Arti reads Investments Unlimited

Review: Investments Unlimited - A Novel about DevOps, Security, Audit Compliance, and Thriving in the Digital Age

Mike Long
Mike Long
Published October 5, 2022 in features

“You know, it may feel like regulators are out to get us, but they’re really there to help us and help protect our customers.”

If you’re into DevOps there’s a pretty good chance at least one book from IT Revolution sits on your shelf. Headed up by Gene Kim, IT Revolution has been publishing instant classics on DevOps culture and practices like The DevOps Handbook, Accelerate (which I absolutely love) and Team Topologies for several years. 

And in The Phoenix Project, their bestselling novel, we saw just how bold and creative they can be when it comes to quite literally telling a DevOps story. This fall they return to the world of fiction with Investments Unlimited. And it doesn’t disappoint. 

The narrative follows a group of under-pressure technologists and managers who work round the clock to solve an existential crisis at a highly regulated fintech called Investments Unlimited. They’ve been neglecting IT governance in their race to deliver new features. Uh oh! Now the auditor is at their door with a matter requiring immediate attention (MRIA), a final warning before they lose their license to operate. Dun dun dun!

The MRIA creates a crisis, but it’s also a wakeup call for the business as it realizes it must start taking IT governance seriously. They’d made good progress in terms of adopting continuous delivery and DevOps, but somewhere along the way governance, security and risk had gone out the window. 

Like many morality tales in technology, dysfunctional cross-disciplinary organization is at the heart of the problem. A tiger team is formed to overcome them through collaboration, technology improvements, and, ultimately, continuous compliance.

The Investments Unlimited team tackle all sorts of real world challenges faced by regulated tech firms: legacy systems, segregation of duties, diffuse “golden path” continuous integration systems, software supply chain problems, system outages - it’s all in there. It also covers neglected and less glamourous aspects of governance, like consolidating the diffusion of systems and media for capturing process requirements into a consistent process.

Most memorably, the book negotiates the “core chronic conflict” at the heart of DevOps where people are incentivized in ways that prevent cooperation to the detriment of organizational goals.

“It’s another core chronic conflict: developers are incentivized to regularly introduce features—the build trap you spoke of—and Security, Risk, and Compliance are incentivized to minimize the likelihood or impact of all known possibilities, which can take time if not done well, creating a problem for the developers’ need to move fast, and so it goes around and around …”

There’s also plenty to chew on when it comes to finding technical solutions demanded by compliance and security in DevOps. The book makes the case for controls, automated evidence gathering, and a way of connecting it all together with your software process. 

I’ve worked at the intersection of DevOps, compliance and audit for the last ten years and I think this book is a triumph. For regulated companies, IT Risk, governance, and security are the next frontier for DevOps collaboration and Investments Unlimited explores the territory brilliantly, engaging non-technical stakeholders through expert storytelling. This is THE book to give to management, compliance and change management functions as a primer for DevOps. 

I was fortunate to chat with John Willis, one of the authors, at DevOpsDays in Washington DC. There was an open space discussion in the afternoon on the book’s origin and a collaborative writing process that involved nine authors. Nine! Whether it’s IT governance or writing novels, it’s DevOps for the win.


About this article

Published October 5, 2022 in features

About the author

Mike Long

Mike Long


ABOUT THIS ARTICLE

Published October 5, 2022, in features

AUTHOR
Mike Long
Mike Long
Live in Git Blame? Don’t spend hours searching for the change that broke your application! Query, search and discover all the changes in one place

Latest articles

Kosli announces Innovation Partnership with DNB and Firi

We are pleased to announce that Innovasjon Norge has awarded Kosli an innovation grant of 3.4 million NOK to pursue a R&D project with DNB and Firi. In this blog we’ll give you an overview of the …

The Ultimate Guide to git blame: A How To with Examples

Source control tools give users many powers and one of the big ones is traceability. With traceability tools you can know exactly who made each change and when they made it. In Git, you use the git …

Git Blame in VS Code: The 4 Best Options

Most production projects have a team collaborating on them, so even in a single file there can be multiple contributors. When things go wrong, it’s useful to understand how and why certain changes …

Sign up to our newsletter

We'll let you know about the Kosli launch, product news, features and updates
Kosli is committed to protecting and respecting your privacy. By submitting this newsletter request, I consent to Kosli sending me marketing communications via email. I may opt out at any time. For information about our privacy practices, please visit Kosli's privacy policy.
Kosli team reading the newsletter

Let’s chat!

Got a question about Kosli? An idea for a new feature? Join Kosli Slack and talk to us.

Join
Developers using Kosli