when it fails the business fails

69
@RealGeneKim, [email protected] Session ID: Gene Kim Author, Visible Ops Handbook ProKarma Seminar August 20, 2012 When IT Fails… The Business Fails…

Upload: gene-kim

Post on 13-May-2015

790 views

Category:

Business


2 download

DESCRIPTION

ProKarma Seminar 8/21/12

TRANSCRIPT

Page 1: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Session ID:

Gene Kim

Author, Visible Ops Handbook

ProKarma Seminar

August 20, 2012

When IT Fails…The Business Fails…

Page 2: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 3: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Now, More Than Ever…

Even in “low-tech industries,” 95% of all capital projects have an IT component…

50% of all capital spending is technology-related

We are here…

Where we need to be…

IT is always in the way

(again…)

Page 4: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Comparison Of Turnover For CEOs and CFOs…

N=184“Clean” vs.

Material weakness (no IT related issues)

Material weakness (with IT related issues)

CEO 2.0x higher 8.0x higher*

CFO 1.7x higher 3.6x higher

CIO 2.2x higher 2.2x higher

When firms with IT-related material weaknesses are compared with the other two groups, there are some startling differences in executive turnover…

* These firms also 2.6 less likely to be profitable than “clean” firms

Source: Forthcoming Paper: Richardson, Masli, Watson, Zmud, Sarbanes-Oxley Information Technology Material Weaknesses And The Disciplining Of The CEO, CFO And CIO

Page 5: When IT Fails The Business Fails

@RealGeneKim, [email protected]

There’s a hidden gas, that we can’t see, taste, touch, smell, and it’s killing CEOs everywhere.

It’s called IT.

Or more precisely, unplanned work in IT.

Page 6: When IT Fails The Business Fails

@RealGeneKim, [email protected]

it.fail() == business.fail()

Page 7: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Where Did The High Performers Come From?

Page 8: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Over Ten Years, We Benchmarked 1500+ IT Orgs

Page 9: When IT Fails The Business Fails

@RealGeneKim, [email protected]

High Performing IT Organizations High performers maintain a posture of compliance

Fewest number of repeat audit findings One-third amount of audit preparation effort

High performers find and fix security breaches faster 5 times more likely to detect breaches by automated control 5 times less likely to have breaches result in a loss event

When high performers implement changes… 14 times more changes One-half the change failure rate One-quarter the first fix failure rate 10x faster MTTR for Sev 1 outages

When high performers manage IT resources… One-third the amount of unplanned work 8 times more projects and IT services 6 times more applications

Source: IT Process Institute, 2008

Page 10: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Tough Love From Ari Balogh

Page 11: When IT Fails The Business Fails

@RealGeneKim, [email protected]

The Downward SpiralOperations Sees… Too many fragile and insecure

applications in production Too much time required to restore

service Too much firefighting and unplanned

work Planned project work cannot

complete Frustrated customers leave Market share goes down Business misses Wall Street

commitments Business makes even larger

promises to Wall Street

Dev Sees… More urgent, date-driven

projects put into the queue Even more fragile code (less

secure) put into production More releases have

increasingly “turbulent installs” Release cycles lengthen to

amortize “cost of deployments” Bigger deployment failures More time spent on firefighting Ever increasing backlog of work

that cold help the business win Ever increasing amount of

tension between IT Ops, Development, Design…

These aren’t ITSM or IT Operations problems…These are business problems!

Page 12: When IT Fails The Business Fails

@RealGeneKim, [email protected]

My Mission

Chronicle the Hero’s Journey For IT ("When IT Fails: A Business Novel”) so that everyone can gain a shared understanding of how and why IT fails, so they can fix it

13

Page 13: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 14: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 15: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 16: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 17: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 18: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 19: When IT Fails The Business Fails

@RealGeneKim, [email protected]

The State Of The Business

Page 20: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Project Phoenix

Page 21: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Day 1: Payroll Outage

Page 22: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 23: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Day 2: PMO Meeting

Page 24: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 25: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Day 3: The SOX-404 Audit Meeting

Page 26: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 27: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 28: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 29: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 30: When IT Fails The Business Fails

@RealGeneKim, [email protected]

My Mission: Figure Out How Break The IT Core Chronic Conflict

Every IT organization is pressured to simultaneously: Respond more quickly to urgent business needs Provide stable, secure and predictable IT service

Source: The authors acknowledge Dr. Eliyahu Goldratt, creator of the Theory of Constraints and author of The Goal, has written extensively on the theory and practice of identifying and resolving core, chronic conflicts.

Words often used to describe process improvement:“hysterical, irrelevant, bureaucratic, bottleneck, difficult to understand, not

aligned with the business, immature, shrill, perpetually focused on irrelevant technical minutiae…”

Page 31: When IT Fails The Business Fails

@RealGeneKim, [email protected]

2007: Three Controls Predict 60% Of Performance

To what extent does an organization define, monitor and enforce the following? Standardized configuration strategy Process discipline Controlled access to production systems

Source: IT Process Institute, 2008

Page 32: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Visible Ops: Playbook of High Performers

The IT Process Institute has been studying high-performing organizations since 1999 What is common to all the high

performers? What is different between them

and average and low performers?

How did they become great? Answers have been codified in

the Visible Ops Methodology

www.ITPI.org

Page 33: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Release Processes

Release Management

Security Management

Availability & Contingency

Management

Supplier Processes

Customer Relationship

Management

Supplier Management

Capacity Management

Financial Management

Resolution Processes

Incident Management

Problem Management

Service Level Management

Service Reporting

Service Design & Management

Control ProcessesAsset & Configuration Management

Change Management

Automation

Release Processes

Release Management

Security Management

Availability & Contingency

Management

Release Processes

Release Management

Release Processes

Release Management

Security Management

Availability & Contingency

Management

Supplier Processes

Customer Relationship

Management

Supplier Management

Capacity Management

Financial Management

Supplier Processes

Customer Relationship

Management

Supplier Management

Supplier Processes

Customer Relationship

Management

Supplier Management

Capacity Management

Financial Management

Resolution Processes

Incident Management

Problem Management

Service Level Management

Service Reporting

Service Design & Management

Control ProcessesAsset & Configuration Management

Change Management

Automation

Resolution Processes

Incident Management

Problem Management

Service Level Management

Service Reporting

Service Design & Management

Control ProcessesAsset & Configuration Management

Change Management

Automation

Visible Ops Security: Linking Security and IT Operations Objectives In 4 Practical Steps

Sources: ITPI Visible Ops & IT Infrastructure Library (ITIL) / BS 15000

Phase 4Continually improve

Phase 3 Establish

repeatable build library

Phase 2Catch and release, find fragile artifacts

Phase 1 Electrify fence,

modify first response

Page 34: When IT Fails The Business Fails

@RealGeneKim, [email protected]: John Allspaw

Page 35: When IT Fails The Business Fails

@RealGeneKim, [email protected]: John Allspaw

Page 36: When IT Fails The Business Fails

@RealGeneKim, [email protected]

The First Way:Systems Thinking

Page 37: When IT Fails The Business Fails

@RealGeneKim, [email protected]

The First Way:Systems Thinking

(Business) (Customer)

Page 38: When IT Fails The Business Fails

@RealGeneKim, [email protected]

The Second Way:Amplify Feedback Loops

Page 39: When IT Fails The Business Fails

@RealGeneKim, [email protected]

The Third Way:Culture Of Continual Experimentation And Learning

Page 40: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Good News: It Can Be Done

Bad News: You Can’t Do It Alone

Page 41: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Ops

Page 42: When IT Fails The Business Fails

@RealGeneKim, [email protected]

QA And Test

Source: Flickr: vandyll

Page 43: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Development

Page 44: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Process And Controls

Page 45: When IT Fails The Business Fails

@RealGeneKim, [email protected]: Flickr: birdsandanchors

Product Management And Design

Page 46: When IT Fails The Business Fails

@RealGeneKim, [email protected]

What Does Transformation Feel Like?

47

Page 47: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Find What’s Most Important First

Page 48: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Quickly Find What Is Different…

Page 49: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Before Something Bad Happens…

Page 50: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Find Risk Early…

Page 51: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Communicate It Effectively To Peers…

Page 52: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Hold People Accountable…

Page 53: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Based On Objective Evidence…

Page 54: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Answer Important Questions…

Page 55: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Recognize Compounding Technical Debt…

Page 56: When IT Fails The Business Fails

@RealGeneKim, [email protected]

That Gets Worse…

Page 57: When IT Fails The Business Fails

@RealGeneKim, [email protected]

And Fixing It…

Source: Pingdom

Page 58: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Have What We Need, When We Need It…

Page 59: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Big Things Get Done Quickly…

Page 60: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Ever Increasing Situational Mastery…

Page 61: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Help The Business Win…

Page 62: When IT Fails The Business Fails

@RealGeneKim, [email protected]

With Support From Your Peers…

Page 63: When IT Fails The Business Fails

@RealGeneKim, [email protected]

And Do More With Less Effort…

Page 64: When IT Fails The Business Fails

@RealGeneKim, [email protected]

This Is An Important ProblemOperations Sees… Fragile applications are prone to failure Long time required to figure out “which

bit got flipped” Detective control is a salesperson Too much time required to restore

service Too much firefighting and unplanned

work Urgent security rework and

remediation Planned project work cannot complete Frustrated customers leave Market share goes down Business misses Wall Street

commitments Business makes even larger promises

to Wall Street

Dev Sees… More urgent, date-driven projects

put into the queue Even more fragile code (less

secure) put into production More releases have increasingly

“turbulent installs” Release cycles lengthen to

amortize “cost of deployments” Failing bigger deployments more

difficult to diagnose Most senior and constrained IT ops

resources have less time to fix underlying process problems

Ever increasing backlog of work that cold help the business win

Ever increasing amount of tension between IT Ops, Development, Design…

Page 65: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 66: When IT Fails The Business Fails

@RealGeneKim, [email protected]

Page 67: When IT Fails The Business Fails

@RealGeneKim, [email protected]

When IT Fails: A Business Novel and The DevOps Cookbook

Coming in Winter 2012/2013

“In the tradition of the best MBA case studies, this book should be mandatory reading for business and IT graduates alike.”Paul Muller, VP Software Marketing, Hewlett-Packard

“The greatest IT management book of our generation.”Branden Williams, CTO Marketing, RSA

Gene Kim, Tripwire founder, Visible Ops co-author

Page 68: When IT Fails The Business Fails

@RealGeneKim, [email protected]

When IT Fails: The Novel and The DevOps Cookbook

Our mission is to positively affect the lives of 1 million IT workers by 2017

If you would like the novel excerpts, “Top 10 Things You Needs To Know About DevOps,” and updates on the book:

Sign up at http://itrevolution.com Email [email protected] Hand me a business card

Gene Kim, Tripwire founder, Visible Ops co-author

Page 69: When IT Fails The Business Fails

@RealGeneKim, [email protected]

If you’d like the slides from today’s presentation…

Text your first name, email address and “68383” to:

+1 (858) 598-3980

Or visit: http://www.instantcustomer.com/go/68383

Or scan this QR Code:

70