Technology has changed how people and companies operate. It has enabled new business models that generate new sources of revenue and empowered companies to optimise their operating costs. For the majority of companies, technology is much more than a website and email campaigns. It comprises applications that can process millions of transactions per second, with tools that maintain 100% performance and availability. It scales on-demand in a predictable and secure way. It can be adapted and modified easily without any business interruption.
To gain a competitive advantage, companies need to demonstrate excellence across a number of capability areas. An example of what great looks like for each area is given below.
Technology Strategy and Roadmap: Enable The Business Growth Strategy
The company continually scans the technology horizon for trends, practices and emerging technologies that may benefit or impact their current technology landscape and those of potential value are quickly evaluated for their cost and value. They regularly audit and assess their own technology strengths and weaknesses against anticipated future needs. This also surfaces potential areas of technology debt and allows investment and resources to be allocated to preventing the symptoms that can cause it (such as poorly written code, production bugs, low-quality code releases, unstable environments, poor operational performance etc). Collectively, these insights are used to continuously inform a technology vision and strategy that defines at a high level what the future technology landscape will look like.
The technology strategy includes details of the required architecture, applications and infrastructure and how these will be operated, and how this is different from today. It balances efficiency and agility with predictability, scalability and security. It advocates leveraging commodity as-a-Service components to deliver measurable, business-focused outcomes. This is complemented with a set of guiding principles providing a sound and consistent basis for making strategic and operational decisions (e.g. build vs. buy, in vs. outsource, etc). Technology choices are challenged to ensure the rationale and expected benefits are fully understood to avoid forcing technology solutions or adopting technologies that are not fully mature.
Technology leaders provide clarity across the company on what is required to support the business strategy, both now and in the future, and the relative importance of them. The strategy can be clearly articulated and progression and evolution of it demonstrated on a technology roadmap with a clear implementation plan, budget and resource plan which has been agreed with the business sponsors and those accountable for its delivery. This recognises that context and priorities will change over time and incorporates regular delivery and review points.
The technology roadmap focuses on quick wins and lighthouse projects rather than large projects to replace large systems over a long period of time that can distract the business away from delivering against customer needs. Changes to tools and architecture are paired with changes to the corresponding engineering practices, processes, and behaviours.
Application Architecture: Portable, Reusable and Reliable
Applications are built to deliver against business outcomes rather than creating the next shiny new thing using bleeding-edge technologies. A cloud-native approach has been adopted, with applications developed to take advantage of cloud technologies. They are built with portability and resilience and follow an appropriate methodology such as 12-factor rather than a legacy n-tier approach.
Code monoliths have been replaced or concrete redevelopment plans are in place to do so. Legacy application architecture has been replaced to remove dependencies on outdated skills and inefficient models. Applications are decomposed and decoupled into small manageable components, such as microservices, that are small, lightweight, easy to implement and manage in isolation. They enable reusability that makes efficient use of resources by reducing the development cost and being easy to scale on demand. This may be complemented with software development techniques such as functional programming and infrastructure such as serverless.
An event-driven architecture is in place with an appropriate messaging framework that removes dependencies, easily scales and prevents data loss. APIs follow standardised development frameworks and implementation patterns to provide consistent application best practices such as security, traffic management, service level management and monitoring to minimise risk and rework.
Infrastructure: Commoditised and Portable Services
Legacy infrastructure architecture has been replaced with cloud and as-a-Service capabilities, enabling flexibility and scaling, and fully satisfying business, partner, and supplier demands. On-premise solutions are only used where regulations or compliance dictate. Infrastructure needs are considered at the start of any future change project to ensure infrastructure is not viewed as ‘hosting’ and instead seen as service components required to operate the applications.
A container-centric approach is adopted that is portable across the infrastructure. This reduces costs as containers don’t include any operating systems and therefore require fewer systems resources than traditional hardware or virtual environments. Database components are able to quickly ingest massive quantities of event data and provide low-latency queries, being globally distributed, fault-tolerant and operating in real-time as appropriate. Caching mechanisms exist where appropriate to drive cost and resource efficiency rather than masking bottlenecks with excessive and unnecessary technology resources.
Provisioning and Orchestration: Frequent and Fast Deployments
Automated processes and tools are in place to build and provision application and infrastructure components multiple times a day that incurs near-zero downtime. An ‘as-code’ principle is followed that brings speed, accountability and consistency benefits. Changes can to be incrementally tested within a production environment, and reversed immediately as required. An appropriate orchestration or choreography pattern is in place to automatically handle interactions between services and application and infrastructure components.
Operations and Service Management: Proactive and Predictable Monitoring and Availability
Comprehensive monitoring and self-healing of applications and infrastructure are in place using third-party tools and open interfaces to gather logs and metrics. These manage performance and availability and where applicable are complemented with appropriate observability tools that surface metrics to identify problems, tracing to identify the source of the problems and logs to identify the root cause. Circuit breakers redirect calls to fallback mechanisms in the event of server call failure. By using cloud-based services the RTO and RPO is minimal to zero and facilitates a simple disaster recovery plan that can be readily rehearsed with no business as usual impact.
Where appropriate Site Reliability Engineering (SRE) has been adopted to complement DevOps practices. Processes are automated and complemented with tools to remove operational toil, with standard operating procedures (SOPs) modified or reinvented. Critical processes are routinely tested to check for accuracy and coverage.
Prioritised and appropriate service level agreements (SLAs) are in place to help identify how much effort to allocate for the reliability of each service and ensure reliability is built into software during development. SLAs are actively managed with continuous improvement to increase quality and lower costs. The corresponding error budget is well-known across the appropriate teams and used to innovate and experiment without impacting SLAs.
SLIs (Service Level Indicators) are measurable and taken from monitoring the applications and infrastructure within appropriate timeframes, for example, detecting service degradation over a period of time and triggering an actionable alert or automated remediation.
SLOs (Service Level Objectives) are in place that are measured over a longer timeframe than SLIs and act as an early warning system of a potential issue before SLAs are exceeded, providing realistic goals around reliability and giving common incentives across teams.
Cybersecurity: Governance, Processes, People and Technologies
Cybersecurity is a recurring, senior executive topic with accountability assigned to a board director. A risk-based approach has been adopted that allows the business to apply the right level of control and guardrails to the relevant areas of potential risk, resulting in more economical and effective enterprise risk management. The business is continuously aware of new threats and trends and reacts accordingly, for example, the increased threats from malware and phishing due to the acceleration of remote working that has increased the attack surface to employee's home network and devices.
Policymaking and policy compliance work together, with processes and practices including the appropriate steps and routine monitoring and measurement in place to ensure compliance. This is complemented with standards and applied to areas such as software development, operations management and third-party vendor management, for example, adoption of DevSecOps and automated checks during code integration.
Technologies and tools are deployed such as network and cloud security, endpoint security, identity access management and vulnerability management. An effective information security function is in place that sets policies and standards and measures compliance. They also ensure appropriate messaging and communications are in place, such as incident response plans.
Expenditure: Accountability and Transparency
A bottom-up approach is taken when forecasting technology expenditure, the demand forecast is aligned to the resources required to meet that demand. This covers all areas of technology and digital including people, technology and third-parties. End-to-end financial accountability and transparency is in place with delegated accountability.
Real-time expenditure of technology services is available, such as commodity as-a-Service spend, and this is fully integrated into internal systems to identify cause and effect and traceability of technology usage versus revenues. Tools are in place to alert when spending moves above specified thresholds and where appropriate take action e.g. tools are in place to stop unused cloud resources. Cost optimisation opportunities are sought out regularly, such as reducing or removing services that are no longer used.