Brian Weigel, Senior IAM Consultant, SecureITsource, Inc.
Welcome back to our discussion of Agile development in Identity and Access Management programs! If you missed the intro article, it can be found here. Today, we will be talking about the first tenet of the Agile Manifesto – ‘Individuals and Interactions Over Processes and Tools’. Again, all feedback is welcome and encouraged!
Before we start taking a closer look at each of the four tenets of the Agile Manifesto, I’d like to take a moment to lay a framework for this discussion since these principles are phrased in a somewhat adversarial context (X over Y). This is not meant to imply that Y has no value or use, just that X should be prioritized higher. The general interpretation should be ‘You should always do X to the extent possible, and only do Y if the situation calls for it or if Y better enables X.’ As we move onward, we will start by looking at the items on the right, then the items on the left, and finally how they can be balanced in a healthy Agile organization.
Processes and Tools
Let’s tee off with talking about a major process – one so large it has its own international association – the SDLC. Let’s also not forget the iconic tool to facilitate adhering to this process – Microsoft Project. Now before my friends in the PMI start getting riled up, let me be clear – the SDLC is a great process when used and applied appropriately, and MS Project is a great tool for walking through that process from start to finish in an organized and maintainable fashion.
The problem with processes like the SDLC is when projects that don’t conform to the model are forced to comply all the same. The SDLC is perfectly applicable to a quantifiable project like an enterprise hardware refresh where all the variables are known and quantifiable, and can predictably scale up or down based on the scope of the project. However, if you try to apply it to a large, complex project like an IAM program implementation, the variables start becoming, well, variable, and often times not all of the variables are known up-front. A strict process doesn’t play well with uncertainty of that nature.
Also, in processes that span a considerable timeframe (like the SDLC), there are defined communication points. People are asked what they want early on in the planning/requirements-gathering phase, then the process enters a ‘black box’ and carries on with little (if any) visibility or interaction until the very end (which is often months/years later) when the result is handed over. Often, during that time, the needs and requirements have changed because the business itself has evolved, which inherently reduces the actualized value of the final product.
Finally, we have the infamous processes for working with other groups of people or other teams. Often, these can involve tedious tasks, red tape barriers, loads of paperwork, jumping through hoops, and calling in favors. While they may serve the purpose of helping the fulfilling team operate effectively once the process is completed by the requestor, it leads to a siloed organization. This places a considerable (and often unnecessary) burden on the requesting side, and a lot of time and energy gets wasted in the back and forth of walking a request through the process to completion by both parties.
So why do we have processes? Because they can and do work, and people like structure, predictability, and repeatability. Processes help maintain order in an otherwise chaotic atmosphere, and help provide direction and focus when moving towards a goal. Processes are invaluable for improving consistency, quality, and efficiency of quantifiable, repeatable tasks. Tools are a valuable compliment to processes. The primary goal of tools is to provide a more concrete framework for following a process, and introducing efficiencies to streamline the process.
Individuals and Interactions
At first glance, it would appear mysterious why the authors of the Agile Manifesto would compare ‘Individuals and Interactions’ to ‘Processes and Tools’, but the answer is actually surprisingly insightful. One of the pitfalls of having tunnel-vision on a specific tool or process is that while you remain laser-focused on delivering exactly what was defined and specified, you often lose sight of who the product is really for, what their pain-points are that they’re asking for help to solve, and what benefit they’re hoping to gain at the end of the journey.
Another key aspect of highlighting the ‘people’ aspect has to do with the silo effect mentioned earlier. In many cases, a one-hour conversation between teams can eliminate the need for wasting days of shuffling forms back and forth. For this to become the norm, both parties must be willing to open the door and have that first discussion. If both parties come together prepared to discuss what they’re trying to achieve, and converse in a professional and respectful manner, both parties will often depart that meeting amazed at the progress made and with a shared understanding of what needs to be done and why. If the topic involves a complex subject, having a tool and/or process to help facilitate more productive and focused conversations can make a difference. This would be a case where a process actually enables the interaction rather than attempting to remove it altogether.
It bears repeating because it is so important to this principle – the key to progress is communication, respect, and professional etiquette. If a key participant can’t make a meeting, proactively reschedule. If you are a key participant in a meeting, contact the organizer ASAP if you are unable to make the meeting. If the meeting is starting but can’t proceed without someone who is absent, adjourn and reschedule. While in a conversation, focus on the issue at hand and leave any personality conflicts at the door. It’s OK to go on a tangent now and then (it helps build rapport and bonding), but try to keep focus on the goal of the conversation and the time allotment. It may not seem like much, but it will get you a lot farther a lot faster than you would expect.
SecureITsource is an authorized reseller and professional services partner with the industry’s leading Identity & Access Management solution providers. Our team of experienced consultants help our clients to achieve their IAM goals by providing strategy, design, and engineering expertise.
Visit our website at www.secureitsource.com