How to proliferate best practices in an organization without slowing down the pace of doing things?
As an organization grows, so do the checks and balances to do things.
When you were a five-member company, provisioning a server was a click away. Not so when you are a 50 member company. There are processes to follow and permissions to take.
A variation of maker-checker is the most common model followed in organizations to make sure that everyone adheres to the process and follows the laid out best practices.
In the maker-checker model, you have a maker who wants to effect a change and a checker who checks and approves the change. The checker is the gatekeeper and the protector of the best practices.
The most common example of a maker-checker model is the code review process. A maker wants to make changes to the code and proposes the change(in a pull request). The checker reviews the change and approves.
If there is only one principle that companies have to imbibe, that would be—make it easy for your employees to do the right thing. A manual maker-checker model does the opposite. It introduces friction and back and forth between the maker and the checker and makes it difficult for people to do the right thing.
Companies land up in this shit storm because they are not deliberate when introducing manual maker-checker steps.
What is the solution?
Automation to the rescue
The way to think about automating maker-checker steps is—how do I build guardrails into my system to only allow changes that follow the best practices?
Engineering tooling has evolved to a stage where many erstwhile manual maker-checker steps can be automated.
- Instead of asking your engineers to follow a certain style guide while coding, automate that with a linter and a pre-commit hook.
- Instead of asking your engineers not to create open S3 buckets, automate that with a CloudCustodian security policy.
- Instead of having an elaborate onboarding process for every tool your organization uses, automate that with an SSO solution.
The advantage of automation is that the engineers get feedback immediately and can fix their missteps when they are in the flow without having to wait for another human to check and get back to them in their own sweet time.
A manual maker-checker step is as good as the human behind it. If the human screws up(which we are renowned for), your system goes for a toss. Automation does not have this problem. Also, automation scales seamlessly as your organization grows. A system that rests on humans does not.
Whenever you have an urge to introduce a manual maker checker step to an existing process, think hard of the ways to automate it. Your engineers will thank you, and you will have a special place in heaven for doing this.