Q
Back

Position paper: DevOps Governance & Management

Governance & management always means customization

Do you still need governance & management if you’re working with DevOps?

An increasing number of organizations quite rightly want to make governance & management as lean as possible, especially when they switch to working with DevOps. The question they then ask is whether governance & management is really still needed and if so, what the minimum requirements should be. We provide a brief answer to that question in this paper. Of course, a longer answer is also available and, needless to say, we realize every situation is different.

In this positioning paper, we outline the following:

  • What do you need in terms of governance & management if your organization’s way of working is based on DevOps.
  • What this means for your DevOps-based organization.
  • How governance & management can be developed further once DevOps has been implemented.

The case: DevOps teams working with outsourced infrastructure

As an example, let’s take an organization that outsourced its infrastructure to a service provider years ago and has also introduced more and more cloud solutions in recent years. Meanwhile, application development and management has become increasingly based on DevOps: product owners set priorities and DevOps teams are responsible for new features and application management. Reluctantly, the teams are expanding their application management to a 24/7 service. However, this management does not extend to the infrastructure. Suppliers and internal infra teams are therefore responsible for this. The organization is wondering what kind of governance & management is still needed.

The four forms of governance & management needed in a DevOps environment

DevOps services have the great advantage of being developed and managed in conjunction with the business. In principle, no governance & management is needed. However, because there is almost always an environment that consists of other services, internal and external standards as well as suppliers, we see that adding the following forms of governance & management is usually necessary (also see Figure 1):

  1. Centralized governance: At the strategic level, governance is always needed to set the preconditions for the delivery flows. For example, the enterprise architecture, sourcing choices, financial agreements, internal and external regulations, and management of the overall risk profile.
  2. Customer service management: To ensure customers can easily purchase all IT services (including those bought collectively), service management is required, for example, for managing the service catalog and controlling – and possibly settling – service costs.
  3. Change management: Change management is needed to ensure the various services remain aligned in terms of data and functionality and/or do not disrupt each other when a change is implemented. And in particular to answer the paramount question of what can be changed and when.
  4. Supplier management: Shared supplier management is necessary to ensure control of the suppliers involved remains optimal and the scale advantage of the entire organization can be fully exploited. Centralized procurement and managed usage also provide benefits in the case of cloud usage.

Figure 1: Possible DevOps governance & management

How governance & management develops as an organization changes as a result of DevOps and cloud

Our example organization also needs four forms of governance & management. We are, however, aware that most DevOps teams see this as restricting their autonomy. In time, we, therefore, expect the following shifts:

  • As centralized governance provides more explicit frameworks, DevOps teams will be able to use self-management more and more. Examples of frameworks that should be provided include an enterprise architecture and an integrated sourcing policy.
  • As the business becomes more integrally involved in steering the DevOps teams, the need for service management will decrease. However, shared services (such as managed workplace services) remain desirable. Governance & management must also ensure services can make use of each other’s data and interfaces and, for example, the financial settlement and/or use of the entire financial budget is in order.
  • As applications are realized more often using SaaS or PaaS solutions, responsibility for change management will be given to the DevOps teams. Centralized change management will then become less important, except when interfaces between services are affected.
  • Finally, as DevOps teams increasingly have their own specific suppliers, less overall supplier management will be needed. Governance & management of the infrastructure contract is still needed at this point to ensure that the many cloud solutions do not increase overall infrastructure costs. In addition, we see the value of framework agreements that govern the hiring of DevOps staff and support the growth of collaboration with suppliers.

Governance & management is and will remain a continuous process, whereby the organization in which it takes place must continually change in step with the governance & management objects. Governance & management always means customization!

Written by Ronald Israels and Menzo Meijer, Principal Consultants at Quint.

Tags
DevOps, IT Governance