Boards are increasingly concerned about code. This is primarily because code plays an ever more important role in company performance. Great code enables companies to better engage customers, make smarter decisions, and disrupt markets—or at least keep pace with disruptive competitors—while avoiding security and compliance risks. So boards have to worry about it.
Code is also a growing boardroom concern because of changing board demographics. Once upon a time, board members were vertical market veterans whose eyes glazed over when C-level executives came into the room talking technology. Nowadays, companies are recruiting tech-savvy board members who can provide strong strategic guidance for the digital marketplace.
This board-level engagement in all things DevOps poses a significant problem to senior IT executives. Historically, after all, IT leaders mostly had to just worry about explaining to the board what IT did. Today’s board members already know what IT does. They want to know how IT is doing it. And why. And whether IT is doing it as well as other companies.
Plus, because board members have been around the block a few times, they want to know how IT can really be sure it’s doing things the way it claims to be doing them.
That last question can only be answered with DevOps automation.
A mature process is a known process
Many people think about automation exclusively in terms of speed and efficiency. But automation also regularizes process.
This regularization is critical for quality, security and compliance. Organizations that depend excessively on the discretion of individuals to conform to a process can’t claim to actually have a reliable process in place. They may hope that security best practices are being consistently employed. They may be able to tell regulators what they instructed their staff to do in a training session six months ago.
But, without automation, these organizations ultimately only have hopes and excuses. They do not have reliable processes.
DevOps process automation doesn’t rob individuals of the power to make decisions. On the contrary, a properly automated process empowers individuals to decide how to optimally apply the process, how to deal with exceptions to the process, and even to suggest improvements to the process.
What automation doesn’t do is allow people to simply ignore or sidestep processes, because that’s bad. It’s bad for quality, security, and compliance. And it’s bad to boards that demand accountability.
Automation and risk
Today’s boards understand how important it is to develop and deliver code more quickly. And they know how important it is to remove DevOps inefficiencies that limit the ability of a company to achieve business advantages through code.
But they are also keenly aware of how the push for DevOps speed and efficiency can exacerbate code-related risks to the business and the brand. That’s why they are deeply concerned about process.
IT leaders must be able to respond to these boardroom code concerns with confidence. That’s why they should strongly consider a more rigorous and pervasive embrace of DevOps automation.