DevOps automated governance
“A lot of our systems are completely unverifiable, not because we don’t have the technology to verify it, we literally don’t have the specifications to say what is or isn’t legitimate for the system.”
—Bill Bensing
In July, we witnessed the CrowdStrike event, which was dubbed the largest outage in the history of IT. Why do such accidents happen so often in IT? One reason is that the software industry doesn’t follow the same approach as more mature industries. Manufacturing and construction have established regulations and standards, but the software industry has no such standards. Why is this so?
A common excuse is that we cannot compare knowledge work in the software industry with manufacturing work in electronics and construction because knowledge work involves a lot of creativity.
Let’s consider the software industry for a moment. True, there is creativity in coding. But coding is only a small part of the total software lifecycle. What about the rest of the process? Everything that happens after a commit and until the software is decommissioned—building, deploying, testing, releasing, and maintenance—can be standardized. Even if we look at the coding part, many things haven’t changed for years. The Gang of Four (GoF) Design Patterns were published in 1994, and we’re still using them.
Standards imply having blueprints, specifications and operational definitions that define how things are done. Blueprints are constraints that safeguard how the final implementation should look. And constraints are a good thing.
“Constraints create flow.”
—John Willis
Imagine a river without its banks. The water would never flow; it would just spill in all directions. Constraints limit options, which is a good thing in this context. Optionality means that something can happen. If there is a probability that something can happen, rest assured, it will happen—accidents included!
That’s why we need constraints, which come in the form of blueprints, specifications and operational definitions. In mature industries, these are standardized with industry standards. To be honest, the European DORA and NIS2 regulations are crutches to make up for the lack of industry standards. Until we get such standards in the software industry, providing transparency about current technical practices becomes a competitive advantage for any vendor.
DevOps automated governance and operational definitions
Bill Bensing and John Willis
The CrowdStrike event has reminded us that we entered a world of complex systems long ago, where too many things are happening in parallel. There is no way for a human being to oversee everything. The old control paradigms don’t work on this scale. Why is this so, and how can DevOps automated governance help? I asked my friends Bill Bensing and John Willis.
Trailblazers meetup
Bill Bensing will join me in Munich this October at the CROZ community meetup called Trailblazers, where we will talk about DORA regulation and autonomous assurance in a complex world. If you’re near Munich in October—and honestly, I don’t know where else you would want to be in October if not in Munich :))—stay tuned for the Trailblazers meetup announcement and come join us!
If you’d like to discuss any topic from our software, data, and AI engineering world, let me know!
Read with us
Normal Accidents: Living with High-Risk Technologies
Get the bookComplex systems that are tightly coupled in their interactions will inevitably end up in an unpredictable state. Unfortunately, these unpredictable and emergent behaviors manifest as accidents. The inevitability of these events gave them the name “normal accidents”—it’s not a matter of if they will happen, but when they will happen. Think of events such as the Three Mile Island accident and similar incidents.
The book analyzes complex systems from a sociological perspective and helps us understand their dynamics.
Quote of the day
“The purpose of an organization is to enable ordinary human beings to do extraordinary things.”
–Peter Drucker
Sharing is caring
If you find 0800-DEVOPS useful, share it with your friends, check out the archive and subscribe to receive it in your mailbox.