/ software

Enterprise Software and Organizational Fear

I read this article today which is a very good look at some of the things that happen in IT organizations. I've worked in a couple of teams that operate this way, and it's absolutely a shock to the system.

One key element for the author Ian Miell is that his experience and observations are driven by highly regulated financial institutions. Places where audits and regulatory compliance are baked in for good reason. I'm sure it's all true, and that even the horror stories in his story are gentle in comparison to some of the things he has seen.

I've asked myself some of the same questions in the past and tried to reframe some of these big company problems around ownership and individual empowerment for the teams I've led. What's different is that unlike the author I've never worked in a company that was subject to the kinds of regulations he describes. Some of the systems I've managed have been subject to Sarbanes-Oxley level auditability and compliance, but very small parts. I've worked at places that had government contracts that required certain hiring practices and similar, but compliance with these things wasn't onerous, nor did it substantially intrude on the day to day technical work by statute.

So why does this article ring so true? In the non-regulated organizations where I have seen these same behaviors I think it comes from the same root. Fear.

It's unquestionably a powerful motive, you can be afraid of regulators and audits. You can be afraid that people will find out you don't know what you are doing as an executive. You can be afraid that someone will make a mistake and it will cost you something you can't afford to lose. This fear isn't unreasonable. In fact I'd suggest that most leaders in larger companies should be more afraid of the technology that runs their company than they are.

So many of the systems we use are riddled with holes, unpatched, out of date, things that are effectively not understood by any current employee, or not even known about by a current employee. More than once I would start the day with an alert email and find a new service that no one had ever heard of before, but don't worry it's still getting production traffic. The complexity of the typical enterprise enviornment is far beyond the manageability of the typical team.

Senior leaders are, and should be terrified of this monster in the basement they don't understand. Many public companies conflate a problem that can't be solved right now, or in a quarter with an unsolvable problem. This is not true. If it took you a decade to build your way into this mess, you need to expect it's going to take some substantial time to work your way out. I've seen what happens when leadership lets their fear trickle out into the organization. It looks exactly like the regulation driven enviornments. A world of "Cumulative Constraints" all focused on making sure that people are safe. Slow is safe, inaction is safe, corporate responsibility is safe. The longer we hold the collective agreement that everything is fine, the longer we can avoid really addressing the problems that exist.

To turn this around a lot of organizations need to change both their practices and what they are afraid of. The fear of the trouble we are already in needs to be greater than the fear of changing something or a mistake being made so that it's no longer safer to go slow, and do nothing. Things go wrong in new work, but those things can be fixed, predicted and managed. Active work is massively easier to turn and align than the large legacy systems that exist untouched for years. Existing software isn't an asset it's a liability. Odds are that the line of code that brings you down was already written. Change, managed by thoughtful technologists is your only escape from it.