What’s the Impact of DevOps on Business Continuity?

Business continuity – the art of keeping the business in business – is nothing new. But how is business continuity affected by newer approaches to IT management such as Agile and DevOps? And how should organizations be adapting their traditional business continuity capabilities in light of these approaches?

Why do many organizations know that without fit-for-purpose technology they would not exist, and so introduce Agile or DevOps methods, but still fail to ensure that their new practices help to ensure that their technology is available in all circumstances?

And why is it that ensuring the continuity of an organization is often considered important only after a crisis has occurred – the proverbial closing of the gate after the horse has bolted?

This blog looks at how business continuity capabilities need to change in light of the impact of Agile and DevOps.

We Live in a World of Constant Change

Organizational requirements change rapidly. The strategic plan you created in the past, and previously only updated annually, is now out of date within a quarter.

Agile and DevOps practices have already been adopted to help resolve complex business issues, in these times of flux, through technology improvement – providing organizations with an increased certainty of intent, quality, and safety.

But why isn’t integrating the potential impact of Agile or DevOps into business continuity practices always considered a sound and highly-valuable idea? I think it is. So please read on for more on why Agile and DevOps also have a part to play in this IT discipline too.

A Quick “Business Continuity 101”

Maintaining business continuity in your organization:

• Provides the ability to adapt as required to meet competitive, regulatory, organizational, technology, or new market opportunities
• Provides your stakeholders, suppliers, and – most importantly – customers and staff with the assurance the organization will remain a sound, going concern

For example, many organizations have a data repository in an application such as SAP, Oracle, or SharePoint. This repository is saved into the cloud, or other media, daily or as needed.

Which is great. But if you mapped the processes used inside a department, you might find that they download this data into Excel or some other tool and manipulate it for their own purposes. This is where the real work is being performed and if this data is lost, the business continuity impact could be quite severe.

DevOps and Business Continuity

Agile and DevOps methodologies suggest that you design, create, test, and release your technology changes in rapid cycles of two weeks or less. With any technology change introduced probably having a business-process, and thus business-continuity, impact.

Therefore, whatever you release must always be ready for production. But how can you provide this level of assurance? This is how:

• All “epics” – high-level business needs that are broken down into smaller stories – should also have a simple statement highlighting the impact of the request
• All user stories should have tests to confirm the work being performed is as-requested but also that they would be usable no matter where needed
• Feedback is provided to the development, infrastructure, cloud provider, and product owner regarding the success of the tests
• Any issues need to be resolved before the work/change is released
• Issues and other lessons become part of the backlog of new work
• If a continuity test was not performed, then this user story is prioritized for completion in near future sprints

DevOps Business Continuity Maturity Assessment Questions

There’s a relatively simple way to understand how your organization’s business continuity capabilities stack up – ask a number of focused questions (to the people who should be able to provide suitable answers).

Start by asking:

• How often do you test your code as you create it? (“Oh yes, we do that.”)
• Do you always test before you go live? (“Oh yes, we do that.”)
• How many of you create your code – be it infrastructure virtualization, new applications, internet, etc. – in environments that replicate, as close as possible, the production environment? (“Oh, hmm, no our environments are all different.”)

Step it up with the “killer” questions:

• How can you ensure that what you’re about to release is safe?
• How can you ensure that the work you’ve done is not a waste?
• How do you know that your organization can be kept “in business” and will not be exposed to an adverse effect from the change, or a business continuity situation?

Then Understand How the Organization Relies on Technology

As I already mentioned, business continuity is ultimately all about keeping your business in business, and thus there’s a need to understand how technology is employed to maintain:

• Regulatory compliance
• Competitive advantage
• A safe place for your people and suppliers to work
• The needed access to your products or services

And thus, you will need to:

• Map the various value streams of work performed
• Map the technology used at each step, down to workstation applications
• Quickly assess the impact of that stream being blocked or unavailable by facilities, people, or technology issue
• Create a plan to make that value stream as available as required

Organizations that have mature business continuity practices will of course also use technology to automate these activities. But they will also ensure that changes needed are tested as soon as possible in the product lifecycle.

If your tests are not performed in a production-like environment continuously, then how do you know you are ready and safe to go-live? Go-live should not just encompass the new code, but also the processes, training, security, continuity testing, organizational change, and supplier update if needed.

Fortunately, the DevOps tools that support these capabilities are readily available and need to become part of any development or testing framework or infrastructure.

Ultimately, it’s important to sufficiently invest in keeping your business in business! DevOps practices is another element to factor into your organization’s business continuity management policies, processes, and practices.