IT Governance Mechanisms for DevOps Teams - How Incumbent Companies Achieve Competitive Advantages

More and more organizations are deciding to move from traditional, plan-driven software development to agile approaches in order to stay competitive. Therefore, the IT functions have been deciding to implement cross-functional DevOps teams. To enable collaboration within DevOps teams, incumbent companies have to implement mechanisms to govern dynamic and agile environments. The present research investigates which IT governance mechanisms are helpful for the implementation of DevOps teams. For this purpose, we conducted a qualitative research study and interviewed team members in six companies that have already implemented DevOps-oriented teams. We describe which IT governance mechanisms-”in the form of structure, processes, and relational mechanisms-”are important for DevOps teams to achieve competitive advantages. Our findings show that agile roles and responsibilities, hybrid or decentralized organizational structures, as well as communications and knowledge-sharing models are conducive to the government of a DevOps team

Critical success factors for integrating security into a DevOps environment

Integrating security into a DevOps environment, also known as DevSecOps, can allow organisations to deliver more secure applications and services faster to market. While many publications address the theoretical benefits and challenges of security integration, there is a lack of practical insight to guide organisations towards a successful integration. As a result, many organisations fail to achieve DevSecOps due to the historical differences that hinder collaboration between teams. This study investigates the critical success factors for DevSecOps integration using a case study approach. Semi-structured interviews were held with eight senior staff members directly involved in establishing DevSecOps integration within a large organisation. Thematic analysis of data across three categories (people, processes, and technology) identified eight major themes: executive support, security champions, security training, way-of-working, governance framework, secure pipeline, automation, and technology. Based on these findings a framework is proposed to inform and guide organisations on DevSecOps integration

Critical success factors for integrating security into a DevOps environment

Integrating security into a DevOps environment, also known as DevSecOps, can allow organisations to deliver more secure applications and services faster to market. While many publications address the theoretical benefits and challenges of security integration, there is a lack of practical insight to guide organisations towards a successful integration. As a result, many organisations fail to achieve DevSecOps due to the historical differences that hinder collaboration between teams. This study investigates the critical success factors for DevSecOps integration using a case study approach. Semi-structured interviews were held with eight senior staff members directly involved in establishing DevSecOps integration within a large organisation. Thematic analysis of data across three categories (people, processes, and technology) identified eight major themes: executive support, security champions, security training, way-of-working, governance framework, secure pipeline, automation, and technology. Based on these findings a framework is proposed to inform and guide organisations on DevSecOps integration

IT Governance and Its Agile Dimensions

Information technology (IT) plays an essential role in organizational innovation adoption. As such, IT governance (ITG) is paramount in accompanying IT to allow innovation. However, the traditional concept of ITG to control the formulation and implementation of IT strategy is not fully equipped to deal with the current changes occurring in the digital age. Today’s ITG needs an agile approach that can respond to changing dynamics. Consequently, companies are relying heavily on agile strategies to secure better company performance. This paper aims to clarify how organizations can implement agile ITG. To do so, this study conducted 56 qualitative interviews with professionals from the banking industry to identify agile dimensions within the governance construct. The qualitative evaluation uncovered 46 agile governance dimensions. Moreover, these dimensions were rated by 29 experts to identify the most effective ones. This led to the identification of six structure elements, eight processes, and eight relational mechanisms

Factors that Contribute to the Success of a Software Organisation's DevOps Environment: A Systematic Review

This research assesses the aspects of software organizations' DevOps environments and identifies the factors contributing to these environments' success. DevOps is a recent concept, and many organizations are moving from old-style software development methods to agile approaches such as DevOps. However, there is no comprehensive information on what factors impact the success of the DevOps environment once organizations adopt it. This research focused on addressing this gap through a systematic literature review. The systematic review consisted of 33 articles from five selected search systems and databases from 2015 to 2021. Based on the included articles, 15 factors were identified and grouped into four categories: Collaborative Culture, Organizational Aspects, Tooling and Technology, and Continuous Practices. In addition, this research proposes a DevOps environment success factors model to potentially contribute to DevOps research and practice. Recommendations are made for additional research on the effectiveness of the proposed model and its success factors.Comment: 15 pages, 3 figures, 1 tabl

The Concept of Agility in IT Governance and its Impact on Firm Performance

With significant advancements in digital technologies, firms find themselves competing in an increasingly dynamic business environment. Therefore, the logic of business decisions is based on the agility to respond to emerging trends in a proactive way. By contrast, traditional IT governance (ITG) frameworks rely on hierarchy and standardized mechanisms to ensure better business/IT alignment. This conflict leads to a call for an ambidextrous governance, in which firms alternate between stability and agility in their ITG mechanisms. Accordingly, this research aims to explore how agility might be integrated in ITG. A quantitative research strategy is implemented to explore the impact of agility on the causal relationship among ITG, business/IT alignment, and firm performance. The results show that the integration of agile ITG mechanisms contributes significantly to the explanation of business/IT alignment. As such, firms need to develop a dual governance model powered by traditional and agile ITG mechanisms

Why and How do Large-scale Organizations Operationalize DevOps

An essential part of organizational efforts is to provide products to customers. To sustain competitive positions on existing markets, and to expand into new markets, firms utilize and continuously optimize approaches to efficiently provide effective products. Meanwhile, applying agile practices is a commoditized way for organizations to better adapt to changes during the development of their products. For bringing products to customers, more than their development is required. Typically, multiple organizational functions, all with individual goals and practices, are included in the development and delivery of products. This is often associated with friction points between those functions, and hinders the optimization of effectiveness and efficiency in providing products to customers. In retrospective, not all firms were able to recalibrate themselves and find back to former success after they had once missed to (again) innovate by timely addressing changes on their existing markets, discovering unmet or changed customer needs, and providing new products that bring together emerging technology with evolving customer demands. This potential threat now appears to be omnipresent with the ongoing proliferation of digitalization through the practical world of all of us. The emerging phenomenon of DevOps, a portmanteau word of “development” and “operations”, describes approaches to streamline development and delivery of products across organizational functions, to efficiently provide effective products, and to enable organizational digitalization efforts. This dissertation sheds light on reasoning, configurational factors, and dynamics behind DevOps implementations in large-scale. The composition of four independent yet interrelated scientific papers, the cornerstones of this dissertation, answers why and how large-scale organizations operationalize DevOps. In sum, this dissertation adds systematic and foundational knowledge, presents new applications and nuanced concretizations of scientific empiric approaches, connects allied but distinct research communities, and provides guidance for practitioners acting in this timely, relevant and interesting domain

SKI: A New Agile Framework that supports DevOps, Continuous Delivery, and Lean Hypothesis Testing

This paper explores the need for a new process framework that can effectively support DevOps and Continuous Delivery teams. It then defines a new framework, which adheres to the lean Kanban philosophy but augments Kanban by providing a structured iteration process. This new Structured Kanban Iteration (SKI) framework defines capability-based iterations (as opposed to Kanban-like no iterations or Scrum-like time-based sprints) as well as roles, meetings and artifacts. This structure enables a team to adopt a well-defined process that can be consistently used across groups and organizations. While many of SKI’s concepts are similar to those in found in Scrum, SKI’s capability-based iterations can support the demands of product development as well as operational support efforts, and hence, is well suited for DevOps and Continuous Delivery. SKI also supports lean hypothesis testing as well as more traditional software development teams where capability-based iterations are deemed more appropriate than time-based sprints

DevOps-käytäntöjen asettamat vaatimukset henkilöstöresursseille

DevOps on kokoelma käytäntöjä, filosofioita ja työkaluja ohjelmistokehityksen organisoimiksesi. Kyseessä on sateenvarjotermi, joka koostuu useista eri osa-alueista. Se ei tarjoa valmiita työkaluja kuten esimerkiksi ohjelmistokehityksen prosessimallia vaan kokoelman käytäntöjä, joiden avulla sopiva prosessimalli voidaan kehittää. Ne eivät kuitenkaan rajoitu vain ohjelmistokehityksen organisoimiseen vaan niiden keskeisenä ideana on organisaation matka kohti oppivaa organisaatiota. Niiden laajamittainen hyödyntäminen vaatii koko organisaation kulttuurinmuutoksen. DevOps-käytäntöjä hyödyntäville organisaatioille tyypillisiä piirteitä ovat korkea automaation aste, matala organisaatio hierarkia, erilaisten mittareiden aktiivinen seuraaminen, pyrkimys nopeaan reagoimiseen, kommunikaation ja yhteistyön korostunut merkitys sekä ketterien ohjelmistokehitysmenetelmien hyödyntäminen. Pehmeille taidoille ei ole olemassa yhtä yleisesti hyväksyttyä määritelmää, vaan niiden voidaankin katsoa olevan aina sidottuja kontekstiin. Termillä pehmeät taidot tarkoitetaan kuitenkin yleisesti ei-kognitiivisia taitoja kuten sosiaalisia taitoja. Tämän lisäksi termin alle mahtuvat henkilökohtaiset ominaisuudet, luonteen piirteet sekä yksilön elämänkatsomus. Teknologian kehittymisen seurauksena työelämä on murroksessa, jossa toistuvat työtehtävät pyritään automatisoimaan. Näin organisaatioiden henkilöstöstä yhä pienempi osa työskentelee työtehtävissä, joissa vaaditaan vain kovia taitoja. Sen sijaan yhä suurempi osa työtehtävistä nojaa pehmeisiin taitoihin kuten yhteistyökykyyn ja ongelmanratkaisuun. Esimerkkinä tällaisesta muutoksesta on ohjelmistokehitysorganisaatiot, joissa pyritään hyödyntämään DevOps-käytäntöjä. Muutoksen keskeisenä pyrkimyksenä on parantaa yhteistyön ja kommunikaation astetta kokoamalla monialaisia tiimejä, joissa eri toiminnot tekevät keskenään yhteistyötä. DevOps-käytäntöjä on tutkittu niiden lyhyen historian aikana varsin runsaasti ja laaja-alaisesti sekä akateemisten- että kaupallistentahojen toimesta. Tästä huolimatta olemassa oleva tutkimus ei juurikaan ota suoraan kantaa siihen millaisia pehmeitä taitoja DevOps-käytäntöjen kattava hyödyntäminen vaatii organisaation henkilöstöresursseilta. Tämä siitäkin huolimatta, että DevOps-organisaatioissa korostuvat erityisesti pehmeät taidot kuten sosiaaliset taidot ja ongelmanratkaisukyky. Tämän tutkimuksen tavoitteena oli selvittää henkilöstöresursseilta vaadittuja pehmeitä taitoja organisaatioissa, joissa pyritään työskentelemään DevOps-käytäntöjen mukaisesti. Tutkimus suoritettiin systemaattisena kirjallisuuskatsauksena olemassa olevasta DevOps-tutkimuksesta. Sen tavoitteena oli määrittää lista sellaisia pehmeitä taitoja, jotka henkilöstöresursseilta vaaditaan DevOps-käytäntöjä hyödyntävässä organisaatiossa. Katsauksessa käytetty tutkimusaineisto rajatiin käsittämään vain akateeminen DevOps-tutkimus, joka oli saatavilla kahdesta eri tietokannasta. Se suoritettiin käyttäen IS tutkimuksen adaptoitua Fink-mallia. Tutkimuksen tuloksena tutkittavista julkaisuista tunnistettiin 23 kappaletta uniikkeja pehmeitä taitoja. Tämän lisäksi työn tuloksena syntyi ajantasainen kirjallisuuskatsaus DevOps-käytännöistä. Tutkimuksen tulokset tarjoavat työkalun esimerkiksi oppilaitosten koulutusten suunnitteluun, organisaatioiden henkilöstöhallinnon rekrytointien suunnitteluun sekä tarjoaa pohjan tulevalle tutkimukselle aiheen ympärille

Leverage the COBIT 2019 Design Toolkit in an SME Context: A Multiple Case Study

Organizations today exploit IT to achieve business value and competitive advantages; it is the disruptive effect of digital transformation. However, investing in IT without proper control and governance over enterprise IT (GEIT) can expose organizations to cyber-risks and IT project failures. This problem affects both multinationals and small organizations. In particular, small and medium-sized enterprises (SMEs) struggle to implement IT-governance also due to the complexity of the standard IT-governance frameworks. In this study, five case studies were conducted with five manufacturing companies in Italy whose headquarters are located in the Lombardy region to investigate the potential benefits for IT practitioners of using the COBIT 2019 Design Toolkit, an Excel spreadsheet that facilitates the development of a governance system. The results are encouraging, the IT practitioners appreciated the COBIT 2019 Design Toolkit to map the IT resources and issues, prioritize the most important governance and management objectives, and align business and IT strategy. However, some criticalities emerged, for instance, the limited prescriptive power of the tool and the language, which is sometimes difficult to understand for IT practitioners. It should also be noted that current IT-governance implementation in Italian manufacturing SMEs appears to be very limited. Further, it should be highlighted that this study was using COBIT 2019 before ISACA issued “COBIT for Small and Medium Enterprises Using COBIT 2019” which could already have a positive impact on the level of comprehension. Keywords: COBIT 2019, IT-governance, IT-governance frameworks, multiple case stud