Bulletin 25 May 2018 — Happy GDPR Day! And other conundrums of governance.

I thought I’d skip the picture this week and get straight down to business. I’ve written before how technology is a two-edged sword: so, indeed, is governance.

It’s not just the bureaucracy that comes with it. Bureaucracy is the yang to governance’s yin (“Easy for you to say,” to coin a phrase), you can’t have one without the other. In my experience, this follows a sorcerer’s apprentice style path: once you start feeling that controls need to be in place, these generate more controls (to count for the things you didn’t originally think of), and so on and so on.

This also feeds a dodgy part of our psychology we could call “tin-pot general syndrome”. I’m not going to lie — when I was responsible for IT security for a large organisation, I started getting a bee in my bonnet about how security policies weren’t taken seriously. Then another bee. Until I realised, and took it upon myself to block access to IT resources, if they were to be used insecurely. That’ll stop ‘em!

What I missed however, was the very premise for corporate IT security — to reduce business risk. In disabling access by users to systems, I felt I was doing my job… but my shadow-boxing, however well-meant, was also preventing business from being done. It was only years layer that I realised I was the problem.

Governance, like any intervention, can have an undesirable, even counter-productive effect. In the case of GDPR, for example, we have all been swamped in recent weeks by a slew of messages telling us how much our privacy is valued. No breach has taken place, but I can’t help wondering which I care about more: people misusing my data, or people sending me a raft of messages asking whether they can use my data. Or indeed, what is the difference.

And meanwhile, from the recipient’s standpoint, governance (again, however well-meant) can become not a guide, but a set of goals. We have seen it repeatedly in the financial industry, and I have absolutely no doubt whatsoever that thousands of lawyers are right now looking at how the text of the GDPR can be kept to, even as notions of data monetisation, targeting and so on can be achieved.

Don’t get me wrong, GDPR is a good thing — or would be, if it was just a little clearer. The many emails that I have received from providers of all types, and the differences between them, are a good indication fo just how confused everyone is. And meanwhile, here’s a conundrum: “The GDPR only applies to loose business cards if you intend to file them or input the details into a computer system.” So, if your business cards are in alphabetical order right now, I suggest you give them a shuffle and stop thinking you might one day want to file them, just to be on the safe side…

In other news, here’s some articles from this week.

The Five Cs of DevOps at Scale

While it’s long been yet another conundrum, I’ve been racking my brains why we have a situation where something (in this case DevOps) works very well for some people, but doesn’t seem to work at all for others. Are the latter group just wrong, or are contextual factors dictating success or failure? As a straw man, I have suggested the following areas to start looking:

• Commodity — DevOps works best in an environment where the infrastructure building blocks are relatively uniform.
• Consistency — Frequent deliveries of software requires a significant amount of discipline
• Collaboration — While DevOps is highly collaborative, even sociable, many corporate environments are not so much
• Continuity — Similarly, DevOps requires repeated and controlled cycles: this can be a challenge for many organisations
• Charisma — The secret sauce of DevOps is its mentors, whose easy-going zeal cuts through the fog and makes sense of it all

So, why do these factors (or their absence) make things so much harder? The answer, I believe, is that they impact the ability to respond to change sufficiently fast, in an already complex environment. Feedback very welcome!

5 questions for… the Mellel word processor

While I don’t mention it in this article, I’m a great fan of Mellel’s competitor, Scrivener. It feels almost counter-intuitive, that I should be using a non-standard desktop word processing application — surely everything should be online these days? Well, sorry, but for me, tablets and phones have a place but so do laptops, keyboards and indeed, big screens. The world should know that alternatives exist to what have become de facto standards, for good reason: because they do a subtly different, yet still valid job.

Extra-curricular: the piano continues to obsess

Sitrep: Piano is improving. But 5 months in and I still can’t make a video. So here’s the warts and all, straight off the card upload. You can hear the sound of me taking a photo on the iPad rather than starting the video, and my head is chopped off. Meanwhile, there’s a full version of Bach’s Well Tempered Clavier first prelude in C (at about the 4-minute mark), and various other bits and bobs. It’s a good indication of where things are up to. Still loving it.

Thank you, as ever, for reading this far and for all the feedback you have sent. The list is now 100% opted in, which has another psychological effect — I feel I am writing to people, not just firing things into the ether. As far as numbers go, this means 368 people, with roughly 150 reads per week, which is really great.

All the best and speak soon, Jon

Originally published at Nothing To Declare.