Tag Archives: DevOps

Five Prerequisites for Citizen Development

In a pervious article we talked about evolving Citizen Developers from City Dwellers to Townsmen … so they can become first class citizen. We discussed the left-shift of responsibilities from pro-developers to Citizen Developers and explained that Low-Code / No-Code (L-C/N-C) platforms cannot exonerate an organization of all the responsibilities shifted to these Citizen Developers:

It is the tooling support of the L-C/N-C platforms
that evolve Citizen Developers from City Dwellers to Townsmen.

It is the organization’s (city) strategy and tactical focus
that turns them into first class citizens.

Next we introduced 3 prerequisites for success the so-called D^3 or Data, Devices and Delivery.

After some more research it became clear that still some dimensions were missing to cover all the angels of people – processes – technology.

Firstly, we want to extend Data with Digitalization. Data is a necessary but not a sufficient condition. Data as a collection of information is nothing without a clear view where it fits within business processes. It is here where Digitalization comes in to add the process angle as sufficient condition.

Secondly, in order to have an acceptable ROI for a L-C/N-C platform investment, a high level of reusability is important. Reusability focusses on technical building blocks like components and connections but also on governance and policies. The idea that there are things that will be application-specific and handled by a Citizen Developer and other things will be generic and handled on an organizational level, introduces  a dimension where we look at the distribution of reusable elements throughout the L-C/N-C platform.

The two additions mean that we have now D^5 model:
Data – Devices – Delivery – Digitalization – Distribution

Data: data encapsulation/exposure is a prerequisite


For a Citizen Developer to develop applications for his business,
he needs access to his business data

  • Data source isolation: data specific for his business
  • Data availability: data accessible through API’s
  • Data storage: data to be stored in relation to his application

Devices: suitable devices are a prerequisite


For a Citizen Developer to build applications,
he needs to be able to select a suitable device for the problem at hand
i.e. desktop, mobile, VR-AR, kiosk

  • Device availability: devices made available on short-term to all the users of his application
  • Device/License sharing:  devices and licenses ad-hoc attributed and revoked to users
  • Device security policies: devices are managed to protect against exposure and loss of business data

Delivery (Deployment): platform governance and strategy is a prerequisite


For a Citizen Developer to manage the life cycle of his application,
he needs to be able to count on supporting process to be in place

  • Application Delivery TOM/SOM: application delivery processes clearly describe roles and responsibilities for Business and IT
  • Delivered Application Support Model: delivered application he can support directly or indirectly
  • Application DevSecOps policies: business risks and IT risks are controlled by DevSecOps tooling

Digitalization: process oriented automation is a prerequisite


For a Citizen Developer to contribute to the digitalization
he needs to be able to affect end-to-end processes he owns

  • Monetized Digitalization: processes direct and indirect costs and revenues are quantified (FinOps)
  • Dematerialized Digitalization: processes descriptions focus on activities (steps towards end-results) before information (content carried between activities)
  • Optimized Digitalization : end-to-end processes are defined as a set of interrelated activities (process optimization not isolated activity optimization)

Distribution: availability of reusable building blocks is a perquisite


For a Citizen Developer to efficiently assembly his application
he needs to combine distributed building blocks

  • Distributed Components: reusable front-end components (UI elements) as well as reusable back-end components (Systems/Solutions)
  • Distributed Connectivity: reusable means of integration between components (data exchange, network connectivity, import/export)
  • Distributed Responsibilities: reusable cross application responsibilities (generic governance) extending application specific responsibilities of his application (app specific governance)

Citizen Developers from City Dwellers to Townsmen

Citizen Development City Dweller to Townsmen

Evolving Citizen Developers from City Dwellers to Townsmen … so they can become first class citizen

Citizen developers have triggered a new left-shift in the application development.

With the introduction of DevXOps, in its multitude of variations DevSecOps, DevBizOps, DevDataOps … we have seen a first shift toward putting more responsibilities with the developers of applications. The idea that, if we consider security, usability, manageability, operability, monitorability, business value and other *-abilities as quality attributes from the get-go of the development process and not wait till applications get into production, resulted in new application life cycle management (ALM) processes. ALM processes that focus on continuous testing, continuous integration, continuous deployment, continuous feedback, continuous monitoring and continuous operations (7 C’s op DevOps). New ALM processes that support this left-shift from operations to development and can even exonerate developers from these additional responsibilities.

Low-code platforms targeted initially developers with the promise of acceleration introducing the concept of Rapid Application Development (RAD). Using drag and drop features to create UI’s; visual wizards to add business logic for validation and other business rules into applications; and schema generation to expose data to applications all resulted in faster time-to-market of IT solutions.

After the introduction of low-code (L-C) platforms, a new group developers raised to the occasion. Tech savvy business users started to use the same L-C platforms to solve day-to-day problems that could not be picked up quickly by IT departments through traditional or rapid application development. The citizen developer was born. At the beginning this was done covert and resulted in shadow-it. When L-C platforms evolved towards no-code (N-C) capabilities, the need for governing this new group of developers became apparent. This resulted in a second left-shift, now from pro-developers to citizen developers. Also here, responsibilities shifted and this time across the IT – Business chasm.

What are these responsibilities that landed in the laps of the Citizen Developers?

Typically we see first the same responsibilities be shifted, that were apparent already in the first left-shift, from operation to pro-developers. These are mostly IT related risks:

  • ALM risks: keeping the application up to date through evolving the requirements, architecture and technology of the application to protect against functional obsoleteness and technical debt.
  • Security Risks: keeping the application secure and protect against incorrect access, usage and data exposure.
  • Costs Risks: baring the cost of the application and protect against inefficient and uncontrolled spending
  • Governance Risks: ensure the application is managed as part of a solution architecture landscape

Typically when Citizen Development matures, we see that also business related risk become visible. These should be part of the responsibility shift as well. These Business related risks are:

  • Strategic Risks: Citizen developer’s focus limited to ad-hoc problem solving i.e. operational problems, forgetting about tactical and strategic long-term solutions. Missed opportunities towards generalization and standardization of solutions leading to redundancy/duplication: excess costs and limited scaling.
  • Process Risks: Citizen developer’s focus on a part of a business process (one or more activities) resulting in sub-optimal solutions. Automating an inefficient process or part of a process results in an automated inefficiency. It requires an end-to-end process view and level of abstraction beyond the problem at hand to create efficient solutions.
  • Obsolesce Risks: Citizen developers applying a technology because they can, not because it is the right thing to do: “If you have a hammer everything looks like a nail“. Limited critical reflection on why and when to apply a technology. Lack of understanding of correct usage and limitation of a technology.  
  • Regulatory Risks: Citizen developers’ focus solely on the business process forgetting about regulatory compliance e.g. data usage (GDPR, data privacy) and security (data leakage and data loss). Limited understanding of requirements beyond functional requirements omitting domain and non-functional requirements. Limited accountability toward end-to-end process and compliance of activities part of an end-to-end process.

Most of these risks are managed from within a modern L-C /N-C platform through tooling and monitoring. These are basically where the platforms turn shadow-it into business managed solutions. The business risks are often underexposed in these platforms and managed by means of on-boarding checklists, ideation repositories and usage monitoring.

The latter typically requires a strategy and governance added on top what these platforms can offer. The platform is a means to the end but cannot exonerate an organization of all the responsibilities that were shifted to the Citizen Developers.

It is the tooling support of the L-C/N-C platforms
that evolve Citizen Developers from City Dwellers to Townsmen.

It is the organization’s (city) strategy and tactical focus
that turns them into first class citizens.

The strategy and tactics will ensure that the minimal conditions are created for Citizen Development success. Typically we see 3 prerequisites for the success, the so-called D^3 i.e. Data, Devices and Delivery

Data: data encapsulation/exposure is a prerequisite


For a Citizen Developer to develop applications for his business,
he needs access to his business data

  • Data source isolation: data specific for his business
  • Data availability: data accessible through API’s
  • Data storage: data to be stored in relation to his application

Devices: suitable devices are a prerequisite


For a Citizen Developer to build applications,
he needs to be able to select a suitable device for the problem at hand
i.e. desktop, mobile, VR-AR, kiosk

  • Device availability: devices made available on short-term to all the users of his application
  • Device/License sharing:  devices and licenses ad-hoc attributed and revoked to users
  • Device security policies: devices are managed to protect against exposure and loss of business data

Delivery (Deployment): platform governance and strategy is a prerequisite


For a Citizen Developer to manage the life cycle of his application,
he needs to be able to count on supporting process to be in place

  • Application Delivery TOM/SOM: application delivery processes clearly describe roles and responsibilities for Business and IT
  • Delivered Application Support Model: delivered application he can support directly or indirectly
  • Application DevSecOps policies: business risks and IT risks are controlled by DevSecOps tooling

How Agile is your Organization?

Maximum flexibility requires maximum responsibility!

Being Agile as an organization and Agile application delivery has been on the radar of many CIO’s and CTO’s trying to reduce the time to market of systems under their control.  Often I see agility being interpreted by the other C-levels as a methodology for maximum project flexibility. However maximum flexibility requires maximum responsibility to achieve business value and that is not a solely technical issue, on the contrary!

Being effective in Agile delivery requires a lot of maturity in different areas during project delivery. We will be looking at six axes besides the typical technical one:

  1. Technical Environment
  2. Quality Management
  3. User Experience
  4. Team Dynamics
  5. Ownership Management
  6. Project Management
  7. Company’s Eco-System

To generate maximum value, the Agile methodology has guiding principles and these have to be translated in operating procedures. Based on earlier work of M. Balbes, we propose a model to quantify this operational effectiveness by scoring a list of required capabilities according to maturity going from no capabilities to innovating and leading capabilities.

An Excel version to score your organization can be downloaded here:

Before we try to measure something, what are the Agile principles companies should adhere to?

  1. Delivery Value: Focus on continuously delivery value to the customer, key-users …
  2. Embrace Change: Change is good and inevitable. Change avoids waste by adapting before it is too late.
  3. Business + ICT: Avoid Chinese walls between teams. Work closely together every day.
  4. Simplicity: Focusing on what is good enough to avoid gold-plating. Work smarter not harder.
  5. Frequent Delivery: Delivery version frequently to have short feedback cycles.
  6. Self-Organizing Teams: Motivated individuals will be able to identify how to organize the work and what they need.
  7. Communication: Transparent, open and face-to-face communication helps insights and clear understanding.
  8. Self-Emerging: Avoid analysis-paralysis and big design up-front. Design for what is needed now and adapt.
  9. Progress Monitoring: Measure progress as delivered software i.e. potential shippable product increments.
  10. Constant Pace: The team should work according at a pace they can keep up without feeling pressured.
  11. Technical Excellence: Focus on the quality of artefacts and development process.
  12. Continuous Improvement: Be self-reflective and make incremental improvements to the development process.

For the different axes an organization needs to have some capabilities in place and below some examples of these capabilities. The detailed list can be found in the attached Excel model.

Technical Environment capabilities check if the principles of extreme programming are enabled. What is the company’s maturity for following capabilities:

  • Unit testing, test driven development and technical testing approaches
  • Continuous integration methods
  • Pair programming – Spikes experimentation
  • Source control – Branching strategy approaches
  • Release management
  • Coding standards usage
  • Development process – Software Development Life Cycle
  • Shared code ownership
  • Software changeability enablement

Quality Management validates if quality assurance is taken in favor of quality measurement. What is the company’ maturity for following capabilities:

  • Quality management process
  • Code Quality – Internal – External Quality impact analysis
  • Team’s  ownership of quality
  • Defect management
  • User acceptance testing – Exploratory testing

User Experience looks at the application of multi-disciplinary teams since developers are not designers. What is the company’s maturity for following capabilities:

  • Graphical Design – UX selection process
  • Embedded usability testing

Team Dynamics focuses how people collaborate and how self-reflective they are. What is the company’s maturity for following capabilities:

  • Team Structure – Charter agreements
  • Team discussion – Conflict resolution processes
  • Retrospectives – Stand-Ups organizations
  • Information radiators availability
  • Continuous improvements
  • Change acceptance process

Ownership Management goal is to see how well the link between business and IT is managed to enhance a project’s business value. What is the company’ maturity for following capabilities:

  • Identified stakeholders management
  • User stories – Story sizing principles
  • Acceptance criteria – Owner acceptance process
  • Delivering value – User feedback management
  • Prioritization – Backlog – Release Cadence organization
  • Backlog – Change management

Project Management looks for transparency in reporting and collaboration enhancement. What is the company’s maturity for following capabilities:

  • Kaban – Milestones overview
  • Decisions – Meeting minutes creation
  • Staffing alignment

Finally we have the company’s Eco-System or the environment. What is the company’s maturity for following capabilities:

  • Risk Identification – Monitoring – Mitigation
  • Embedded learning culture
  • Change – Champions creation and management
  • Governance – Internal Change – External Change management

An overview presentation can be downloaded here:

Building Evolutionary Architectures

Controlling the Fitness of Your Software Architecture!

In their book “Building Evolutionary Architectures”, N. Ford, R. Parsons and P. Kua introduce a new way to look at software architecture where changes to requirements become part of the business as usual. These concepts were already set in motion by Agile, DevOps and CI/CD but the authors add a refreshing concept to the mix.

How are we going to measure the suitability of our architecture compared to the every changing requirements?

The proposed solution lays in measuring how far or how close the characteristic of the current architecture are from the ideal or expected characteristics. The solution was inspired by statistical models were we want to fit a curve to a set of data points by fitting a function. An expression of the suitability of the curve’s function is called the fitness of such a function.

The same concept can be applied to software architectures. Required architectural characteristics a.k.a. as the technical *-abilities can be measured by fitness functions. When the architecture changes the impact is measured by these fitness functions and as a result the changes become quantifiable and controllable.

An architectural fitness function provides an objective integrity assessment of some architectural characteristic. Combining the outcomes of the collection of fitness functions gives a view on the overall architecture.

Making architecture capable of evolving requires 3 things:

  • An architecture that supports incremental change
  • An architecture that can be measured so the changes can be guided
  • An architecture with the appropriate level of coupling to allow for an optimal change process

More details on the topic can be found in:

Managing the Unmanageable

“When it comes to getting things done, we need fewer architects and more bricklayers”. In managing the unmanageable, Mantle and Lichty, explain how to run a software development team from hiring and firing to project inception and delivery. Interesting read for every project manager.

The book covers eight topics:

  1. Software Development is difficult
  2. Understanding Software Developers
  3. Finding and Hiring Great Programmers
  4. Getting New Programmers Started Off Right
  5. Effective Programming Manager
  6. Motivating Programmers
  7. Creating a Successful Programming Culture
  8. Successful Software Delivery