Rugged DevOps is a method that includes security practices as early in the continuous delivery pipeline as possible to increase cybersecurity, speed and quality of releases beyond what current DevOps practices can yield alone. (1) “Rugged “describes software development organizations which have a culture of rapidly evolving their ability to create available, survivable, defensible, secure and resilient software. (2) As business increasingly relies on agile software development, the absence of matching fast-moving security methodologies in the delivery pipeline will essentially increase the risk of a security breach or a cyberattack. Security staff must be imbedded into cross functional teams to ensure a more sustainable and less risky continuous deployment value chain (continuous integration, continuous delivery and continuous testing). The bad guys have already acquired these skills and the use of automation to engage in a continuous attack on our defenses. Security was named

A short while ago I was asked this question from one of our reader: “ I want to set a KPI around how much of the time we meet the SLA. Like 'meeting the SLA x% of the time'. Can someone advise what would be that 'x'? What is the common practice?  Is there an industry standard around this?”   I’m going to have to go with the consultant answer and say it depends.   First, are we talking about a single service to a single customer? Are we talking about multiple services to multiple customers or somewhere in between those two extremes? Your SLAs should include details of the anticipated performance that your customer expects.  First thing you need to do is discuss with your customer what are the levels of utility and warranty they are expecting? Then document and agree these targets are reachable given the resources that are at your disposal and any constraints that may be discovered. The requirements for functionality (utility) should be defined by your BRM pr

Site Reliability Engineering (SRE) is a discipline that incorporates aspects of software engineering and applies that to operations with the goal of creating ultra-scalable and highly reliable software systems.  Google’s mastermind behind SRE, Ben Treynor, describes site reliability as “what happens when a software engineer is tasked with what used to be called operations.” Historically, Dev teams want to release new features in a continuous manner (Change). Ops teams want to make sure that those features don’t break their stuff (Reliability). Of course the business wants both, so these groups have been incentivized very differently leading to what Lee Thompson ( (formerly of E*TRADE) coined the “wall of confusion”.  This inherent conflict creates a downward spiral that creates slower feature time to market, longer deployment cycles, increasing numbers of outages, and an ever increasing amount of technical debt. The discipline of SRE can begin to reduce this dilemma by

What isn’t? With the internet of things there are so many options available to consumers that were not available even one month or one week ago.   With technology and job role functions evolving so fast, the best way to stay current is to become educated.  Here are just a few bits of interesting information. New for Every Day Consumers: In a  recent update Google’s Virtual Globe has introduced a feature called "Voyager." No longer will you be limited to only exploring places you've heard about, nor will you have to resort to randomly clicking on areas of the planet in hopes of finding a gem. Instead, "Voyager" presents you with dozens of curated journeys around the globe. Each voyage is centered around a theme. “Museums Around the World” will take you to a Street View of museums in every corner of the globe. If natural formations are more your speed, " Earth View " will show you "the most striking and enigmatic landscapes available in Goog

Historically, many companies have had a single strategy for selecting, deploying and managing applications. They have had a defined structure for classifying applications by value or functionality, but failed to recognize that applications are fundamentally different based on how and when they are engaged by individuals and the organization as a whole and the pace at which these tools need to be changed and updated.   Many organizations are finding themselves with an enterprise application strategy that fails to satisfy the needs of the business community, which has often led to underutilized applications throughout their portfolio. Gartner’s Pace Layered Application Strategy is a methodology for categorizing applications based on how they are used and how fast they change.   This strategy helps IT organizations rationalize the use of DevOps practices that ensure a faster response and a better ROI, without sacrificing integration, integrity or governance requirements.   The

I learned about ‘The Diffusion of Innovation Theory’ in a DevOps Foundation training course.  I wanted to get my DevOps certification but more than that to learn about what makes a DevOps initiative successful.   When I mentioned the Diffusion of Innovation Theory to a coworker he said “It sounds like Sheldon talking to Raj on “The Big Bang Theory” TV series.  Although the name sounds Big Bangish the usage of this theory could be the real difference for success in any transformational change including DevOps. To start let’s begin with the definition of DevOps. DevOps is a professional and cultural movement that that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will result in an improved ability to design, develop, deploy and operate software and services faster. That’s where this “Big Bang” or Diffusion of Innovation Theory comes in.   De

Integrating Development and Operation teams as well as other functions that have previously been silo’d is key to any development project for all service providers today.   We hear a lot about this in DevOps training and certification classes.   What about security?  You may have heard the term DevSecOps.  This idea and term was coined to ensure that architects and developers include into our requirements and code those things necessary for security. Design architects will also want to ensure that security is integrated throughout the value stream of development, deployment and operations and it is done in such a way so that the complexity is as transparent as possible to the functional teams involved.   How can we do this without impeding our flow of work?    How can we still be able to meet compliance for legislative, legal or regulatory requirements relating to security? This is where Automation comes in.  Collaboration and measurement are key values but automation is also

I remember reading a quote “Every business today is a technology company” or something close to that. As we move from business-IT alignment to business-IT integration and now convergence, it is becoming more and more critical to understand and manage both the business and IT capabilities so that integration of the business strategy, IT strategy and the IT portfolio are seamless.  In today’s business climate it is imperative that the IT organization not only understand what the business strategy is, but be able to initiate and deliver services that not only support it, but help to shape it.  The Business Relationship role, process and capability is integral in making that happen. One of the tools that can be engaged to help facilitate this convergence is the “Business Capability Roadmap.   It is made up of three key components: Roadmap Business Capabilities: Identifies how business capabilities need to change to achieve defined strategies. Roadmap Enabling Capabilities:

In years past you had to have some years behind you so that you could talk about the good old days.  Conversations would start with statements like “Remember when…?”   Today when a conversation starts with those words it could be a young person talking about how they did things last year or last month vs. how they go about their day to day activities today.     Things are changing so fast!  How does this affect educating and training learners and what needs to be tracked and recorded?  Certainly, not the same as it was a decade ago.  A recent solicitation stated “ Use of ed tech is skyrocketing, students on campus tote several devices each, but service needs range from high tech (wifi, connected classroom) to mundane (rat in the cafeteria, dorm toilet won't flush). All those needs have to be logged, serviced, tracked, reported on - hence the high demands on the platform used”.  Opportunity for bigger, better and more technology abounds! The tools that we u

To say that digital technology has changed the world is an understatement. Digital transformations are revolutionizing entire industries and reshaping every aspect of business. To stay competitive, businesses must accelerate the delivery of digital products and services. To meet business demand, IT organizations must accelerate the delivery of secure, high-quality and reliable software features and functionality ( DevOps ). The thing about any transformation, whether it’s the digital transformation affecting the world, or the DevOps transformation affecting IT organizations and their business partners, is that it’s never only about the technology. A successful transformation requires shifts in peoples’ behaviors, mindsets, vocabulary, roles and reporting relationships. It requires changes to processes and to day-to-day operating procedures. Perhaps most importantly, the ability to undertake and achieve any transformation is determined by whether, or not, the company’s leaders

I was recently asked the following: “I want to take the “Release, Control and Validation” (RCV) class.  As a Release Manager, I know it will help but I need to justify this for my manager.  What is the value of taking this class?” Every organization can be effective with release and deployments.  What is needed today is for us not only to get the job done but to do it efficiently.  Efficiency infers that we deliver value, but that we design and deliver services, BETTER, MORE, FASTER THAN EVER BEFORE and at the same time we are being COST effective. The role of Release Manager, although it is central to the release and deployment process, is much broader in scope than many organizations or managers realize.  This role in Best Practice is separate from Change Manager and from the actual Validation and Testing Manager or even the Change Evaluation role.   Frequently these roles will be assigned to one or more persons.  It does not mean that you have to open several new req's

The Business Relationship Manager is a role that serves as a strategic interface between the IT Service Provider and one or more Business Partners (or Business Units within a single organization) to promote, and influence Business Demand for IT services and products. They also work to ensure that the potential business value from those products and services is realized, optimized and properly documented.  The Business Relationship Manager can accomplish this through the engagement of four core disciplines which are defined as part of the house of Business Relationship Management (BRM).  This house is built upon a foundation of BRM competencies which support the Business Relationship Manager role and ensure it has the skills and aptitudes to be effective and deliver value to both the Provider and its Business Partner. The Four Core BRM Disciplines: Demand Shaping: This discipline stimulates and shapes business demand for the provider’s services, capabilities and products. It ensu

The Metaphors for Business Relationship Management (BRM) can be helpful ways to think about and describe the BRM role, discipline and organizational capabilities. There are three metaphors we currently use today.  They are as follows: BRM as a Connector: The BRM acts as a connector between the Service Provider organization and its Business Partners – forging productive connections between Provider resources and the Business Partner and among Business Partners.  There are three primary aspects to the BRM’s role as a connector: Facilitate productive connections and mobilize projects and programs. Stimulate, surface and shape business demand for the Business Partner while increasing the savviness within the Business Partner regarding the Provider’s services and products. Influence the Provider to ensure appropriate supply of services and products, both in terms of quality and capacity. (1)  BRM as an Orchestrator: The BRM also acts as an orchestrator between the Provid

In a previous blog from the ITSM Professor we focused on the relevance of ITIL and ITSM Best Practices to contemporary IT service providers.  We learned how a successful DevOps initiative must embrace ITSM, Lean, Agile and other frameworks and practices to ensure success.  The solution to value is like a diamond and has many facets!  In 1992 I read an article that talked about the key to delivering value and the topic was all about People, Process and Technology. Twenty-five years later I must agree this is still the winning formula.  What might be different is how we view and utilize these for success. What will Change? People – Integrated teams with ownership and accountability. Visualized workflow and clear direction.  Communication, Education and Collaboration required.  Inspire and Educate! Process – NO MORE overburdened bureaucratic d ifficult processes to follow.  We want just enough process, just enough governance and the process activities will no longer be

With the onset of practices such as DevOps, Continuous Delivery, Rugged Code, and Value stream mapping, is ITIL / ITSM Best Practice still relevant? The short and emphatic answer is YES! Let’s look at how ITSM Best Practices are relevant and enable some of the initiatives that are in the foreground of Service Management for many contemporary IT organizations today. DevOps – DevOps is a cultural and professional movement that focuses on communication and collaboration to ensure a balance between responsiveness to dynamic business requirements and stability.   Therefore, things like Lean and Value Stream Mapping, practices like Continuous Delivery and Continuous Deployment, all become a subset or a building block to a successful DevOps initiative.  DevOps is frequently an organic approach toward automating workflow and getting products to market more efficiently. Ok, if we can accept that then the next question is … What are you going to automate?    ITSM Best Practice

In today’s world where demand for up to date services has grown and the lead times for delivery has continued to be shortened I am often asked, what is the best tool? The answer is, of course, “it depends!” Every organization has different needs, budgets and resources, however the requirements for automated building, testing and delivering new functionality has never been greater. Every organization must be able to look at the list of requirements for tools from both the operational and development sides of the IT organization as the functions become more and more integrated. The starting point is a list of generic requirements. An integrated suite is preferable and should include options such as: Service Portfolio Service Catalog Service Design Tools Discovery/Deployment/Licensing Technology Workflow or process engines CMDB’S Configuration Management Systems (CMS) Self Help for Users Remote Control Diagnostic Utilities Reporting Tools/Dashboards Service K

I have often been asked what value does the Service Acceptance Criteria (SAC) provide?  Along with other criteria and elements, the Service Acceptance Criteria forms what is described in ITIL and the Service Design Package.  With so much importance on Design, Development and Deployment, the significance of the SAC increases as we look to optimize service value.  Do you want to increase value to your business and customers? First let’s understand what the SAC is.  Service Acceptance Criteria:   A set of criteria used to ensure that an IT Service meets its functionality and quality requirements and that the IT Service Provider is ready to operate the new IT Service when it has been deployed. This set of criteria is in the form of a formal agreement that an IT Service, Process, Plan or other deliverable is complete, accurate, reliable and meets the specified requirements.  In the past, this has sometimes been thought of and enacted on at the end of the value stream. High performi