The world we live in today is driven by technology and filled with consumers whose demands are constantly evolving. It’s no wonder that businesses across all industries find themselves in a digital metamorphosis, trying to catch up in an ever-changing environment. As companies adopt DevOps practices in order to scale and increase the velocity of their releases, there is a dilemma between delivering rapidly and maintaining the level of quality necessary to maximize business value. While DevOps processes create a more agile workflow to deliver quickly, it is often overlooked that quality remains a siloed activity that is not considered until everything is already built. The power of DevOps comes from the ability to continuously integrate and continuously deliver but there is very minimal emphasis on the ability for continuous quality. To achieve DevOps maturity and deliver faster release with the most business value, it is critical to adopt a quality first culture. To do this, one must first identify what drives quality and how to maintain a state of Continuous Quality.
Quality is often thought of as testing what was built, but it is actually much more nuanced. Gartner said it best that “Continuous Quality is...deliver[ing] value faster than...creat[ing] technical debt.”1 When looking at quality through this lens, it’s important to identify all associated risks that can negatively impact the value delivery pipeline. With digital transformation initiatives, some of the highest risk areas are those in compliance, security and testing. While testing is specifically called out as a phase within the DevOps lifecycle, compliance and security are invisible quality risks that are often addressed reactively. With the highly regulated requirements around compliance and security, a misstep in these areas often results in large penalties and hefty fines - not to mention the defamation of a company’s brand and reputation as well as a loss in customer trust.
To simplify all of this, let’s take a look at a visual for Continuous Quality. In the above image, Compliance, Security and Testing are shown as separate building blocks that hold up Continuous Quality. Compliance addresses the laws and regulations (e.g. Sarbanes Oxley) that companies are required to comply with. Security refers to the controls necessary to fend off security threats like data breaches and hacker attacks. Testing is the validation that what was built meets the needs of the business. Any inadequacy in any of these pillars would result in an unstable structure that can destroy Continuous Quality. Thus, it is crucial to ensure the integrity of each pillar in order to hold Continuous Quality to its highest standards.
While Compliance, Security and Testing pillars create the key building blocks, it is Governance and Risk Management that pave the strong foundation for which Continuous Quality is built on. Governance refers to the set of rules, controls and policies that are put in place to manage behaviors or business outcomes. Governance can be at the company level, project level, process level and/or task level. For large enterprise organizations, there may even be a dedicated Governance team whose role is to provide guidance for initiatives across the company that aligns with corporate policies or standards. From a Continuous Quality perspective, the role of Governance is to ensure that the people, processes and technologies are aligned to promote a culture of Continuous Quality.
Risk Management is another foundational element for Continuous Quality. Risk Management is, quite simply, the management of risks that may arise. From a Continuous Quality perspective, examples of risks can be non-compliance to mandated regulations, exposed security vulnerabilities in the handling of sensitive customer data and functional defects uncovered during testing. While not all risks can be fully addressed, knowing what the risks are, their business impacts and potential workarounds or solutions that are available will be crucial to adopting a quality first culture.
Continuous Quality balances delicately across the Compliance, Security and Testing pillars and it looks to Governance and Risk Management to ensure the integrity of its structural composition. Integrating Continuous Quality into your DevOps processes will allow organizations to deliver quality releases that maximizes business value and still keep pace with evolving market demands. In future blogs, we will examine each of the pillars in detail to identify key tools and strategies that can be used to achieve Continuous Quality in your DevOps journey.
_________________________________
1 Gartner’s Innovation Insight for Continuous Quality:
https://www.gartner.com/document/code/383495?ref=authbody&refval=3953675