THE NEW STEADY STATE IS CONSTANT FLUX

A few weeks ago I read Mark Smalley’s‘Kill DevOps’ on the back of a year of increasing interest in Devops, in particularly when compared to the slow-and-steady ITIL.

Mark finished his article with ‘The only desirable steady state is a constantly evolving state of mind.’ And thus rejecting basically any system or methodology, including DevOps which embraces change like no other.

And that got me thinking: do we need stability (for which we often strive)?

Human nature often makes us conservative (maybe along the lines of ‘better the devil you know?’).

A majority of people prefer the status quo, the familiarity of the existing practices, the security of knowing how to do something.

From an organisational point-of-view stability is also preferred. Very few business models welcome surprise and change and are normally based around a status quo (which can be expanded, enhanced or sometimes just maintained).

Even CSI, which is in essence continual change, is based on improving SOMETHING that is more-or-less stable, that can be benchmarked and baselined; and from there to improve efficiency & effectiveness of the status quo.

In fact many of the best practice concepts around Service Operations, are based around BAU (or Business As Usual). By thorough design and testing we avoid any surprises in operations, thus enabling us to deliver a dependable, repeatable (, measurable), guaranteed service … day-in-day out … the same every time.

Based on the renowned Ivor McFarlane I often explain the Operations is supposed to be a boring place to work and that as an Ops Manager, if your staff gets excited … you should get worried!

Or I use a fast food chain as an example of a process based organisation, where everyone (almost regardless of past experience) can create the same quality food (using the term lightly), anywhere on this planet!

But those later ones are certainly not attractive examples of stability: boredom and fast food do not rank particular high on most people’s wishlist.

And thus despite our preferences, we are looking for change, for excitement, for new experiences, new horizons … a bucket list to work through before the eternal stability of death reaches us.

DevOps advocates rapid change and Disruptive Technology hardly preaches a dull and secure application.

So, which one is it: the security of stability or the excitement of change.

As per usual the answer lies in the middle, a bit like bi-modal IT, merging DevOps and ITIL, having your cake and eating too, having the best of both worlds.

I think chaos is change without a solid foundation, thus neither improving nor deteriorating the situation (which BTW makes chaos a constantly changing status quo … ooh, that’s deep).

Stagnation on the other hand is stability for the sake of stability causing dogmatic, micro managed often overly-bureaucratic organisations.

I can accept that change is inevitable and that potentially change is a good thing (as good as a holiday I’m often told!). But not all change and not change for change’s sake.

I see benefit in distinguishing improvement (the same but better) and innovation (different) and both will need a place in a mature Service Management organisation.

It is true that ITIL does not really deal with innovation (a bit in CSI, a bit under ‘new technology’ in Capacity Management), but neither does DevOps (or COBIT or pretty much any best practice that I know of). And where DevOps supposedly signifies the death of ITIL, Mark poses that ultimately DevOps needs to die as well to keep changing/improving/innovating/evolving.

Ultimately everything must or will change, including ITIL and DevOps, but I don’t think we need to actively euthanise either of them (just yet).

Rather (and as always) we need to apply the common sense guidance of either methodology (, framework, or whatever you want to call them) where and how it applies best; and make sure you have the right objective in mind (, business goals, value, again many terms that can be applied here). If there are ‘blindspots’ (like innovation) than make sure you augment your organisation with the necessary structures to fill these in.

For innovation specifically ‘Google time’ comes to mind (20% of time spend on ‘personal’ projects, which got abandoned in 2013), or something I picked up as 7x7x7: 7 ideas are given $7,000 to work on for 7 weeks. This keeps the wildly creative and anarchical innovation within defined time (7 weeks) and budget (7x7=$49,000) constraints and cycles.

So, let’s embrace change but makes sure we have a clear understanding of the direction of this change. After all ‘let’s go left’ only makes sense if you know where you are and where your destination is!

And let’s not blame our ‘system’ or methodology for the lack of innovation but instead make sure innovation is covered within the system (and yes, that includes innovation OF the system).

Onwards and upwards!

(to boldly go …)

the ITIL Zealot

May 2016

ITIL vs Dev-Ops (itSMF debate)

This month I participated in our local itSMF branch seminar. As it was the last quarter of the year, we were already a bit in the Christmas mood and as it is called the silly season we tried to make the content light and entertaining. To this regard there were 4 IGNITE session. This is where each speaker has a limited number of slides (in our case 20), which auto-forward (in our case after 30 seconds) so that the presenter has not control over the presentation behind him/her. And by asking the speaker to present not only in this format, but also in a more polarising way, we kept it quite entertaining.

But in addition we also introduced two DEBATEs. I’ve used this format in my training whereby the candidates are either in favour or against a statement (like ‘outsourcing will make all our problems go away’ or ‘you should always charge for a service’). This makes them think about all the arguments in favour, but also the weak spots of these statement and phrase there position and rebuttal accordingly.

For the itSMF seminar each team (for or against) presented an IGNITE (although the more traditional 15 slides and a 20 second auto-forward), and then a rebuttal. The debate topics were:

•    Chicken or Egg, what comes first: process or tool
•    Traditional Service Management vs. Dev-Ops.

I was on the latter debate, obviously defending traditional service management. My role was to present our case through the IGNITE, and I’ll provide a brief synopsis of that. To this effect I’ve shared my slidedeck HERE.

I first [slide 2] narrowed the debate down to ITIL vs. Agile and decided that a battle of this magnitude could only be properly debated, explained, reflected by using that other epic battle of good vs. evil: Star Wars!

No doubt that ITIL takes the role of the Jedi here [3]. The ancient, ruling order, steeped in mystic, historical processes but in essence a democratic society for the common good.

Agile on the other hand has more similarities with the Sith [4]: powerful, challenging the ruling order, using emotional, rash decisions (over rational, risk averse ones) and attractive to young padawans/developers.

A good example was the Deathstar [5], a somewhat rushed project that contained a fatal flaw, causing it to blow up with considerable damage to the customer (the republic).

So, what did they do: they build another Deathstar, with the same flaw and put it into production before it was even completed. No surprise then, it blew up again, with even more devastating customer impact (victory to the rebellion).

In my opinion, a lot of this has to do with perception [7, yes I skipped 6 which only served to further focus on an apparent lack of planning with Agile]. You see, Dev-Ops or Agile is currently at the height of the Gartner Hype-curve. In the minds of some people it can do no wrong, and should be used for everything and anything.

ITIL on the other hand is done the bottom of the curve, in the ‘through of disillusionment’. Many organisation have tried and perhaps not achieved the results they were hoping for. Now they are throwing out the baby with the bathwater, completely rejecting any of the common sense best practice IT Service Management approach that ITIL describes.

To a large degree I think this is because of the perceived bureaucracy that ITIL introduces [8]: processes, procedures, templates, workflows, … everything needs to be documented, reviewed & approved.

Perhaps so, but ITIL never actually identifies how complex, wordy, lengthy or formal these procedures need to be. Or even whether they should be written down at all.

More important is to understand WHY something needs to be done (rather than how) [9]. PRINCE2 (from the same best practice stable as ITIL) actually identifies tailoring as a must for every methodology and that tailoring is not about whether to use it or not but about how (formal) to use it. This is driven by factors of size, risk & complexity.

Change Management is a prime example [10]. This often becomes a bureaucratic bottleneck, because people focus too much on the formalities, paperwork, CAB meetings etc.

The ITSkeptic told at the Australian itSMF LeadIT conference, how one dev-ops engineer exclaimed that he could but a new version in production, ‘before you could get an Emergency CAB together’. That last statement doesn’t leave me with a lot of confidence, in particular if it was a mission-critical service/application we are talking about here.

Instead we should focus on the real goal of Change Management, which is to minimise impact. ‘Horses-for-courses’: sometimes you can go slow and secure, other times you need to go quick, but you better wear a helmet!

And Change Management accommodate the Dev-Ops concept of ‘failing fast’ [11] through defining different categories of change, each with their own level of documentation, assessment, approval and oversight.

1.    The Emergency (or ‘oh-shit’) Change means we don’t throw caution to the wind, but instead apply a different, faster, less rigorous process (basically we decrease time, but increase risk)
2.    The Standard Change allows a cookie-cutter approach to frequent, repeatable change, which will significantly reduce overheads
3.    And the use of ‘minor’ Change categories will allow a less convoluted path to be followed, whilst still maintain the appropriate governance.

The key here is no to be afraid of failure, but also not to close your eyes to the risk [12]. Mistakes are part of everyday life, and in fact mistakes are essential for growth, improvement and innovation. I call this the concept of making ‘deliberate mistakes’ [13].

So in our battle of Dev-Ops vs. Service Management, we find that ITIL actually incorporates everything that Agile is trying to achieve. But then, it does much more, allowing for both fast and slow changes; and with a lifecycle that includes Strategy & Operations (as well as Design, Transition and Improvement) [14]

Thus there can be only one outcome, and the (ITIL) Jedi must win [15].

But perhaps rather than looking at Star Wars as the fight of Luke against the Empire (and his father) of the first (now the last) three episodes, perhaps we should encompass the whole (6 episode) series as the lifetime of Anakin Skywalker (from good to bad, and back to good): In Anakin we find good and bad, jedi and sith, passion and ration, similar to how Dev-Ops and Service Management attempt to achieve the same goal (-better- value of services) through different approaches [16].

As long as the good side wins in the end!

(May the ITSM force be with you)

the ITIL Zealot

November 2013

What I learned at itSMF-A LEADit

Last week was the annual itSMF-A LEADit conference. Three days of presentations, keynotes, workshops, hot topics and yes, even some fun. But what did I learn in those days?

Firstly that there is nothing new under the sun: ITIL is still ITIL, no new version or revolutionary changes (perhaps AXELOS will provide those in the coming year). No new version of COBIT or any shocking development around any of the other frameworks (AGILE, LEAN, PRINCE2, ..), standards (ISO20000, …) or regulations (governance, outsourcing, …).

The ‘newest’ thing that I personally saw was a presentation on SFIA. Not that that is new, but I hadn't personally been told about a case study of a company actually using it. Great example of mapping less tangible skills (capabilities in ITIL Service Asset terms) onto people and roles, and then managing the gaps.

What was new though, or rather more prevalent than the previous year, was the tendency to do some ‘ITIL-bashing’. In more than one presentation, including a keynote, ITIL was described as old-fashioned, overly rigorous (read bureaucratic) and no longer fit-for-purpose.

Aale Roos in his keynote spoke about ‘unlearning ITIL’ and highlighted several of the idiosyncrasies of ITIL (including the ‘silly’ ITIL v3 Service Strategy publication). He proceeded to explain how the use of the ever-increasing number of processes in ITIL can lead an organisation to be lethargic. He used Nokia as an example and how it failed to quickly respond to the iPhone and smartphone market.

I think Rob England had the right idea by illustrating how ITIL is now at the bottom of the hype-curve (the 'trough of disillusionment'). He lamented that rather than being skeptical of, he found himself in recent times more often defending ITIL.

He continued the picture by showing how dev-ops is currently at the peak of the hype-curve (the 'peak of inflated expectations'). In fact various presentations during the conference highlighted both the need for rapid change, as well as the methodologies that supported this (dev-ops, AGILE .. note NOT ITIL). Case studies for Amazon and Netflix showed their large number of changes and their ability to not only absorb this, but also deal with unfragile systems (not robust, but not fragile either).

This was epitomised by the remark (again from Rob) that it was quicker for dev-ops to put a new version\patch in, than for ITIL to convene an Emergency CAB.

As self-appointed zealot I need to come to the defense of ITIL as in both cases (Aale’s and dev-ops’) it is not so much unlearning or bypassing ITIL, but rather applying it in a practical way. As I have said many times: nowhere in the ITIL publications does it speak about procedure-manuals and how many pages they ought to be. Instead it describes the activities to be undertaken and suggests some rigor to make sure these activities are performed repeatable (for the best outcome).

And the fact that ITIL has more processes now than ever before, doesn't mean there are more activities required (or people, or tools), but it allows each process to be managed separately (from an accountability and reporting point-of-view). If not required, these processes can be easily ‘collapsed’ into a single process(-manual).

It is all about how much rigor  documentation is required, which is dependent for each organisation or even each service. Personally I refer to PRINCE2’s definition of tailoring, which is not about deciding on WHETHER to use any of the theory but on HOW to use it. The level of documentation is then dependent on the size, risk and complexity of the project\organisation\service.

Little side-note: I thought it was comical to, in one of the sessions, see Rob England try to avoid ‘dead cats’ by having an Operations function getting involved in design & test; (i.e. more rigor  and then straight after, on the big stage in a keynote, he is searching for KAMU: a middle-ground between ITIL stability and dev-ops responsiveness (i.e. less rigor).

This is not immediately contradictory  but also not congruent. However I kind of see the point of and agree with both: using Ops-involvement (and sign-off) is great for medium/major changes (on critical services), whilst some of the dev-ops & AGILE principles are more aligned with how Change Management deals with minor or standard changes (with devolved authority and less formality).

So, Aale, we don’t have to unlearn ITIL. And dev-ops and AGILE are just utilising fast-tracked ITIL processes. The basics (of ITIL, of the service lifecycle, and the process-activities) are always applicable, whether you call it ITIL or not (that’s the definition of Best Practice: Common Sense, written down).

ITIL may be at the bottom of the hype-curve, but this is perhaps the time to push it back up to a ‘normalised’ level (the ‘plateau of productivity’), where we can see it for what it is: guidance on how to structure and organise IT activities, in order to deliver value through services to the business. Not a silver bullet but certainly also not old-fashioned.

And here lies the task for AXELOS (and the wider ITSM community) to work towards an ITIL that is more readily applicable. Because I do agree with Aale that some of the sections in the book are ‘silly’, inconsistent and perhaps too open to interpretation. ITIL is never going to be prescriptive, but it would be nice if the next version (4?) was a bit more practical, perhaps with more templates (RACIs etc.) and quick-starts.

And maybe next year there will be more to learn at the conference!

the ITIL Zealot
August 2013