SBA

All Change!

A few months back I wrote to the effect that I wasn’t seeing much “new” technology emerging, the current trend is more about exploiting the technologies we already have. That remains true however the world of corporate IT is undergoing a period of immense change. Corporate IT in the future - within five years, will look very different to the common implementation of IT over the past thirty years.

Who’s Data?

Last week, following four years of wrangling, the EU finally passed the General Data Protection Regulation (“GDPR”) into law. It is massively different to its predecessor in that it is global in scope - it applies to any data held about an EU resident wherever that data is held so it will impact most businesses which trade within the EU whether they be American, Chinese or Manx. It includes the “Right To Be Forgotten” so those who hold data may be required to scrub it, and “Data Portability” meaning that the data subject may demand their data so that they may take it to another service provider. When I last wrote about GDPR some parties were trying to get the permitted fines toned down - the original proposal was a maximum of 5% of turnover but some politicians were trying to reduce this to 2%. The end result is that fines for breaching the GDPR are a maximum of 20,000,000 Euros, or 4% of total worldwide annual turnover, whichever is higher. Organisations now have two years to comply with the GDPR, and the potential penalties suggest that there will be a massive shift in Boardroom attitudes to data protection governance and the depth of boardroom oversight given to IT.

Clouds Overhead

One of the features of the new GDPR is that it specifically addresses, and thereby legitimises, Cloud Computing and the storage and processing of customer data “off-premises”. Cloud has gone through an interesting transformation in corporate IT; it used to be that IT Directors and CIOs commonly shied away from Cloud citing it as too risky or potentially unlawful to put the company’s precious data in the hands of some third party where they could not guarantee security or what might happen if the provider went bust. Over the past couple of years however attitudes have changed, and many IT leaders say that they cannot afford the risk of not using Cloud, because it gives them more flexibility to scale and modernise IT, and reduces up-front costs so that they can afford to experiment more instead of betting the farm on a big investment. Cloud computing is becoming completely mainstream and the GDPR provides legal foundations and framework for organisations to put personal data into the Cloud. Whilst predictions of the death of the in-house data centre are definitely still premature, an increasing number of businesses are moving to hybrid IT models where they provide some services on their own systems and some from the Cloud.

Open Source

A few weeks ago I wrote about the legitimisation of Linux, but that’s not the only bit of Open Source to achieve widespread adoption. If Linux powers the Internet then the Apache web server powers the web, with content stored in MySQL and PostgreSQL databases, and processed with the PHP, Python, Java and Javascript languages which are the most used in creating applications for the web. These technologies are the foundations of modern open source, but corporate IT departments have generally been slow to adopt them. Realisation that these technologies are used to create web-based applications reliably and securely serving millions of users instead of the puny hundreds or thousands of users served with the proprietary technologies used in most corporates is increasingly dawning on IT organisational leaders, especially as they are called upon to to go “Digital” and extend their companies’ IT systems into providing direct service to customers. Open Source has come of age; most of the big corporates in the Fortune 500 and FTSE have already made significant investments in deploying Open Source software packages, and some major players are making strategic decisions to move predominantly to Open Source technologies for core systems as they seek to escape the licensing nightmare visited upon them by the struggling commercial software giants who are losing sales big time as organisations adopt Cloud.

Continuous Integration / DevOps

One of the characteristics of large-scale Internet / Cloud providers is that they upgrade their technology and introduce new features constantly. Google, Facebook, Amazon, Salesforce et. al. don’t wait months or years between software upgrades, they are deploying new tweaks, bug fixes, features and improvements continuously; in some cases daily. This is not possible using the standard “release” approach to software development. The idea of designing, developing and testing a bundle of new features over a period of months, and then rolling it out as a major or minor release is becoming passe. Security threats need immediate rectification, and if they can be fixed almost instantly then why cannot new business features be rolled out just as quickly? Business leaders are increasingly unwilling to wait months for IT to make the changes needed to deliver new options to customers and corporate IT leaders are under increasing pressure to react faster. DevOps is the close integration of previously separate IT development and operations teams to deliver upgrades on a continuous basis, also known as Continuous Integration. Systems improvements are delivered as small bundles instead of large releases, so each is lower risk, and increasing are being deployed using techniques which permit immediate rollback if things don’t work out. Leading corporates are progressively restructuring their IT departments to adopt DevOps and break down the traditional segregation of development and operations.

Agile

The traditional separation of development and operations is largely an artefact of a project management method called Waterfall, in which systems are created in a rigid cycle of requirements, specification, development, test and deployment. For large developments this is naturally a long cycle, creating all the specifications for a new system can take months, followed by months of development before the system enters test. Once you understand the Waterfall process it is easy to see why the gap between product releases is so long. Obviously a Waterfall approach to systems development does not sit easily with DevOps / Continuous Integration. Some developers have for many years promoted other, supposedly better, faster and cheaper development management techniques - collectively these are termed “Agile”. All Agile approaches have two features in common; developers work very closely with their customers and they deliver functionality in small, frequent increments - typically fortnightly. After decades of being a bit-part player in the software development community Agile seems to have come of age. It is the preferred method for the providers of most Internet-based systems and Cloud software, and dovetails nicely with the DevOps approach to Continuous Integration in providing frequent small releases.

As you can see, whilst there is little in the way of fundamentally new technology emerging at present, there is a major transformation being wrought in corporate IT departments across the world. A wave of change encompassing technologies, suppliers, licensing models, development methods, risks, laws and governance is ripping up the old rulebook as to how IT should be properly conducted. Change is never easy; IT people who have been doing things the “right” way for decades are being asked to accept that there are better ways of producing corporate IT, and that other people are doing IT better than them. New skills and methods have to be adopted, new technologies learnt, new job roles and titles, and new risks managed in return for the benefits that the “new” techniques provide (some of these new techniques are over thirty years old but corporate IT is a very conservative beast). There are leaders and followers in this wave of change, and notably most of the world’s new corporate giants are in the vanguard. Personally I don’t think that’s any coincidence.