Developers run the enterprise… sort of, but they undeniably are among the most valuable talent resources in an enterprise. With PLG the current model for GTM success, developers are under ever greater pressure to build “more, better, faster”.
With this heightened pressure – and organizations striving for developer happiness – developers in droves have turned to external development solutions to be more efficient and successful.
Hence the massive adoption of open-source code, microservices, API-based services, headless solutions, containers, serverless, etc. Just one indicator of how decentralized and autonomous software development has become: there are over 200 million projects underway on GitHub, which counts more than 73 million users.
A parallel phenomenon to PLG is rapid adoption of enterprise applications that haven’t been deployed by IT. Outside of highly regulated industries, enterprises empower employees to use free or premium SaaS applications to do their work.
For context on the growing scale of enterprise software use, Okta’s “Business at Work” survey suggests companies with 2,000 or more employees use an average of 187 apps. And the number and complexity of those apps just keep growing. “Seven out of the top 10 fastest-growing apps are brand new to the ranks,” the survey notes. And when it comes to developers, Okta observes “Out of the top 10 most popular developer tools, a full seven deal with app performance monitoring and incident response.” Only three target productivity.
This wave of developer empowerment has led to an environment of mass fragmentation and decentralization. Instead of top-down selling from vendors and centralized control from IT managers, developers are taking matters into their own hands by acquiring a slew of tools. What was derisively called “shadow IT” is now standard practice – and it’s a good thing, too, because bottoms-up software acquisition and deployment empowers innovation among talented developers and entrepreneurs.
These benefits, however, have unintended consequences – primarily in the form of operational complexity, security risks, threats to the integrity of code, and unmanaged costs, which can be significant.
Take the example of cybersecurity. Everyone agrees it’s a top priority for any enterprise. But Enterprise Strategy Group observes, “70 percent of organizations have more than ten security tools to manage security hygiene and posture management, leading to operational overhead, data inconsistencies, finger-pointing, and human error.” And that’s just in security. Add the tools used in other areas (like product development, customer support, purchasing, manufacturing, and finance) and you have what amounts to software bloat and chaos in many organizations.
Bottoms-up selling and PLG are great strategies for software vendors, but they’re creating a logistical nightmare for enterprises that wind up littered with point solutions.
Here’s the dilemma: empowering developers (a good thing) has led to operational disarray (a bad thing). But how do you remedy the bad without squelching the good?
The answer is that we need more non-intrusive, low-friction solutions for enterprises to track and manage the software supply chain without impeding developers.
A common story we’re hearing from enterprise managers, developers, and software vendors we interact with regularly: is the need for a better balance between the desire to empower software developers and the need to apply best practices for ensuring resiliency, security, accountability, and cost control in the software supply chain. In short, we want developers to move as fast as they can, but enterprises need visibility and accountability.
We’re beginning to see point solutions that address this issue. For example, the FinOps initiative – along with a host of vendors – is targeting cloud cost control. This comes as no surprise, given that as much as $17 billion in cloud spending in 2020 was wasted. But these efforts tend to be targeted at the enterprise level, and we now need much more granular solutions that address usage at the application and/or service level.
Cost control isn’t the only issue of concern. We need multi-disciplinary solutions targeting other elements of the software development process, such as code integrity, conflict resolution, and personal accountability. In essence, these would comprise a set of best practices and tools for ensuring much better hygiene, cost-efficiency, and transparency throughout the software supply chain.
To be clear, this applies equally across enterprise business units beyond the developer community. But for now, I’m focused on software developers who tend to use many more third-party tools, and because conflicts within the software supply chain can have dire consequences throughout (and beyond) an enterprise.
The good news is that there are established starting points for improved hygiene. CMDBs and service catalogs of yesteryear should be dusted off, renamed (to ditch the old networking term), and relaunched for the modern enterprise. Deployed in the background, without manual updating or data entry, they’re guardrails, not gates.
Fortunately, a host of innovative startups are addressing the need for better enterprise hygiene – such as OpsLevel (microservices catalog), Kubecost (Kubernetes cost management), Yotascale (cloud costs), Sedai (autonomous SRE platform), Productiv (SaaS intelligence), Uplevel (engineering insights), and FOSSA (open-source licensing). Some of these are Norwest portfolio companies; others are funded by firms with whom we frequently partner on deals.
But enough about what I think. What about you? What are your thoughts about how enterprise hygiene solutions should operate? I ask because at Norwest we’re always excited to partner with bright, talented, ambitious, and visionary entrepreneurs with impactful ideas. Know any of them? Is one in the mirror?
Watch my Norwest Nowcast below to find out how tightening budgets make enterprise hygiene even more urgent.