Date post: | 04-Jul-2015 |
Category: |
Technology |
Upload: | jason-bloomberg |
View: | 265 times |
Download: | 2 times |
Copyright © 2014, Intellyx, LLC
1
Cross-Process Governance
How to Balance Agility & Compliance
Jason Bloomberg
President
@theebizwizard
About Jason Bloomberg
• President of Intellyx
• Advise companies on their digital transformation initiatives & help vendors communicate their agility stories
• Write for Forbes, Wired, & DevX on Digital Transformation
• Buy my latest book, The Agile Architecture Revolution
Copyright © 2014, Intellyx, LLC2
How do You Manage?
• Each Line of Business/Division has its own goals & business outcomes
• LoB Management drives toward optimizing those outcomes
• Maximize shareholder value/profit/revenue
• Better-Faster-Cheaper, then repeat
Copyright © 2014, Intellyx, LLC3
Photo
Cre
dit:
Kenny L
oule
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/k
wl/
The Problem with Better-Faster-Cheaper
• BFC pushes technology and the organization to its breaking point
• Less able to deal with disruption, leading to failure when the unexpected happens
• Failure can occur anywhere
• Resilience eventually becomes top priority
Copyright © 2014, Intellyx, LLC4
Photo
Cre
dit:
Frits
Ahle
feld
t-Laurv
ightt
ps:/
/ww
w.f
lickr.
com
/photo
s/h
ikin
gart
ist/
Optimization vs. Innovation
Copyright © 2014, Intellyx, LLC5
InnovationDisrupt status quo
to allow human creativity to
flourish
OptimizationEstablish
feedback loops that maximize
business outcome
Innovativeness
• The ability to introduce change into the business environment in order to achieve a strategicadvantage
– New products or services
– Expand market share
– Enter new markets
Copyright © 2014, Intellyx, LLC6
Photo
Cre
dit:
Kay K
im h
ttps:/
/ww
w.f
lickr.
com
/photo
s/k
aykim
/3883340152/s
izes/o
/
Business Agility
• Responsiveness
– Tactical value
• Resilience
– Risk mitigation
• Innovativeness
– Strategic value
Copyright © 2014, Intellyx, LLC7 Photo
Cre
dit:
Masonite B
urn
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/m
asonite-b
urn
/6273626739/s
izes/l
Ability to respond to change in the business environment and leverage change for competitive advantage
Innovation Requires Disruption
• External Disruption
– Competitive pressures/new entrants
– Globalization
– Regulation
• Internal Disruption
– Digital Transformation efforts
– Innovation initiatives
Copyright © 2014, Intellyx, LLC8
Photo
Cre
dit:
Charl
es W
agner
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/c
hazw
ags/
Disruption Introduces Risk
• Optimization without disruption stifles innovation
• Disruption without optimization is an innovation crap shoot
• Optimize what you can & disrupt what you must
Copyright © 2014, Intellyx, LLC9
Photo
Cre
dit:
epSos
.de h
ttps:/
/ww
w.f
lickr.
com
/photo
s/e
psos/
Mitigate risk with resilience
Resilience
• The ability to respond quickly and efficiently to negative change in the business environment
– Managing risk
– Bouncing back from adverse events
– Disaster recovery
• Tactical business driver
Copyright © 2014, Intellyx, LLC10
Photo
Cre
dit:
Joe h
ttps:/
/ww
w.f
lickr.
com
/photo
s/b
itshaker/
167480266/s
izes/o
/
The opposite of brittleness
Process for Innovation?
Copyright © 2014, Intellyx, LLC11
Disrupt Innovate
Innovation is not a typical business process!
Recipe for Agility
Copyright © 2014, Intellyx, LLC12
Better Way to Manage
• Build cross-organizational teams
• Understand when to optimize and when to innovate
• Embrace disruption
• Encourage resilience
• Give people the tools they need and get out of their way
Copyright © 2014, Intellyx, LLC13
Photo
Cre
dit:
Philip
Leara
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/p
hille
ara
/
Bimodal IT: The Wrong Way
• Digital Team
– Self-organizing
– Fast-moving
– May follow Agile at least in spirit
– Little governance
• Traditional IT
– Hierarchical
– Slow-moving
– Waterfall-centric
– Formal, bureaucratic governance
Copyright © 2014, Intellyx, LLC14
Photo
Cre
dit:
Keith W
illiam
son h
ttps:/
/ww
w.f
lickr.
com
/photo
s/e
lwillo
/
Ungoverned Shadow IT is Result
Rethinking Bimodal IT
• Business-driven transformation of traditional IT
– Iterative
– Opportunistic legacy modernization
– Cross-cutting reorganization to DevOps culture
– Increased collaboration with digital teams
– Move toward continuous development & integration
Copyright © 2014, Intellyx, LLC15
Photo
Cre
dit:
Andre
w M
agill htt
ps:/
/ww
w.f
lickr.
com
/photo
s/a
magill/
Increased automation of governance
Connecting IT Governance to GRC
• Governance, Risk Management, & Compliance
– Broad-based business context
– Traditional GRC tools “hard-wired” to applications
– Inflexible
– Separate architectural context from IT governance
• Business agility requires automation of GRC
Copyright © 2014, Intellyx, LLC16
Photo
Cre
dit:
Mic
hael Coghla
nhtt
ps:/
/ww
w.f
lickr.
com
/photo
s/m
ikecogh/
Governance as Agility Enabler
• Simple rules & policies lead to complex emergent behavior
– Which ones lead to agility?
• Levels of governance
– Low-level rules & policies
– Departmental
– Organizational
• Governance has negative connotation
– Reputation for limiting productivity
– Governance, Risk, & Compliance tools integrated in traditional manner
Copyright © 2014, Intellyx, LLC17
Photo
Cre
dit:
Mik
e L
ew
inski htt
ps:/
/ww
w.f
lickr.
com
/photo
s/i
kew
inski/
9430887561/s
izes/l
Separating Software Behavior into Policy Layer
• “Policy” defined as rule or set of rules
• “Aspects” in aspect-oriented programming
• Generally, “constraints” on behavior of system
• Can apply narrowly or broadly
• Technical context, business context, or both
Copyright © 2014, Intellyx, LLC18
Photo
Cre
dit:
Gle
n S
carb
oro
ugh h
ttps:/
/ww
w.f
lickr.
com
/photo
s/p
hoto
gra
pherg
len/
Layers of Abstraction
Copyright © 2014, Intellyx, LLC19
META Dealing with Change (metaprocesses, metapolicies, etc. )
DYNAMIC Abstract Models (dynamic schemas, dynamic APIs, etc.)
ABSTRACTED (LOGICAL)
Abstracted Technology (schemas, software interfaces, etc.)
PHYSICAL Technology (software, middleware, databases, etc.)
Supporting Policy Change
• Create dynamic policy models
• Represent policies as metadata
• Establish metapolicies for policy change
• Implement technology that supports policy creation, mediation, and enforcement
Copyright © 2014, Intellyx, LLC20
Photo
Cre
dit:
jason
Rogers
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/r
estlessglo
betr
ott
er/
Metapolicies & Governance
• Meta
– How variable must policies be?
– What are your policies for doing governance?
• Dynamic
– How to represent policies abstractly?
– Realize dynamic policy representations by governance infrastructure
• Abstract
– Metadata representations of individual policies
Copyright © 2014, Intellyx, LLC21
Photo
Cre
dit:M
ike
Mozart
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/j
eepers
media
/
Automating Compliance
• Policies that apply to human behavior
– Provide tools that make it easy to comply
• Policies that apply to technology behavior
– Fully automated compliance
• Shift human behavior to automated behavior when appropriate
– Especially when compliance is improved
Copyright © 2014, Intellyx, LLC22
Photo
Cre
dit:
Robin
Zebro
wskihtt
ps:/
/ww
w.f
lickr.
com
/photo
s/f
irepile/
Shifting Role of Governance
• Old Way
– Paperwork-heavy
– Morale-killing policies & procedures
– Bureaucratic & slow
– “Scar tissue” that impedes innovation
• New Way
– Highly automated
– Focus on “edge cases” where governance is essential
– Depends on dynamic constraint satisfaction
Copyright © 2014, Intellyx, LLC23
Photo
Cre
dit:
Pascal htt
ps:/
/ww
w.f
lickr.
com
/photo
s/p
asukaru
76/
Introducing Dynamic Constraint Satisfaction
• Constraint satisfaction
– Process of finding a solution to a set of constraints that impose conditions that variables must satisfy
• Dynamic constraint satisfaction
– Set of constraints evolves
• Conditions are policies & rules
• Every person & system within an organization is expected to comply with multiple layers of policies and rules
• Policies and rules are always subject to change
Copyright © 2014, Intellyx, LLC24
Photo
Cre
dit:
Pin
k S
herb
et
Photo
gra
phy h
ttps:/
/ww
w.f
lickr.
com
/photo
s/p
inksherb
et/
Dynamic Constraint and Emergence
• Dynamic constraint satisfaction ensures all rules comply with
– Applicable regulations
– Policies
– Other rules across the entire organization
• Automating the solution of such problems in real time leads to emergent behaviors
– Unpredictable behaviors taken together lead to higher order of behavior of organization as a whole
Copyright © 2014, Intellyx, LLC25
Photo
Cre
dit:
Sid
Mosdell
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/s
idm
/
Dynamic Constraint Satisfaction
• Enforce the full breadth of business & technical policies
• Run time environment must solve for the combination of all applicable policies
– Dynamically at run time
– Across the entire application environment
Copyright © 2014, Intellyx, LLC26
Photo
Cre
dit:
Robson#
htt
ps:/
/ww
w.f
lickr.
com
/photo
s/_
robson_/
Governance & Agility?
• Do we get business agility?
• Agility doesn’t mean chaos
– If everybody in an organization did whatever they wanted to without any rules or policies
– Rules & policies inconsistently communicated or applied
• Secret to business agility is to empower people to innovate within constraints of organizational policy
Copyright © 2014, Intellyx, LLC27
Photo
Cre
dit:
Pascal htt
ps:/
/ww
w.f
lickr.
com
/photo
s/p
asukaru
76/
Closing the Loop on Governance
• Rules & policies may lead to undesirable behavior
• Measure effects in context of operating business
– Customer behavior, financial metrics, etc.
• Big Data analysis of policy efficacy
– Feedback for continual improvement
• Avoid confirmation bias
– Favoring evidence that supports hypotheses
Copyright © 2014, Intellyx, LLC28
Photo
Cre
dit:
Dave G
ough h
ttps:/
/ww
w.f
lickr.
com
/photo
s/s
paceple
b/
Cross-Process Governance
• Governance as layers of policies & rules
• Need to calculate effective policy
• Cross-process, cross-organization, in & out of Cloud
• In real time
Copyright © 2014, Intellyx, LLC29
Process “A” Team “C”Division “B”
Cross-ProcessGovernance
Jason Bloomberg
President, Intellyx
@theebizwizard
Send email NOW to [email protected] to download this presentation
Thank You!