Is your company really Cloud Ready, or is risk-averse governance holding it back?
The cloud is not just another “IT thing” that only IT people should care about. By realising a pace of agility never previously achievable, the cloud is turning the business world on its head. In the pre-cloud days, it was not uncommon for a new idea to take 6 months before it could be tested at even a small scale. Today, you can have an idea in the shower that morning and have it deployed company-wide by the end of the day. The difference in pace is that profound.
The problem is that, while most organisations could work at this pace, most don’t. They might have the technology, leadership support, budget etc. to operate at this “same day” pace, but they don’t. Why not?
The problem is caused by legacy attitudes to risk, which drives processes and policies which slam the brakes on change. When it comes to IT, the goal of most organisations is to minimise risks to the organisation’s reputation. “Is it safe, secure and legal?” Since IT projects were traditionally very large in scope, the emphasis on risk mitigation made sense, since the changes they would make to the organisation would be significant. If it failed, it failed big time.
Cloud, thanks to its DevOps approach, is the polar opposite of this; with a focus on iterative development and deployment. Since changes are delivered in small increments which can be rolled back very easily, the risk to the organisation is minimal. While most organisations recognise this, the majority of service management frameworks are still not predicated for this more iterative approach and the lower risks they bring – they are still very structured, process driven and risk averse, which prevents most organisations from moving at a true “cloud pace.”
The solution is to measure IT differently, shifting the primary focus of a project away from risk management, and onto outcomes. Ultimately, what outcomes will this project deliver to my customer? This is the only question to ask.
The other question, from a practical point of view is; “Are the government frameworks set up for this approach?” Thankfully, yes they are! The GDS framework is already written for this form of agile project delivery. The question therefore becomes, “How do we change our internal governance to fully reflect this too?”
Is risk-averse governance holding back your ability to work in a fully agile way?