Separating “innovation” from “maintenance” can be bad for IT morale. Forward-thinking CIOs are embracing delivery models that distribute agile experience more evenly across teams, seeking to optimize enterprise IT at a speed that’s right for the entire IT organization.
Many IT organizations are progressing beyond the traditional single-speed delivery models that work well for high-torque enterprise operations but not for high-speed innovation. While some do have needs at both ends of the speed spectrum, they often find that bridging the gap between the two is difficult. A growing number of CIOs are building capabilities that link the two edge points or operate along the continuum, with targeted investments in process, technology, and talent to reengineer the business of IT, enabling delivery at the right speed for the business.
View Tech Trends 2016
Learn more about Deloitte Technology Consulting
Create and download a custom PDF of the 2016 report
A long-standing phenomenon has garnered much mindshare in recent years: the essential tension between stability and agility in IT. On one side are the predictability and controls necessary to manage risk while delivering large-scale enterprise IT with reliability, scalability, security, and other “ilities.”1 On the other is the push to drive discovery and experimentation around new features, tools, and technologies. Popular memes have oversimplified the conflict between these extremes, suggesting a bifurcated, either/or proposition, while offering little guidance on managing the unavoidable gap between the two priorities.
There are also several unfortunate misconceptions linked to the bimodal theory. First, there’s the fallacy that the pivot point is solely around speed, trading “high torque” for scale versus “high speed” for responsiveness. This paints traditional enterprise delivery with the plodding caricature that plagues many IT departments. Second, the debate is often framed between waterfall and agile delivery methods, as if agile techniques were the mythical savior of digital innovation and growth, yet inappropriate for larger enterprise-delivery models. For most organizations, speeding up the development process is only part of the equation to accelerate time to value.
Leading organizations are building on the simple two-speed IT mindset and recognizing they must be able to support a continuum of speeds in order to dial in the right approach for a specific initiative, with the underlying disciplines, capabilities, platforms, and talents to appropriately support the actual breadth of business needs. The speed of IT should be as fast as possible, balancing business value, risks, and technical feasibility. Critically, the approach must handle the governance around the appropriate speed as well as the inevitable collision between teams and efforts running at different speeds. This transmission turns out to be the essential ingredient missing in other constructs. It helps identify the appropriate treatment for a given initiative, assists in finding solutions, and navigates what controls are required.
Right-speed IT must address three broad categories: procedural, architectural, and organizational. Let’s move beyond rhetoric and dig into each area.
Many IT transformation prescriptions portray delivery methodology as the hero of the story. For this reason, bimodal is often misinterpreted as a waterfall-versus-agile showdown. Delivery is an important ingredient, but upstream capabilities are actually just as important when codifying right-speed IT.
Consider how building reach and rigor in the following IT capabilities may help organizations reach the right speed for the job at hand:
Right-speed IT should also be informed by overarching principles and programs that form the underpinnings of responsive, fungible IT capabilities. These are, after all, the same principles and programs that will also inform future architectures and applications. As such, it is important to create an engineering culture in IT and a product management mind-set: Both can help IT leaders balance tradeoffs of opposing constraints and find the best solutions for problems at hand.3 Specifically, consider focusing on three main domains: design, master data and integration, and building to run.
The third right-speed category involves talent and organizational constructs. As sometimes happens, getting the procedural and architectural aspects right might be the easy part. Indeed, it’s often the people side that can be more unpredictable and harder to influence. Changing IT’s reputation as a static, sluggish organization to one that delivers solutions dynamically and at the right speed requires a purposeful focus on four key areas:
During HP’s historic 2015 split into two companies, Neeraj Tolmare led the end-to-end separation of more than 1,500 of the company’s global applications. To complete this gargantuan task within an accelerated six-month time frame, Tolmare’s teams worked at different speeds, following guidelines tailored to their individual tasks. In this model, some teams completed tasks in a matter of hours, while others worked for days, using a variety of techniques and approaches, to accomplish more complex goals. “It took teams a couple of months to become comfortable working at varying speeds, but eventually most did,” he says. “They all understood there would be no Day 2 unless we all got to Day 1.”
Tolmare is now driving efforts to transform the digital imprint of HP Inc.—the post-division entity that sells PCs and printers. Part of this broad-ranging initiative involves reinventing the way the company develops technology products. “Our existing model was too rigid; it could take us six months to engineer and launch a solution,” says Tolmare, who serves as HP Inc.’s vice president and head of Digital Transformation & IT Applications, Global eCommerce, P&L Management. “We realized that if technologists are going to have a seat at the table and participate fully in strategic decision-making, we would need to create a flexible, fluid product development model that would empower them to respond to the dynamic needs of the business.”
The development model Tolmare and his colleagues are creating is designed to “infuse new thinking” into development teams accustomed to working primarily within standard systems development lifecycle (SDLC) models. To support the model, the company is reskilling existing talent by helping them to grow and diversify their individual skillsets, as well as to become familiar with agile techniques.
Working within the new model, teams comprising existing and new talent along with a functional expert—typically a system architect who knows a specific space—are assigned to work in pockets of fast-paced development throughout the enterprise. In an effort to find the right mix of skills and abilities for each type of project and to expose developers to different methods and tactics, the company also regularly moves talent around, assigning individuals to work on various teams. “Sometimes team members struggle with the idea that a project is no longer strictly waterfall or agile, but a combination of the two,” says Tolmare, “but over time we’re seeing them adjust their thinking, and work very differently than they have in the past.”6
For integrated technology solutions provider CDW, finding the “right speed” for its IT organization within a dynamic environment is more than a trend—it is a tested strategy for success in a sector defined by near-constant disruption. CDW has deployed a model in which IT collaborates with the business to develop solutions that meet its customers’ evolving needs—with each team working at a tempo that fits each project’s specific goals and circumstances. Some teams sprint, others walk at a measured pace, but each is guided by a solution framework defined not by the speed of the delivery model, but by approaches to architecture, security, controls, deployment, and associated metrics.
This collaborative development strategy has not only helped CDW turn technology into a competitive advantage; it has informed IT’s approach to meeting its mission, says Jon Stevens, CDW’s senior vice president of operations and chief information officer. “For IT to be truly agile and responsive, our development teams tailor their efforts to meet the distinctive needs of each business group. In this environment, one size does not fit all.”
For example, CDW’s e-commerce group has organized its teams into product groups that work in a way that reflects its approach to business: iterative, innovative, and fast-moving. Each team includes a business leader, product managers, and a technology leader who, together, continually build upon successes or fail fast and move on to the next idea. Team members work closely with the DevOps team, which shepherds new products and enhancements through security and regression testing, and then onto a release platform.
Meanwhile, other parts of the CDW IT organization approach development differently. Teams supporting finance, for example, follow a different methodology and governance model that allow them to move at an appropriate pace for maintaining compliance within systems that must meet specific regulatory requirements.
Regardless of approach, all IT efforts share core business value drivers: revenue, lower SG&A, higher gross profit, great customer experience, and co-worker engagement. And regardless of the development methodology or processes followed, IT engages with other groups—business, audit, and security, for example—so stakeholders are in lockstep and there are no surprises. These groups are not looked at as separate departments with process-laden boxes to check. Instead, they are embedded across the lifecycle—from ideation through ongoing operations.
The techniques CDW’s IT organization deploys to help the company achieve results continually evolve as new technologies emerge and market dynamics shift. Yet amid this change, the philosophy underpinning CDW’s collaborative, flexible approach to IT remains constant. “It’s ultimately about the partnerships you build with the business and with your external partners,” Stevens says. “Not too long ago the question was, ‘How do you get a seat at the table?’ Now, it’s about working as a team, always thinking about how technology can drive innovation and competitive advantage.”7
Since its founding in 1921, State Auto Insurance Companies has embraced the independent agency system as the best way to meet policyholder needs. To this day, independent agents within the regional underwriter’s network strive to provide highly personalized service to customers who, in many instances, are friends and neighbors.8
That legacy is actively being transformed by technology. The company is building a more competitive cost structure, launching analytics-informed products, shifting to digital customer engagement, and revamping the sales process. According to State Auto CIO Greg Tacchetti, “There’s not a single thing we’re not changing.”
Importantly, Tacchetti is charged not only with transforming IT, but also with developing overall business strategy. To this end, he is working with product teams to define the product roadmap and make sure they have the right architecture to support it.
IT is being transformed along several dimensions. A modular architecture standardizes interfaces and data definitions. Tacchetti is aligning programs to reduce redundant effort and divergent investments across business lines. He’s also carving out sandboxes, tools, and platforms to allow the business to experiment and spin up new environments to vet ideas—scaling those that show promise, and decommissioning those that do not.
Also, as part of the larger transformation effort, Tacchetti is crafting a long-term plan to build a multi-modal IT organization. His vision is for an IT organization that can work across the enterprise, not only as technologists, but also as business strategists who can create the systems architecture and revamped business processes needed to increase efficiencies, lower costs of system ownership, and make State Auto’s offerings more profitable. A key part of that change is a focus on design and usability—creating an emphasis on end-user experience and journey maps. This focus extends throughout IT’s value chain: program design, product design, project design, development, and post-go-live. Case in point: State Auto is in the midst of a platform transformation effort that is scheduled to go live later this year. Its scope is much more than replacing the core policy engine; the platform will serve as the backbone for new products and capabilities, including customer self-service and an overhauled CSR experience.
Tacchetti envisions the day when 12-month projects are a thing of the past. “A year from now, I want to be talking about rapid experimentation and agile techniques. We’ve started conversations about weekly releases,” he says. With its focus on speed and strategy, State Auto’s IT organization is on a journey to help drive and realize the business agenda—not just execute on defined requirements.9
Cisco’s reputation for technology innovation applies to its internal IT organization, which is on an ambitious transformation journey to digitize IT and drive faster delivery of business outcomes. At the same time, Cisco IT must continue to improve operational excellence, security, compliance, resiliency, and quality. Clearly, this is an ambitious effort that defies simple transformation models.
For Guillermo Diaz, Jr., senior vice president and CIO of Cisco Systems, “There’s only one right speed for IT: faster and more secure.” To meet Diaz’s expectation on this front, Cisco has transformed key capabilities, beginning with release management. Historically, system changes were limited to four major and twelve smaller releases per year. By creating a continuous delivery mind-set, adopting agile methodology, and automating the development process, Cisco has realized a fivefold increase in the number of release opportunities year over year—a staggering achievement, albeit one Diaz and his team view as “still not good enough.”
As part of the continuous delivery program, the company consolidated its fragmented approaches to agile development. Six quarters ago, 62 percent of projects were delivered using traditional waterfall methodologies. As of the last fiscal quarter, over 82 percent of projects were developed using agile; the remainder were developed using hybrid techniques that condense and accelerate the traditional enterprise application development cycle. “We’ve learned some great lessons, and we have made great strides shifting our culture to a mindset of innovation, visualization, and rapid feedback. Faster IT requires a culture of increased accountability to quality while focusing on developer productivity with technology and automation,” says Diaz.
Cisco continues to invest in architecture and is working to extend its cloud footprint by digitizing its foundational platforms for source control, build, review, and deployment. The company is also investing heavily to weave APIs into the network, and to deploy containers and middleware components to abstract, encapsulate, and execute on its overall vision.
Importantly, Cisco has created a continuous delivery model on this digital foundation. “Right-speed IT is about applying the amount of rigor and diligence that is appropriate for each business application,” says Diaz. For example, high levels of rigor are needed when working with ERP, whereas less complex applications may not require the same level of intensity. “We’ve implemented the digital architecture that makes it possible for us to move at the speed of the business while also working appropriately with each business applications and ensuring security,” says Diaz.
Diaz reports that since embarking on this transformation journey, Cisco’s IT organization has seen a 97 percent increase in project velocity, a 92 percent improvement in quality, and, notably, a 79 percent increase in timely closure of security vulnerabilities. “We wanted to drive agility, simplicity, and speed, but not at the cost of ensuring our business is secure,” he says. “Our ultimate vision is to enable business value faster.”10
Ford Motor Company is building on its 112-year-old legacy, driving new offerings in connectivity, mobility, autonomous vehicles, and the customer experience, along with big data and analytics. With technology-based innovation fueling investments in new products, services, and customer engagement models, IT is evolving to embrace emerging technologies that could potentially disrupt the way we design and manufacture products or understand and engage customers.
That means investing in our 11,000-person IT organization to better support the kind of nimble, accelerated product exploration and development we need to lead in our current disruptive technological climate. We recognized early on that a continuum of delivery models was needed, so we simplified the story to think about IT delivery in two modes. Enterprise mode covers mature core businesses where risk needs to be fiercely managed—the processes for how we design, manufacture, and service our vehicles. The emerging mode (“Mode 2”) encompasses areas where we are learning, experimenting, and iterating with new technologies.
We determine the right mode of delivery by risk, not speed. We strive to deliver every project as quickly as is appropriate, following the same overarching process. If projects meet certain conditions, they can take “happy paths”—an accelerated process that abbreviates certain requirements and controls. Our modes don’t translate into waterfall versus agile delineations. While Mode 2 projects largely use agile, they often have interfaces into core systems, which requires taking a hybrid approach. And more than half of enterprise-mode projects are now delivered with agile.
Although our transformation journey is unfolding, we can share a few lessons we’ve learned so far. First, no one-size-fits-all; your company’s culture influences the speed and reach of change. Regardless of mode, we depend on team members to exercise their own judgment. We have a program affectionately called “You Drive” in which we empower team members to speak out and share ideas for improving project outcomes.
We are also constantly looking for new ways of working. For example, our senior IT managers are available for an hour every day for a triage meeting. During this hour, project teams can raise problems and work through them with the management team. Increasingly, senior business leaders take part in these proceedings as well. What’s more, team interaction and collaboration are replacing traditional siloed mind-sets and formal processes for issue tracking and remediation.
It is important not to underestimate the impact all of this can have on traditional IT talent models. Will you risk losing long-time IT employees? Maybe. Will you find it challenging to recruit individuals with needed development skills in a market where competition for talent is heating up? Probably. Given the scale and complexity of Ford’s IT ecosystem, these two prospects occasionally keep me awake at night. But we’re making progress. We’ve made key external hires and entered into new partnerships in order to acquire specific skills and experiences. We have also made a commitment to reskill our employees, creating a program called “Power Up” that offers opportunities to learn new skills and recharge existing ones. We rotate our people between emerging and enterprise projects—we can’t have two different classes of citizens in IT, and we are very careful not to disenfranchise our base.
Finally, I believe IT works best when driven by core principles. At Ford, vertically focused development sometimes had the unintended effect of emphasizing corporate needs—which is inconsistent with our company’s guiding principle of placing customers at the center of everything we do. In our bimodal approach, development is horizontal, driven foremost by the impact any new product will have on the customer. It is an ambitious vision, but we are learning and making progress each day.
A sophisticated understanding of risk can prove invaluable as CIOs build new IT delivery models and assign optimum development speeds for new initiatives. With detailed knowledge of security, privacy, risk, and compliance, CIOs can weave these disciplines into the fabric of all development and operations. This is a lofty goal, even in the most cyber-focused of IT organizations. But it can be achieved by making “secure by design” a part of any broader right-speed IT transformation.
Cybersecurity can’t just be focused on compliance and executed using dated controls and one-size-fits-all stage gates. Right-speed IT requires agility up, down, and across project lifecycles—from ideation to budgeting and from planning to delivery. Security and privacy concerns can undermine any initiative, particularly those focused on new business opportunities or built on emerging technologies. But cybersecurity does not have to impede innovation. Indeed, leading organizations are involving progressive cyber professionals throughout the development process to evolve designs and approaches in ways that help balance functionality, time to value, and underlying security, privacy, regulatory, and compliance needs. At the same time, right-speed concepts can be applied to cybersecurity efforts by introducing shared platforms or tools that make it possible to leverage, self-assess, escalate, and certify against protocols and control points.
IT organizations can transition to a secure-by-design mind-set in three stages:
According to Deloitte’s 2015 global CIO survey, only 18 percent of CIOs surveyed see cybersecurity as a top business priority. Yet, by the same token, 58 percent of respondents said the investments they are making now in cybersecurity and data privacy will have a significant impact on the business within the next two years.11 The CIO’s challenge is to convince the entire enterprise—from IT, to the business, and then rippling out to the C-suite—that “secure by design” should be treated by the business as a business priority.
This forward-looking approach to the cyber risk agenda can be a fantastic component of the CIO’s legacy. The board and the C-suite have cyber implications on their minds. Progressively building cybersecurity responses into reconstituted IT delivery and operating models should be a part of how right-speed IT initiatives are positioned.
When it comes to cybersecurity, there is no “going back to normal,” no matter how much we wish we could. The question becomes how organizations can best understand risk, control for it to the extent possible, and then prepare for and respond to the inevitable.
Pieces of right-speed IT are likely already in play in many organizations. Once there, the trick becomes bundling individual initiatives into a more prescriptive whole, and evolving in-flight bimodal programs to include nuanced capabilities across more than a dualistic spectrum. Consider how the following lessons learned by early adopters might help you on both fronts:
Right-speed IT is an acknowledgement that IT departments need more ammunition to organize, interact, and deliver value to the business. Bimodal constructs often strike a chord with their simplistic framing.13 But projects often require additional gears that meet their specific needs and cadences. With investments in foundational and flexible procedural, architectural, and organizational domains, right-speed IT can help turn simplistic models and philosophical discussions into concrete value.
Deloitte Consulting LLP's Technology Consulting practice is dedicated to helping our clients build tomorrow by solving today’s complex business problems involving strategy, procurement, design, delivery, and assurance of technology solutions. Our service areas include analytics and information management, delivery, cyber risk services, and technical strategy and architecture, as well as the spectrum of digital strategy, design, and development services offered by Deloitte Digital. Visit deloitte.com to learn more.