When IT Fails The Business Fails...

@RealGeneKim, genek@realgenekim.me

Session ID:

Gene Kim

Author, Visible Ops Handbook

ProKarma Seminar

August 20, 2012

When IT Fails…The Business Fails…

Now, More Than Ever…

Even in “low-tech industries,” 95% of all capital projects have an IT component…

50% of all capital spending is technology-related

We are here…

Where we need to be…

IT is always in the way

(again…)

Comparison Of Turnover For CEOs and CFOs…

N=184“Clean” vs.

Material weakness (no IT related issues)

Material weakness (with IT related issues)

CEO 2.0x higher 8.0x higher*

CFO 1.7x higher 3.6x higher

CIO 2.2x higher 2.2x higher

When firms with IT-related material weaknesses are compared with the other two groups, there are some startling differences in executive turnover…

* These firms also 2.6 less likely to be profitable than “clean” firms

Source: Forthcoming Paper: Richardson, Masli, Watson, Zmud, Sarbanes-Oxley Information Technology Material Weaknesses And The Disciplining Of The CEO, CFO And CIO

@RealGeneKim, genek@realgenekim.me6

There’s a hidden gas, that we can’t see, taste, touch, smell, and it’s killing CEOs everywhere.

It’s called IT.

Or more precisely, unplanned work in IT.

it.fail() == business.fail()

Where Did The High Performers Come From?

Over Ten Years, We Benchmarked 1500+ IT Orgs

High Performing IT Organizations High performers maintain a posture of compliance

Fewest number of repeat audit findings One-third amount of audit preparation effort

High performers find and fix security breaches faster 5 times more likely to detect breaches by automated control 5 times less likely to have breaches result in a loss event

When high performers implement changes… 14 times more changes One-half the change failure rate One-quarter the first fix failure rate 10x faster MTTR for Sev 1 outages

When high performers manage IT resources… One-third the amount of unplanned work 8 times more projects and IT services 6 times more applications

Source: IT Process Institute, 2008

Tough Love From Ari Balogh

The Downward SpiralOperations Sees… Too many fragile and insecure

applications in production Too much time required to restore

service Too much firefighting and unplanned

work Planned project work cannot

complete Frustrated customers leave Market share goes down Business misses Wall Street

commitments Business makes even larger

promises to Wall Street

Dev Sees… More urgent, date-driven

projects put into the queue Even more fragile code (less

secure) put into production More releases have

increasingly “turbulent installs” Release cycles lengthen to

amortize “cost of deployments” Bigger deployment failures More time spent on firefighting Ever increasing backlog of work

that cold help the business win Ever increasing amount of

tension between IT Ops, Development, Design…

These aren’t ITSM or IT Operations problems…These are business problems!

My Mission

Chronicle the Hero’s Journey For IT ("When IT Fails: A Business Novel”) so that everyone can gain a shared understanding of how and why IT fails, so they can fix it

The State Of The Business

Project Phoenix

Day 1: Payroll Outage

Day 2: PMO Meeting

Day 3: The SOX-404 Audit Meeting

My Mission: Figure Out How Break The IT Core Chronic Conflict

Every IT organization is pressured to simultaneously: Respond more quickly to urgent business needs Provide stable, secure and predictable IT service

Source: The authors acknowledge Dr. Eliyahu Goldratt, creator of the Theory of Constraints and author of The Goal, has written extensively on the theory and practice of identifying and resolving core, chronic conflicts.

Words often used to describe process improvement:“hysterical, irrelevant, bureaucratic, bottleneck, difficult to understand, not

aligned with the business, immature, shrill, perpetually focused on irrelevant technical minutiae…”

2007: Three Controls Predict 60% Of Performance

To what extent does an organization define, monitor and enforce the following? Standardized configuration strategy Process discipline Controlled access to production systems

Source: IT Process Institute, 2008

Visible Ops: Playbook of High Performers

The IT Process Institute has been studying high-performing organizations since 1999 What is common to all the high

performers? What is different between them

and average and low performers?

How did they become great? Answers have been codified in

the Visible Ops Methodology

www.ITPI.org

Release Processes

Release Management

Security Management

Availability & Contingency

Management

Supplier Processes

Customer Relationship

Management

Supplier Management

Capacity Management

Financial Management

Resolution Processes

Incident Management

Problem Management

Service Level Management

Service Reporting

Service Design & Management

Control ProcessesAsset & Configuration Management

Change Management

Automation

Release Processes

Release Management

Security Management

Management

Release Processes

Release Management

Release Processes

Release Management

Security Management

Management

Supplier Processes

Management

Supplier Management

Capacity Management

Supplier Processes

Management

Supplier Management

Supplier Processes

Management

Supplier Management

Capacity Management

Incident Management

Problem Management

Service Reporting

Change Management

Automation

Incident Management

Problem Management

Service Reporting

Change Management

Automation

Visible Ops Security: Linking Security and IT Operations Objectives In 4 Practical Steps

Sources: ITPI Visible Ops & IT Infrastructure Library (ITIL) / BS 15000

Phase 4Continually improve

Phase 3 Establish

repeatable build library

Phase 2Catch and release, find fragile artifacts

Phase 1 Electrify fence,

modify first response

@RealGeneKim, genek@realgenekim.meSource: John Allspaw

The First Way:Systems Thinking

(Business) (Customer)

The Second Way:Amplify Feedback Loops

The Third Way:Culture Of Continual Experimentation And Learning

Good News: It Can Be Done

Bad News: You Can’t Do It Alone

QA And Test

Source: Flickr: vandyll

Development

Process And Controls

@RealGeneKim, genek@realgenekim.meSource: Flickr: birdsandanchors

Product Management And Design

What Does Transformation Feel Like?

Find What’s Most Important First

Quickly Find What Is Different…

Before Something Bad Happens…

Find Risk Early…

Communicate It Effectively To Peers…

Hold People Accountable…

Based On Objective Evidence…

Answer Important Questions…

Recognize Compounding Technical Debt…

That Gets Worse…

And Fixing It…

Source: Pingdom

Have What We Need, When We Need It…

Big Things Get Done Quickly…

Ever Increasing Situational Mastery…

Help The Business Win…

With Support From Your Peers…

And Do More With Less Effort…

This Is An Important ProblemOperations Sees… Fragile applications are prone to failure Long time required to figure out “which

bit got flipped” Detective control is a salesperson Too much time required to restore

service Too much firefighting and unplanned

work Urgent security rework and

remediation Planned project work cannot complete Frustrated customers leave Market share goes down Business misses Wall Street

commitments Business makes even larger promises

to Wall Street

Dev Sees… More urgent, date-driven projects

put into the queue Even more fragile code (less

secure) put into production More releases have increasingly

“turbulent installs” Release cycles lengthen to

amortize “cost of deployments” Failing bigger deployments more

difficult to diagnose Most senior and constrained IT ops

resources have less time to fix underlying process problems

Ever increasing backlog of work that cold help the business win

Ever increasing amount of tension between IT Ops, Development, Design…

When IT Fails: A Business Novel and The DevOps Cookbook

Coming in Winter 2012/2013

“In the tradition of the best MBA case studies, this book should be mandatory reading for business and IT graduates alike.”Paul Muller, VP Software Marketing, Hewlett-Packard

“The greatest IT management book of our generation.”Branden Williams, CTO Marketing, RSA

Gene Kim, Tripwire founder, Visible Ops co-author

When IT Fails: The Novel and The DevOps Cookbook

Our mission is to positively affect the lives of 1 million IT workers by 2017

If you would like the novel excerpts, “Top 10 Things You Needs To Know About DevOps,” and updates on the book:

Sign up at http://itrevolution.com Email genek@realgenekim.me Hand me a business card

Gene Kim, Tripwire founder, Visible Ops co-author

If you’d like the slides from today’s presentation…

Text your first name, email address and “68383” to:

+1 (858) 598-3980

Or visit: http://www.instantcustomer.com/go/68383

Or scan this QR Code:

When IT Fails The Business Fails...

Business

Transcript of When IT Fails The Business Fails...

8-When All Else Fails Backflow Prevention

When resilience fails: dual diagnosis among phiihysicians · When resilience fails: dual diagnosis among phiihysicians María Dolores Braquehais, ... ti Antidepressants ti Hypnotic

What reasons for small business fails

Externalities Market Failures: When the Market Fails.

When civilization fails us

Why Small Business Fails

Silver Linings, When Building a Team Fails

When Government Aid Fails

What Happens in Your Business When the Power Fails?

WHEN POLITICS FAILS: HYPER-DEMOCRACY AND HYPER ...

WHEN TRANSFORMATION FAILS: TWELVE CASE … Rouse Yu When... · WHEN TRANSFORMATION FAILS: TWELVE CASE STUDIES IN THE AMERICAN AUTOMOBILE INDUSTRY ... Ford also perfected the interchangeability

When Governance Fails

When the connection fails

Cyberpunk 2020 - When Gravity Fails

When duct tape fails a christmas story

M-Trends® 2011: When Prevention Fails

When Consignee Fails to Take Delivery

When assertthat(you).understandUnitTesting() fails

How To Submit Assignments When Odyssey Fails

WHEN PROPHECY FAILS? THE THEOLOGY OF THE OSLO …libres.uncg.edu/ir/uncp/f/When Prophecy Fails_The...drawing on the theory of cognitive dissonance. In ‘‘When Prophecy Fails’’