Tuesday, June 16, 2015

Darwin, Dodd-Frank and the Lean Enterprise [feedly]

Darwin, Dodd-Frank and the Lean Enterprise
// Chef Blog

What are the biggest ideas that will shape 21st Century companies?

Opinions vary, but here's my nomination for the top three:

  1. Natural Selection. The basic idea is that, over many iterations, the fittest are selected, and the weak wither away. Natural selection has been applied to economics, management theory (read corporate politics), computer programming and other disciplines.
  2. Conway's Law. Conway's Law states that organizations create systems that resemble their communication structures. If the idea of fitness became pervasive in the 20th century, the story of modern corporate change in the 21st is one of breaking down silos, especially between functional contributors to the product development process. DevOps is a famous example. Some extend it to DevSecOps. What's next? MarkDevSecOps? FinDevMarkSecOps?
  3. Lean principles. Lean principles were first applied to manufacturing, but the core precepts of Lean thinking have since been applied to many different types of production lines, including software. The main idea is that if you focus on customer value and remove everything that does not contribute to it, you have an efficient, high-value process.
Here's why I believe these three ideas are so important. External regulatory frameworks are not themselves responsible for the existence of competition, but they set the boundaries of the game. In other words, they alter the environment in which naturally occuring economic selection takes place. The beak of the finch has to meet EU standards!

Within each company, economic selection, bounded by regulation, plays out in Conway's silos. Dodd Frank, for instance, determines who gets to remain a financial institution and then each division of the company gets to play its specific role. Ongoing security threats from across the world, such as APT, set the foundation for testing one's fitness.

However, the interplay between economic selection and Conway's Law has fostered a pernicious situation, which is that corporate IT compliance with either internal (security or audit) or external (regulatory, industry) policies is in some way distinct from the process of creating customer value. Call it Arbuckle's Corollary of Conway's Law:… (someone had to name it!):

Externally driven corporate policy tends to produce systems that emphasize functional separations between the setters of policy, those who implement it, and those who use the end product.
Is it ever possible to break down silos that frustrate understanding between security teams and operations teams, regulators and industries, and consumers and developers?

Yes. There is a way out of this bind. Breaking up silos in your corporation, adopting a Lean approach to compliance and embracing velocity in product development will drive better quality products for your customers and your regulators.

In my upcoming webinar, I'll discuss how compliance and innovative product development are not only NOT contradictory but mutually reinforcing. I'll show how and why DevOps enables organizations to be more compliant, more secure and more innovative.

I do hope you can join us.


Shared via my feedly reader

Sent from my iPhone

No comments:

Post a Comment