Competing With Small Organisations (Using DevOps & Agile Thinking)

The advent of public cloud services has enabled smaller companies to compete more effectively against larger enterprises. This article discusses this phenomenon and using DevOps and agile thinking to help large companies compete with small organizations.

The Agile Advantage

Smaller organizations tend to be more agile than their larger counterparts. When running a range of public and private cloud services many companies tend to separate businesses in terms of technical function or capabilities in order to achieve scalability. Networking, capacity, operations, application services, are often managed by separate teams.

For large scale capabilities to work effectively it is important to have properly defined business interfaces that are measured. We need KPIs that are specific to our process and the KPIs working together show a picture of your organization rather than only a picture of how you implement standard frameworks.

An automatic advantage that small companies have is that they are often working end to end, covering everything they need to provide a service. Its easier to do when you do not have several teams involved to provide a single service. Often each team in a large organization is having their own business interests. If an organization measures each business unit only by business growth or financial metrics it can be challenging to get people to work together. The KPI’s need to help, to be agreed at a business level between teams

In a larger organization you need to still be able to see things end to end. Someone needs to be held responsible for the synchronization of all of the working parts that are needed to provide a service (This could be an Enterprise Architect). Whoever is tasked to achieve that needs to have visibility into the components that make up the full service. This could well be the job of an enterprise architect.

Photo by on


People often lose sight of how to use KPI’s, and the meaning of DevOps. DevOps as a practice is capable of producing some crazy efficiency benefits – take a look at the Puppet DevOps Report and you will see clear examples.

DevOps is not only about application development – it can be applied to infrastructure services too. Since the advent of virtualization and the mechanisms that can be used for things such as infrastructure as code – the differences between working with software and hardware are less pronounced. In both cases we need proper change and release management.

Some important things to note that all large companies should consider are shown below.

Have Properly Defined KPI’s

Not just things such as KPIs around ITIL and incidents. If you read my article on Risk Analyzing BPMN you will realize that processes have a lot of potential risks. The way you mitigate some of those operational risks is to put KPIs in place to monitor potential hot spots. The KPIs that are recommended with specific frameworks such as ITIL will only get you so far because they are generic.

For example – If a process step is to deliver server hardware to a data centre, and the next step is to set it up, potentially there is a risk around hardware delivery – either it not happening or not happening on time. It would make a lot of sense to measure & monitor delivery time. This should be a KPI

Automating KPI’s

If we are measuring time to deliver hardware, we should have the KPI existing as part of a dashboard. It is essential to automate KPIs as far as is possible – with some kind of systems integration. In our example, If you have to manually track every delivery its time consuming and there’s a risk around human error. In a modern world there’s not much excuse for not automating – tools exist to make it very easy. There may be some manual tasks that need to be performed by a person, but when that happens we can make it easy for them to receive the task and mark the task complete as part of an automated system rather than relying on one person to talk to another. Doing business in an email box is an old fashioned outdated practice, and doesn’t scale well.

Automating Services

When we are designing services we should be thinking hard about how to automate them. For a services company such as Tieto, I think its important to have a balance here – because although we need to be able to scale and automate infrastructure in much the same way as companies such as Microsoft and Google do, we also need to maintain a customer connection. In designing systems we need an automation strategy and to ask ourselves some questions:

  • What do we automate? Deciding the tasks and the services we need to automate is important to ensure our customers still have a personal touch, whilst at the same time deciding ensuring that the right tasks which need no interaction can be handled quickly. For example password change is a no brainer for automation – as might be server creation – but what about a platform migration? Its complex, and a customer needs human interaction to help them feel more comfortable with the process.
  • What is our automation policy? Some things are too costly to automate. If for example we have a password change that is simple repetitive work with a minimum of interaction which provides great benefit with automation usually. A more complex system that is used less frequently may not even cover the costs of automating it. Deciding clearly where automation is a good idea saves time.
  • How do approach the automation of legacy infrastructure? This is part of automation policy but is worth a special mention.

Enabling Play

As a simple example of automation, you can use Microsoft flow to manage approvals. You can tie this into a SharePoint list and then to use Power BI to consume information and create nice dashboards. This opens up a number of other opportunities for you around analytics.

Smaller companies tend to leverage such advances in technology a lot easier than larger companies do. When I worked in a smaller company – playing was easy. In a larger company it takes time to get anything done, especially as internal work tends to get de-prioritized. Not all goals in a large company should be customer related.

Security has a part to play here too. Smaller companies trust their team. Whilst more people means more risk, as I have said before in my Information & Security Thinking blog, being too restrictive leads people to think of alternative solutions for things.

It also demotivates passionate people when they have to jump through many hoops to do simple things. It puts the business at a disadvantage. If an organization disables the use of Microsoft Flow because of its potential of abuse, they are also disabling a possibility to innovate and grow and create some fantastic things.

Security needs to be more about enabling people and making them aware than restricting.

Zero Click Deployment

To truly achieve scalability you should be asking the question “how do we achieve zero click deployment?”. By this I mean operations has to do nothing because everything is automated. Whilst its true that in some cases this is not possible because of a need for manual steps, the closer you get to this goal, the more efficient and scalable your systems become.

I have seen many people thinking that single click deployment on the side of the service provider is enough. It is very different to zero click. I have seen teams script deployments of services very well – coming to the point where they need to create an xml config file, and just run that. Its very good to be able to get to that level – but it still requires a person to sit down and manually do work. Even if it takes 15 minutes only to do that – this will accumulate over time.

If we have a system like service now in the background that customers interact with directly we should look at creating mechanisms that can get rid of the manual configuration. Because in doing that we are also getting rid of an unnecessary communication overhead; an unnecessary point where things can be miscommunication, and where resources are needed.

But what about the people?

The world changes, and roles need to change with it. If we took away the need for that 1 click, we are freeing up a resource to focus on things that provide more value to our customers. It doesnt necessarily mean we need to reduce resources, we are enabling our existing guys to focus on value. In implementing devops we are abstracting away from technical minutiae and looking more at the things that really matter. Of course automated environments can also go wrong. Roles transform over time.

Where does Enterprise Architecture Fit Into This?

Silos need to be broken down – this means more than just telling one team they need to talk to another – it means aligning goals, objectives and working practices.

We need to define proper interfaces between business units and we need to make this all traceable & measurable. We have to enable innovation. Our key systems should have standard interfaces that we can consume information from.

If a finance system uses a 30 year old interface as the only mechanism for getting information out – we should use some imagination – maybe we can do something with Robotics Process Automation (RPA).

All of this needs to be part of thought out strategy. We need to balance the advantages carefully with the risks.

Summing it up

I do not advocate a totally open approach where we allow everyone to do everything – for larger companies, because risk does of course need to be considered becuase as our headcount goes up, so does the risk of mistakes. I ask that security teams think carefully about the implications of denying things. A company needs a level of trust in its employees.

DevOps and agility in business are essential. This only happens if there is a level of transparency and if by implementing automation we enable our employees to bringing business value to an enterprise rather than being caught up in an a mundane security restricted environment..

Agile or die…

When I posted my previous blog on Aligning ArchiMate to BPMN one of the comments I received read “Agile or die, this is the only fact of today business environment” – and this got me to thinking about Agility in EA.

To be honest, lets start by saying I agree with the comment – and that he gave me no reason to believe the person who posted the comment was misunderstanding anything I said.

But there are those who do…. There’s a stigma sometimes attached to Enterprise Architecture, and architecture as a whole. It’s sometimes seen as slow, synonymous to waterfall, unable to change, and an overhead in general. I will talk about the value of architecture in a separate blog, but suffice to say, architecture doesn’t have to be that way.

Agility in TOGAF

Its fair to say that TOGAF appears to be, or can be fairly document heavy depending on the choices you make in implementing it. A first point to make about TOGAF would be it is a framework that is intended to be tailored to specific needs, and does fit in well with a waterfall development technique; That said it can also provide a good backbone for something more agile.

Everything TOGAF asks for in terms of deliverables within the framework has its purpose. If you take any of those things away you leave a gap or a risk. It’s a comprehensive framework built by many smart people. As a framework it addresses many concerns from different stakeholders.

To be practical you need to think about how to adjust TOGAF. I have sat in a few meetings where we have discussed those different architecture deliverable’s and how we could adapt a Scaled Agile Framework (SAFe) model to work along side TOGAF, giving the strength of TOGAF and the agility of SAFe. It is possible to do so but it requires careful planning & implementation of processes. Processes that are well defined, with good key performance indicators can be very agile.

Architecture Discipline

I firmly believe that good architecture is a key to success in agile ways of working. Agile doesn’t mean we do not do architecture, but it may mean that we do it differently.

If you look at my blog Planning Work With ArchiMate you will see that its possible to use the ArchiMate language to define small building blocks, and then fit them together – each block expressing its own value and interfaces to the world. Although when we use methodologies like SAFe we need to consider the value of each individual work package, we also need to take a longer term strategic perspective. The approach I took in that blog facilitates agile projects as well as waterfall ones.

Change is a constant and enterprise architecture needs to facilitate it; which is another reason why languages such as ArchiMate and BPMN working together in an architecture repository support this.

I will speak at some point about ISO 42010 (I have a video blog planned), the standard for architecture design; how it fits in nicely with ArchiMate as a standard, and how it enables us to design architecture that supports our goals in a focused fashion. Such standards are essential if you are practicing architecture on a large scale. Each piece on a chess board has its purpose, and rules it must follow – each move must be part of a strategy.

It’s a matter of balance. We only want to do enough architecture to provide value; ISO 42010 provides the groundwork for this – when it describes views and view points – and the ArchiMate Language implements those concepts nicely. It takes skilled leadership with skilled architects in order to get this balance right in practice.

It’s essential we have an architecture strategy, and a good set of architecture practices to facilitate an agile way of working. You can’t be agile unless everyone knows what they are doing, how they are doing it and when they are doing it. Knowing why they are doing it can also be helpful. If you don’t have an architecture discipline then in fact architecture can become significantly less agile. To be agile we need competency and discipline; and we need to have an architecture practice, practice practice…. This doesn’t mean the solution is to do more architecture – more it means that we need to do the right architecture.

Summing it up…

Implementing without architecture design exposes all kinds of risks; it may seem that you implement projects faster, but then what you save in project development time, hits you when you get to an operational phase.

If architecture is not facilitating an agile way of working, then that architecture practice probably has a need to change, not to be abandoned. It’s important to have talented architects to lead us and define process that adapts to change. We need to consider process development and architecture with an agile mindset and should be considering how we can deliver continuous value over time as well as how we can do that efficiently. We need to build a layer of motivation architecture that hooks into our Implementation architecture.

To the guy that said “Agile or die, this is the only fact of today business environment”… I couldn’t agree with you more; but I would like to add trying to adapt to change without clear architecture, leaves you at the mercy of the skills and communication of the individuals, and the bigger an organisation you are, the more risky that becomes. So think of it this way:

Agile Architecture or die.