The following is a guest blog post written by Themba Hinke, DevSecOps lead contributor at Fierce Software
At the small program level, digital transformation and modern software delivery is a known quantity. If the team wants it, the path is well worn. As digital transformation scales up to larger organizations, specifically government program offices and large government integration contracts, digital transformation faces a daunting set of institutional and human challenges. It requires new models of acquisition management, new models of organizational communication and new methods of using technology to manage people.
The forces that dominate a team dynamic become almost insignificant at scale. One person who knows DevSecOps cannot carry an organization the way that person can carry a two-pizza-sized team. Getting 1,000 or more developers in a room every quarter just isn’t practical.
A typical government approach is to use written policy as the lever to control teams of teams and to lay out the standards and expectations. But written policies become subjective when looked at through the lens of acquisition management, especially given the spectrum of contracting approaches available.
Digital transformation at organization scale requires a bigger vision and a conviction of purpose at the onset. Just like pyramid testing, organizations need to start with the end in mind and work forward with DevOps practices, setting and measuring the definition of success at each level, while accounting for the natural human variation that comes with a large organization. It has to be a whole of organizations decision. For government this means the stakeholders of requirements, enterprise testing, acquisition and security.
On the surface, this may look like a tall order... because it is. The key is to focus on a few small things. In order for transformation to get out into the organization, enterprise stakeholder, managers, teams and individuals equally need an anchor to rally around, something tangible. The best anchors are ones that make the transformation more transparent and measurable. Increased visibility sharply reduces institutional resistance because the elements of the organization can see the impact and share in the success. This creates a virtuous cycle of reinforcement for continued participation.
Transparency in the outcome allows an organization to focus on areas that need attention. In government, these areas most likely exist on different contracts. The government acquisition process makes it easy to fragment requirements but extremely difficult to put back together a cohesive digital experience. Contractual performance metrics end where the team’s responsibility ends. This makes holding individual teams accountable subjective and unenforceable.
Higher level metrics around digital outcomes can orient disparate teams around a common goal. Defining and measuring success should be at both the organization level and the team level. This should go beyond a single pane of glass for IT metrics to actual analysis of consumer impact. For government systems, this means outcomes for missions, citizens and taxpayers. This is just basic value stream mapping with an eye to the larger, organization level, performance measures.
When measuring, look at both application performance and human performance. Showing that the outcomes of transformation and the inputs of transformation are improving can make the case for bringing along the human elements that are slower to adopt. This is the difference between one team making a transformation and an entire organization making a transformation. Everyone can’t be an A+ developer.
To get from top to bottom, access to governance intent must be scalable and accessible. Unlike written policy, it must be technically enforceable at scale, taking the guesswork out of compliance. As noted above, written policy, while well intentioned, is not a great way to ensure technical outcomes. To see this in action, just look at security compliance policy in government. Policy must be digitally enforceable. It must have measurable standards and a framework for compliance that can be technically measured and, most importantly, contracted for objectively.
As we consider the challenge of digital transformation at scale in government, we have a few basic requirements for the commercial products that make up our stack. They should be aware of one another. They should have strategic overlap. They should complement one another. They should feed the larger picture. They should simplify things equally for executive management and individual developers.
The upcoming Fierce Software workshops begin a series of content with the theme of helping public sector organizations and technologists create an executable vision for success at scale. We will start with three technologies that tackle some of the most difficult issues in government IT: platform management, the continuous delivery part of CI/CD and measuring success. These tools must be a means to an end, not an end unto themselves. Successful outcomes for missions and citizens must always be the end goal.