Traditionally in the IT world, we break things into three distinct buckets, creation, management and security. Where creation is the process whereby our company or our agency delivers the essential components of what it needs to deliver. Management represents the two sides people and technology operations and management and finally, security which is well, security.
As we move away from the traditional positions of enterprise architecture and the broad EA frameworks towards the world of DevOps, the reality of GovOps becomes more and more prevalent. Organizations that successfully transition are those that have a clear path. The reality of clear paths is that you have to start from a known location, (the point of known return) and you have to be able to adapt to the environment as you progress towards a goal. You may, in fact not achieve your original destination. The adaptation of targets is critical in the successful transition. That makes the legal (governance) and management (operations) aspects of both your organization and your journey dangerous.
Enter the concept of GovOps and the enterprise capabilities detailed in the development of a GovOps Tree. The better the roots of your tree, the better you can withstand a wind storm. The better your leaf canopy, the more sunshine you can harvest. I think back to the concept of Shel Silverstein’s book “The Giving Tree,” where the tree gives up everything to help the boy. It is critical that as organizations progress into this brave new cloud world, they don’t give up their “point of known return.”
The shortest distance between any two distinct points is a straight line. Effectively making it nearly impossible for anyone or any organization to reach their goal in the least possible time, why? There are no straight lines in reality. A straight line would be a huge miss. You would end up taking your organization to a place that wasn’t what you thought it was before you got there.
The operations phrases of today, Continuous monitoring, evergreen infrastructure and always-up-to-date patching are codified for many organizations. Some adhere to the standards published by NIST, others by the European Union’s requirements and others by the US Federal FedRAMP program. All of these are standards for the information and IT services provided to users.
How to achieve those goals is both the application of governance and the reality of operations. Or, as I have been calling it the reality of GovOps! I learned many years ago it is not how far you fall, but how high you bounce.