What fewer people know about me is that one of my areas of passion has been studying high-performing IT organizations. This journey started in 2000, when I started keeping a list of people that was called “Gene’s list of people with great kung fu.” These were the people who led IT organizations that talked, acted and worked differently than everyone else. But most importantly, those IT organizations all had phenomenally better better performance than the typical IT organization.
After years of study, we called these organizations the “high performing IT organizations that were simultaneously achieving the highest IT service levels (e.g., MTTR, MTBF, change success rates, etc.), the earliest integration of information security into the software/service development lifecycle, the best posture of compliance (e.g., fewest number of repeat audit findings), and amazingly, the best IT efficiencies (e.g., server/sysadmin ratios).”
We had studied 11 high performing IT organizations, which included a bank, a stock exchange, a wireless billing service, a domain name service provider, and two IT service providers.
I started working with Kevin Behr to understand how these organizations made their “good to great” IT transformations, and codified this transformation in the Visible Ops and Visible Ops Security books, which have sold over 150K copies. And in the process, we co-founded the IT Process Institute, to develop and disseminate the practices.
We had several goals in mind when we wrote Visible Ops:
- Process frameworks, such as ITIL, are basically an exhaustive list of IT processes, given without order or priority. The problem is, organizations don’t do process frameworks: they do projects.
- Our goal was to describe the four projects required to implement and operatationalize the controls observed in high performing IT organizations.
- The four Visible Ops phases are ordered and sequential. In other words, organizations complete them in the specified order, because each successive projects depends on the controls activated in the previous phase.
- Each of the four Visible Ops phases are designed to active only controls that are “catalytic.” In other words, they generate more calories on an ongoing basis than were required to create them (e.g., if a control required 100 calories to create, then it should deliver more than 100 calories back to the organization on a weekly basis).
- Those controls that don’t have a catalytic property are the ones that get a reputation of “sucking the will to live out of everybody they touch,” such as poorly run change management processes.
Top Things You May Not Know About Visible Ops:
1.When we first studied the high performing IT organizations, we noticed something unusual. The backgrounds of the people leading them typically came from one of three backgrounds. They were either a non-commissioned officer in the military (usually E-5s or E-6s), they were chemical engineers, or they were auditors.
We then started asking, “what values do these three professions have in common?” And the answer became obvious. They valued rigor and discipline.
Non-commissioned officers give live ammunition to 18 year olds. The remarkableness of this became even more extraordinary, which I learned that in restaurant operations, management often doesn’t even like giving knifes to 18 year olds, because the accident rate is so high.
Chemical engineers have long, elaborate and ordered recipes, where an endothermic reaction can become catastrophically exothermic if steps are mis-ordered.
And auditors? Well, they love almost any control.
2.Here’s a graph that we generated in 2000 that made us fall out of our chairs, because it indicated that there really was measurable business value of being a high performing IT organization.
- First, let me describe what this graph shows. On the Y axis is the scale of the IT systems under management, as measured by number of servers. On the X axis is the server to system administrator ratio (i.e., the number of system administrators that are managing those systems).
- What we found was that the high performers had a server/sysadmin ratio 4x higher than the non-high performers. Specifically, they had server/sysadmin ratios of over 100:1, where average organizations had server/sysadmin ratios of 15-25:1.
- The provocative conclusion was that controls were not only required for great service levels, but also yielded efficiency advantages, as well! In other words, controls gave you effectiveness and efficiency.