In today’s modern business environment, the CIO and CTO’s need for agile delivery is a ‘must have’ in order to remain competitive. At the same time, the compliance officer’s need for repeatability, process and control is equally imperative to keep the regulator happy and avoid hefty fines. Meanwhile, 80% of enterprise IT budgets are consumed with just keeping the lights on (Forbes), leaving a very limited amount of time for innovation and improvement as a business.
While the need for compliance, agility and innovation may appear disparate, a common strand binds them together – (the need for) automation. Businesses and corporations across every sector should be looking to automation and Application Release Automation (ARA) to ensure compliance with industry and government regulations, while simultaneously using the benefits to drive innovation and step away from ‘sweating the small stuff’. By freeing up resource with this operational shift, automation can be used to run, build and transform the business.
Run The Business
With such a vast proportion of IT budgets being channelled into day-to-day activities, there is a real need for IT to work smarter if it is to enable better business performance. In many cases, highly paid skill-sets are overloaded with keeping things running, creating bottlenecks that obstruct the IT department’s ability to deliver value to the business fast enough to get ahead in an increasingly competitive landscape.
As IT infrastructures continue to exert ever-increasing influence over the operations of businesses, CIOs face a huge challenge – a vastly increased responsibility for the well-being of the company that is exponentially greater than the resources dedicated to maintaining it.
As these IT infrastructures continue to evolve, CIOs find their exposure to risk continuing to expand as a result of disconnected business-critical processes. When processes are automated with different tools across multiple departments and layers—infrastructure, applications, and business processes—there are thousands of potential breakage points that can devastate the business. And because there are multiple, siloed tools automating parts of the processes, CIOs don’t have end-to-end visibility, further increasing their exposure to risk.
Automation has helped IT departments simplify many complex (but quite often mundane), processes—from job scheduling to virtualisation to file transfers. In so doing, it has increased their efficiency, reduced their operating costs, and eliminated the errors often associated with manual processes.
Building The Business
The regular stream of updates to services and applications required by today’s business dynamics—together with the agile development methods being used to speed up software delivery—are making IT operations teams’ jobs increasingly difficult. Despite this rapid pace of change, IT operations must still ensure that all updates comply both with organisational polices and with a host of industry and government regulations, including HIPAA, SSAE 16, SAS 70, PCI, SOX, Basel II, Gramm-Leach-Bliley, the FFIEC guidelines, and the PCAOB.
This increasing frequency of application updates required to be agile and competitive, together with the need to comply with a growing body of regulations, requires automation of the application release process.
Application release is a function that cannot be underestimated. For a single application, the process may involve six or seven people—a developer or two, a quality announcement (QA) manager, an application release manager, a network administrator, a middleware administrator, and a database administrator.
The setup required to deploy an application—whether to QA or production—can take anywhere from 30 minutes to several hours, depending on the size and complexity of the application. And this tedious, time-consuming, and error-prone process may have to be repeated 50—or even 100—times over the course of a few days as the application is prepared for production.
With so many people across the organisation working on application updates, and each group typically keeping its information in its own set of spreadsheets, organisations have no reliable way to manage application knowledge across the enterprise. There’s no traceability when something goes wrong—no way to find out who was responsible for that part of the application, which doesn’t interact well with the traceability needed to meet the growing list of regulations.
Developers are under pressure from the business side of the organisation to get updates into production quickly, so end users can have access to the new features. Operations groups, on the other hand, focus on factors like control, security, and manageability, which tend to slow things down. Still, the trend is towards more frequent updates. In some cases, production updates may occur as often as daily—particularly in the case of dynamic Web applications. In other cases, they may be weekly or monthly, or, more rarely, quarterly.
Automating all three aspects of the application release process is critical to ensuring a smooth, efficient deployment. End-to-end automation eliminates the need for scripts and error-prone manual steps. It gives businesses complete control over all aspects of the application release process, enhancing both security and compliance. In addition, its ability to segregate duties (e.g., keeping developers out of production environments) and its detailed documentation of all aspects of the release process play a key role in helping to meet regulatory requirements.
A good example of how severe the impact of the IT department getting it wrong can be is Knight Capital who, due to a process error led to a failed software release that resulted in a $440 million loss and, ultimately, a rescue bid for 8 times lower than their market valuation prior to the event.
Similarly, France Telecom’s outage in July of 2012 cut 26 million people off the mobile network, leaving them completely unable to make or receive calls and text messages. This outage cost the service provider upwards of $25,000,000 in repair and compensation costs. The reason? A software update took place shortly before the failure. Yet, software complexity is not the root cause of outages. In fact, enormously complex telecom and other applications all work competently, as long as they are untouched.
It is the deployment and release processes that are the main cause of failure and the top five reasons are all related to the lack of a purpose-built application release and deployment automation solution. The lack of packaging, reusable workflows, generic deployment models and the ability to validate application snapshots and automatically rollback in the middle of any deployment process, causes the biggest failures in the service provider industry and the enterprise market in general.
Automating the application release process and automation as a whole is the only way that IT organisations can comply with the growing number of industry and government regulations affecting application release—as well as the increasing pace of change. It provides the necessary segregation of duties, preventing developer access to production environments and ensuring that each group of users has access only to the functionality, applications, and environments needed to do their jobs.
It provides detailed documentation and audit trail reporting, automatically noting every change executed throughout the application lifecycle, while also giving complete visibility into and control over all processes—before, during, and after execution. The ‘complexity’ of failures can no longer be blamed for holding back the IT department in its quest for innovation.