cross process governance: how to balance agility & compliance

Copyright © 2014, Intellyx, LLC

1

Cross-Process Governance

How to Balance Agility & Compliance

Jason Bloomberg

President

[email protected]

@theebizwizard

About Jason Bloomberg

• President of Intellyx

• Advise companies on their digital transformation initiatives & help vendors communicate their agility stories

• Write for Forbes, Wired, & DevX on Digital Transformation

• Buy my latest book, The Agile Architecture Revolution

Copyright © 2014, Intellyx, LLC2

How do You Manage?

• Each Line of Business/Division has its own goals & business outcomes

• LoB Management drives toward optimizing those outcomes

• Maximize shareholder value/profit/revenue

• Better-Faster-Cheaper, then repeat


Photo

Cre

dit:

Kenny L

oule

htt

ps:/

/ww

w.f

lickr.

com

/photo

s/k

wl/

The Problem with Better-Faster-Cheaper

• BFC pushes technology and the organization to its breaking point

• Less able to deal with disruption, leading to failure when the unexpected happens

• Failure can occur anywhere

• Resilience eventually becomes top priority


Photo

Cre

dit:

Frits

Ahle

feld

t-Laurv

ightt

ps:/

/ww

w.f

lickr.

com

/photo

s/h

ikin

gart

ist/

Optimization vs. Innovation


InnovationDisrupt status quo

to allow human creativity to

flourish

OptimizationEstablish

feedback loops that maximize

business outcome

Innovativeness

• The ability to introduce change into the business environment in order to achieve a strategicadvantage

– New products or services

– Expand market share

– Enter new markets


Photo

Cre

dit:

Kay K

im h

ttps:/

/ww

w.f

lickr.

com

/photo

s/k

aykim

/3883340152/s

izes/o

/

Business Agility

• Responsiveness

– Tactical value

• Resilience

– Risk mitigation

• Innovativeness

– Strategic value

Copyright © 2014, Intellyx, LLC7 Photo

Cre

dit:

Masonite B

urn

htt

ps:/

/ww

w.f

lickr.

com

/photo

s/m

asonite-b

urn

/6273626739/s

izes/l

Ability to respond to change in the business environment and leverage change for competitive advantage

Innovation Requires Disruption

• External Disruption

– Competitive pressures/new entrants

– Globalization

– Regulation

• Internal Disruption

– Digital Transformation efforts

– Innovation initiatives


Photo

Cre

dit:

Charl

es W

agner

htt

ps:/

/ww

w.f

lickr.

com

/photo

s/c

hazw

ags/

Disruption Introduces Risk

• Optimization without disruption stifles innovation

• Disruption without optimization is an innovation crap shoot

• Optimize what you can & disrupt what you must


Photo

Cre

dit:

epSos

.de h

ttps:/

/ww

w.f

lickr.

com

/photo

s/e

psos/

Mitigate risk with resilience

Resilience

• The ability to respond quickly and efficiently to negative change in the business environment

– Managing risk

– Bouncing back from adverse events

– Disaster recovery

• Tactical business driver


Photo

Cre

dit:

Joe h

ttps:/

/ww

w.f

lickr.

com

/photo

s/b

itshaker/

167480266/s

izes/o

/

The opposite of brittleness

Process for Innovation?


Disrupt Innovate

Innovation is not a typical business process!

Recipe for Agility


Better Way to Manage

• Build cross-organizational teams

• Understand when to optimize and when to innovate

• Embrace disruption

• Encourage resilience

• Give people the tools they need and get out of their way


Photo

Cre

dit:

Philip

Leara

htt

ps:/

/ww

w.f

lickr.

com

/photo

s/p

hille

ara

/

Bimodal IT: The Wrong Way

• Digital Team

– Self-organizing

– Fast-moving

– May follow Agile at least in spirit

– Little governance

• Traditional IT

– Hierarchical

– Slow-moving

– Waterfall-centric

– Formal, bureaucratic governance


Photo

Cre

dit:

Keith W

illiam

son h

ttps:/

/ww

w.f

lickr.

com

/photo

s/e

lwillo

/

Ungoverned Shadow IT is Result

Rethinking Bimodal IT

• Business-driven transformation of traditional IT

– Iterative

– Opportunistic legacy modernization

– Cross-cutting reorganization to DevOps culture

– Increased collaboration with digital teams

– Move toward continuous development & integration


Photo

Cre

dit:

Andre

w M

agill htt

ps:/

/ww

w.f

lickr.

com

/photo

s/a

magill/

Increased automation of governance

Connecting IT Governance to GRC

• Governance, Risk Management, & Compliance

– Broad-based business context

– Traditional GRC tools “hard-wired” to applications

– Inflexible

– Separate architectural context from IT governance

• Business agility requires automation of GRC


Photo

Cre

dit:

Mic

hael Coghla

nhtt

ps:/

/ww

w.f

lickr.

com

/photo

s/m

ikecogh/

Governance as Agility Enabler

• Simple rules & policies lead to complex emergent behavior

– Which ones lead to agility?

• Levels of governance

– Low-level rules & policies

– Departmental

– Organizational

• Governance has negative connotation

– Reputation for limiting productivity

– Governance, Risk, & Compliance tools integrated in traditional manner


Photo

Cre

dit:

Mik

e L

ew

inski htt

ps:/

/ww

w.f

lickr.

com

/photo

s/i

kew

inski/

9430887561/s

izes/l

Separating Software Behavior into Policy Layer

• “Policy” defined as rule or set of rules

• “Aspects” in aspect-oriented programming

• Generally, “constraints” on behavior of system

• Can apply narrowly or broadly

• Technical context, business context, or both


Photo

Cre

dit:

Gle

n S

carb

oro

ugh h

ttps:/

/ww

w.f

lickr.

com

/photo

s/p

hoto

gra

pherg

len/

Layers of Abstraction


META Dealing with Change (metaprocesses, metapolicies, etc. )

DYNAMIC Abstract Models (dynamic schemas, dynamic APIs, etc.)

ABSTRACTED (LOGICAL)

Abstracted Technology (schemas, software interfaces, etc.)

PHYSICAL Technology (software, middleware, databases, etc.)

Supporting Policy Change

• Create dynamic policy models

• Represent policies as metadata

• Establish metapolicies for policy change

• Implement technology that supports policy creation, mediation, and enforcement


Photo

Cre

dit:

jason

Rogers

htt

ps:/

/ww

w.f

lickr.

com

/photo

s/r

estlessglo

betr

ott

er/

Metapolicies & Governance

• Meta

– How variable must policies be?

– What are your policies for doing governance?

• Dynamic

– How to represent policies abstractly?

– Realize dynamic policy representations by governance infrastructure

• Abstract

– Metadata representations of individual policies


Photo

Cre

dit:M

ike

Mozart

htt

ps:/

/ww

w.f

lickr.

com

/photo

s/j

eepers

media

/

Automating Compliance

• Policies that apply to human behavior

– Provide tools that make it easy to comply

• Policies that apply to technology behavior

– Fully automated compliance

• Shift human behavior to automated behavior when appropriate

– Especially when compliance is improved


Photo

Cre

dit:

Robin

Zebro

wskihtt

ps:/

/ww

w.f

lickr.

com

/photo

s/f

irepile/

Shifting Role of Governance

• Old Way

– Paperwork-heavy

– Morale-killing policies & procedures

– Bureaucratic & slow

– “Scar tissue” that impedes innovation

• New Way

– Highly automated

– Focus on “edge cases” where governance is essential

– Depends on dynamic constraint satisfaction


Photo

Cre

dit:

Pascal htt

ps:/

/ww

w.f

lickr.

com

/photo

s/p

asukaru

76/

Introducing Dynamic Constraint Satisfaction

• Constraint satisfaction

– Process of finding a solution to a set of constraints that impose conditions that variables must satisfy

• Dynamic constraint satisfaction

– Set of constraints evolves

• Conditions are policies & rules

• Every person & system within an organization is expected to comply with multiple layers of policies and rules

• Policies and rules are always subject to change


Photo

Cre

dit:

Pin

k S

herb

et

Photo

gra

phy h

ttps:/

/ww

w.f

lickr.

com

/photo

s/p

inksherb

et/

Dynamic Constraint and Emergence

• Dynamic constraint satisfaction ensures all rules comply with

– Applicable regulations

– Policies

– Other rules across the entire organization

• Automating the solution of such problems in real time leads to emergent behaviors

– Unpredictable behaviors taken together lead to higher order of behavior of organization as a whole


Photo

Cre

dit:

Sid

Mosdell

htt

ps:/

/ww

w.f

lickr.

com

/photo

s/s

idm

/

Dynamic Constraint Satisfaction

• Enforce the full breadth of business & technical policies

• Run time environment must solve for the combination of all applicable policies

– Dynamically at run time

– Across the entire application environment


Photo

Cre

dit:

Robson#

htt

ps:/

/ww

w.f

lickr.

com

/photo

s/_

robson_/

Governance & Agility?

• Do we get business agility?

• Agility doesn’t mean chaos

– If everybody in an organization did whatever they wanted to without any rules or policies

– Rules & policies inconsistently communicated or applied

• Secret to business agility is to empower people to innovate within constraints of organizational policy


Photo

Cre

dit:

Pascal htt

ps:/

/ww

w.f

lickr.

com

/photo

s/p

asukaru

76/

Closing the Loop on Governance

• Rules & policies may lead to undesirable behavior

• Measure effects in context of operating business

– Customer behavior, financial metrics, etc.

• Big Data analysis of policy efficacy

– Feedback for continual improvement

• Avoid confirmation bias

– Favoring evidence that supports hypotheses


Photo

Cre

dit:

Dave G

ough h

ttps:/

/ww

w.f

lickr.

com

/photo

s/s

paceple

b/

Cross-Process Governance

• Governance as layers of policies & rules

• Need to calculate effective policy

• Cross-process, cross-organization, in & out of Cloud

• In real time


Process “A” Team “C”Division “B”

Cross-ProcessGovernance

Jason Bloomberg

President, Intellyx

[email protected]

@theebizwizard

Send email NOW to [email protected] to download this presentation

Thank You!