DevOps transformation isn't just for greenfield tech startups and 'unicorns' such as Amazon and Netflix, declares...
one of the movement's most influential figures.
Gene Kim is co-author of the seminal novel The Phoenix Project, among the principal philosophical texts that formed the foundation of the DevOps movement. He is an author, public speaker and researcher with ITRevolution.com which puts on annual DevOps Enterprise Summit conferences. Kim is the founder and former CTO of IT security software maker Tripwire, and currently serves as independent director of the Energy Sector Security Consortium, a non-profit industry organization focused on the security of critical infrastructure.
We caught up with Kim to talk about DevOps transformation for the mainstream -- for enterprise IT 'horses,' and what's in it for IT operations in particular.
How do you define DevOps? Everybody seems to have their own definition.
Gene Kim: DevOps is all the sets of cultural norms and technical practices and architectures required to get a flow of work from dev to ops and production while preserving world-class reliability, security and stability. Most of our experience [says that] to go fast is diametrically opposed to being reliable, but high performers are able to do both. They're able to break that iron triangle that we've learned from the project management community.
How have you seen DevOps evolve since The Phoenix Project was published? Has the definition changed?
Kim: There are four things that I really wish I'd learned before The Phoenix Project. One is just how much evidence there is on how DevOps benefits everyone in the value stream and ultimately the organizations that we serve ... Another is, DevOps is as good for development as it is for operations, and vice versa. Security is an equal beneficiary, but security doesn't have to do all the work; we can integrate the security objectives into the daily work of dev-test-operations and get better security outcomes.
Another thing I certainly understand much better now is that DevOps is really a subset of what researchers and academics have called dynamic learning organizations, organizations like Toyota [and] the safety culture at Alcoa. It's one of those highly studied groups of organizations that are winning in the marketplace and DevOps is just an example of one of those. That's really great, because it reinforces some of the other things we know are important to DevOps, like high-trust environments and fully empowering people doing the work to define what the work is and how to do the work, and so forth.
Gene Kimauthor of The Phoenix Project
Where DevOps came from is very much the 'unicorns,' [such as] Amazon and Facebook and Netflix and so on, but what's emerged as my area of passion now is studying not so much the unicorns but the horses -- the large organizations that have been around for decades or even over a century that are able to use the same principles and practices and gain the same outcomes. ...That's where the economic value of DevOps is going to be created -- it's not going to be in the unicorns, it's really going to be where the majority of technology workers are. So if we can get those engineers as productive as if they were at Google, that will create a macroeconomic impact in terms of global prosperity.
How does a 'horse' enterprise's adoption of DevOps differ from that of a 'unicorn' tech startup?
Kim: Let's start with what's not different: They're using the same principles and practices. They use the same tools, and their stories when they go onstage at conferences look very much the same. But their back stories look so different, because often they are creating a radically different way of working, a high-trust, generative culture, often in organizations where you have decades or even centuries of bureaucracy and low-trust culture. It usually takes a very courageous leader who's willing to drive to that destination, and the goal is to get their teams as productive as if they were at a unicorn organization. Each of these leaders were given some degree of air cover by senior leadership, but every one of them has taken on some level of personal jeopardy [and] they all share the absolute clarity that what they're doing in their organization is needed to win in the marketplace or even survive in the marketplace.
What is high-trust culture, exactly? What's involved in that?
Kim: There's a famous instrument called the Westrum organizational typology model. What Dr. [Ron] Westrum [of Eastern Michigan University] discovered 12 years ago was that one of the top predictors of patient safety in healthcare organizations was culture. He found that organizations with the worst safety records typically shot messengers who told bad news, they kept information from each other, they discouraged novelty, and there was almost this culture of fear. Whereas at the highest performers, they would actively seek out information, they would actively share it with their peers, they would train messengers about how to tell bad news -- because bad news is an opportunity for learning. They encouraged bridging between teams, and they encouraged novelty.
The big question that seems to be on people's minds is whether DevOps just becomes developers doing everything and IT ops specialists being out of a job. How would you address that concern?
Kim: It is true that operations [professionals] will look a lot more like developers in that what they do is not manual work. An operator's work will be more like Infrastructure as Code, creating specific offers in how they configure their internal cloud. Whether it's on the networking level or the platform OS, it will be code that gets checked into version control, and I think they'll be using developer methodologies, they'll be using developer tool sets, and often the same version control repositories as developers.
There's a theme that comes up over and over at high performers, which is that whether you're in dev, test, ops or even infosec, the goal is to maximize developer productivity, to let developers do what they do best. And, there's a sense of a win-win relationship between dev, ops and security where everybody's working on high-value work that's directly connected with customer outcomes. And the developer can't really be productive if they're too worried about something like configuration settings in the OS. There's a safe spot for everybody, and for IT operations, the best times are ahead of us, not behind us.
DevOps transformations are taking place in real enterprises, from a major brick-and-mortar and online retailer with legacy IT investments to a chain of hotels that found modernization wasn't enough, to a company that offers commerce services and experienced difficulties on the DevOps path.