomin

Senior Cloud Architect at Vanguard

Brian Scott

Brian Scott is a seasoned technologist with over 25 years of experience in DevOps, SRE, and managing technical operations at scale in Cloud & Infrastructure. His career includes impactful roles at MySpace, OpenTable, and The Walt Disney Company. Currently, as a Principal Architect at Adobe, Brian supports engineering teams with technology, cloud, and AI governance and adoption while assisting senior leadership in solving enterprise-wide challenges and breaking down technical barriers.

John Willis

John Willis has worked in the IT management industry for more than 35 years and is a prolific author, including "Deming's Journey to Profound Knowledge" and "The DevOps Handbook." He is researching DevOps, DevSecOps, IT risk, modern governance, and audit compliance. Previously he was an Evangelist at Docker Inc., VP of Solutions for Socketplane (sold to Docker) and Enstratius (sold to Dell), and VP of Training & Services at Opscode where he formalized the training, evangelism, and professional services functions at the firm. Willis also founded Gulf Breeze Software, an award winning IBM business partner, which specializes in deploying Tivoli technology for the enterprise. Willis has authored six IBM Redbooks for IBM on enterprise systems management and was the founder and chief architect at Chain Bridge Systems.

Follow John on Social Media

• 
•