when it fails the business fails
DESCRIPTION
ProKarma Seminar 8/21/12TRANSCRIPT
@RealGeneKim, [email protected]
Session ID:
Gene Kim
Author, Visible Ops Handbook
ProKarma Seminar
August 20, 2012
When IT Fails…The Business Fails…
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
Now, More Than Ever…
Even in “low-tech industries,” 95% of all capital projects have an IT component…
50% of all capital spending is technology-related
We are here…
Where we need to be…
IT is always in the way
(again…)
@RealGeneKim, [email protected]
Comparison Of Turnover For CEOs and CFOs…
N=184“Clean” vs.
Material weakness (no IT related issues)
Material weakness (with IT related issues)
CEO 2.0x higher 8.0x higher*
CFO 1.7x higher 3.6x higher
CIO 2.2x higher 2.2x higher
When firms with IT-related material weaknesses are compared with the other two groups, there are some startling differences in executive turnover…
* These firms also 2.6 less likely to be profitable than “clean” firms
Source: Forthcoming Paper: Richardson, Masli, Watson, Zmud, Sarbanes-Oxley Information Technology Material Weaknesses And The Disciplining Of The CEO, CFO And CIO
@RealGeneKim, [email protected]
There’s a hidden gas, that we can’t see, taste, touch, smell, and it’s killing CEOs everywhere.
It’s called IT.
Or more precisely, unplanned work in IT.
@RealGeneKim, [email protected]
it.fail() == business.fail()
@RealGeneKim, [email protected]
Where Did The High Performers Come From?
@RealGeneKim, [email protected]
Over Ten Years, We Benchmarked 1500+ IT Orgs
@RealGeneKim, [email protected]
High Performing IT Organizations High performers maintain a posture of compliance
Fewest number of repeat audit findings One-third amount of audit preparation effort
High performers find and fix security breaches faster 5 times more likely to detect breaches by automated control 5 times less likely to have breaches result in a loss event
When high performers implement changes… 14 times more changes One-half the change failure rate One-quarter the first fix failure rate 10x faster MTTR for Sev 1 outages
When high performers manage IT resources… One-third the amount of unplanned work 8 times more projects and IT services 6 times more applications
Source: IT Process Institute, 2008
@RealGeneKim, [email protected]
Tough Love From Ari Balogh
@RealGeneKim, [email protected]
The Downward SpiralOperations Sees… Too many fragile and insecure
applications in production Too much time required to restore
service Too much firefighting and unplanned
work Planned project work cannot
complete Frustrated customers leave Market share goes down Business misses Wall Street
commitments Business makes even larger
promises to Wall Street
Dev Sees… More urgent, date-driven
projects put into the queue Even more fragile code (less
secure) put into production More releases have
increasingly “turbulent installs” Release cycles lengthen to
amortize “cost of deployments” Bigger deployment failures More time spent on firefighting Ever increasing backlog of work
that cold help the business win Ever increasing amount of
tension between IT Ops, Development, Design…
These aren’t ITSM or IT Operations problems…These are business problems!
@RealGeneKim, [email protected]
My Mission
Chronicle the Hero’s Journey For IT ("When IT Fails: A Business Novel”) so that everyone can gain a shared understanding of how and why IT fails, so they can fix it
13
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
The State Of The Business
@RealGeneKim, [email protected]
Project Phoenix
@RealGeneKim, [email protected]
Day 1: Payroll Outage
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
Day 2: PMO Meeting
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
Day 3: The SOX-404 Audit Meeting
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
My Mission: Figure Out How Break The IT Core Chronic Conflict
Every IT organization is pressured to simultaneously: Respond more quickly to urgent business needs Provide stable, secure and predictable IT service
Source: The authors acknowledge Dr. Eliyahu Goldratt, creator of the Theory of Constraints and author of The Goal, has written extensively on the theory and practice of identifying and resolving core, chronic conflicts.
Words often used to describe process improvement:“hysterical, irrelevant, bureaucratic, bottleneck, difficult to understand, not
aligned with the business, immature, shrill, perpetually focused on irrelevant technical minutiae…”
@RealGeneKim, [email protected]
2007: Three Controls Predict 60% Of Performance
To what extent does an organization define, monitor and enforce the following? Standardized configuration strategy Process discipline Controlled access to production systems
Source: IT Process Institute, 2008
@RealGeneKim, [email protected]
Visible Ops: Playbook of High Performers
The IT Process Institute has been studying high-performing organizations since 1999 What is common to all the high
performers? What is different between them
and average and low performers?
How did they become great? Answers have been codified in
the Visible Ops Methodology
www.ITPI.org
@RealGeneKim, [email protected]
Release Processes
Release Management
Security Management
Availability & Contingency
Management
Supplier Processes
Customer Relationship
Management
Supplier Management
Capacity Management
Financial Management
Resolution Processes
Incident Management
Problem Management
Service Level Management
Service Reporting
Service Design & Management
Control ProcessesAsset & Configuration Management
Change Management
Automation
Release Processes
Release Management
Security Management
Availability & Contingency
Management
Release Processes
Release Management
Release Processes
Release Management
Security Management
Availability & Contingency
Management
Supplier Processes
Customer Relationship
Management
Supplier Management
Capacity Management
Financial Management
Supplier Processes
Customer Relationship
Management
Supplier Management
Supplier Processes
Customer Relationship
Management
Supplier Management
Capacity Management
Financial Management
Resolution Processes
Incident Management
Problem Management
Service Level Management
Service Reporting
Service Design & Management
Control ProcessesAsset & Configuration Management
Change Management
Automation
Resolution Processes
Incident Management
Problem Management
Service Level Management
Service Reporting
Service Design & Management
Control ProcessesAsset & Configuration Management
Change Management
Automation
Visible Ops Security: Linking Security and IT Operations Objectives In 4 Practical Steps
Sources: ITPI Visible Ops & IT Infrastructure Library (ITIL) / BS 15000
Phase 4Continually improve
Phase 3 Establish
repeatable build library
Phase 2Catch and release, find fragile artifacts
Phase 1 Electrify fence,
modify first response
@RealGeneKim, [email protected]: John Allspaw
@RealGeneKim, [email protected]: John Allspaw
@RealGeneKim, [email protected]
The First Way:Systems Thinking
@RealGeneKim, [email protected]
The Second Way:Amplify Feedback Loops
@RealGeneKim, [email protected]
The Third Way:Culture Of Continual Experimentation And Learning
@RealGeneKim, [email protected]
Ops
@RealGeneKim, [email protected]
Development
@RealGeneKim, [email protected]
Process And Controls
@RealGeneKim, [email protected]: Flickr: birdsandanchors
Product Management And Design
@RealGeneKim, [email protected]
Find What’s Most Important First
@RealGeneKim, [email protected]
Quickly Find What Is Different…
@RealGeneKim, [email protected]
Before Something Bad Happens…
@RealGeneKim, [email protected]
Find Risk Early…
@RealGeneKim, [email protected]
Communicate It Effectively To Peers…
@RealGeneKim, [email protected]
Hold People Accountable…
@RealGeneKim, [email protected]
Based On Objective Evidence…
@RealGeneKim, [email protected]
Answer Important Questions…
@RealGeneKim, [email protected]
Recognize Compounding Technical Debt…
@RealGeneKim, [email protected]
That Gets Worse…
@RealGeneKim, [email protected]
Have What We Need, When We Need It…
@RealGeneKim, [email protected]
Big Things Get Done Quickly…
@RealGeneKim, [email protected]
Ever Increasing Situational Mastery…
@RealGeneKim, [email protected]
Help The Business Win…
@RealGeneKim, [email protected]
With Support From Your Peers…
@RealGeneKim, [email protected]
And Do More With Less Effort…
@RealGeneKim, [email protected]
This Is An Important ProblemOperations Sees… Fragile applications are prone to failure Long time required to figure out “which
bit got flipped” Detective control is a salesperson Too much time required to restore
service Too much firefighting and unplanned
work Urgent security rework and
remediation Planned project work cannot complete Frustrated customers leave Market share goes down Business misses Wall Street
commitments Business makes even larger promises
to Wall Street
Dev Sees… More urgent, date-driven projects
put into the queue Even more fragile code (less
secure) put into production More releases have increasingly
“turbulent installs” Release cycles lengthen to
amortize “cost of deployments” Failing bigger deployments more
difficult to diagnose Most senior and constrained IT ops
resources have less time to fix underlying process problems
Ever increasing backlog of work that cold help the business win
Ever increasing amount of tension between IT Ops, Development, Design…
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
@RealGeneKim, [email protected]
When IT Fails: A Business Novel and The DevOps Cookbook
Coming in Winter 2012/2013
“In the tradition of the best MBA case studies, this book should be mandatory reading for business and IT graduates alike.”Paul Muller, VP Software Marketing, Hewlett-Packard
“The greatest IT management book of our generation.”Branden Williams, CTO Marketing, RSA
Gene Kim, Tripwire founder, Visible Ops co-author
@RealGeneKim, [email protected]
When IT Fails: The Novel and The DevOps Cookbook
Our mission is to positively affect the lives of 1 million IT workers by 2017
If you would like the novel excerpts, “Top 10 Things You Needs To Know About DevOps,” and updates on the book:
Sign up at http://itrevolution.com Email [email protected] Hand me a business card
Gene Kim, Tripwire founder, Visible Ops co-author
@RealGeneKim, [email protected]
If you’d like the slides from today’s presentation…
Text your first name, email address and “68383” to:
+1 (858) 598-3980
Or visit: http://www.instantcustomer.com/go/68383
Or scan this QR Code:
70