Thought Leadership
Shifting Business Requirements Left
Andrew Fong
Most business validations happen after deployment slowing down organizations. Teams like compliance, legal, security, finance, and even sales, are left to figure out how to validate the business rules they are expecting.
For example Sales may sell a deal that prohibits deployments on weekends, legal has decided to not allow deployments to certain countries, compliance is is attempting to hold the line for SOC2.
Production environments (really all environments) are built from a collection of rules and constraints. Software that is run in the environment must adhere to the rules and constraints.
This is because most of these rules only work once they are materialized at and during “runtime” and are validated ad hoc by the owners of the rules.
The owners validate the rules through automated, semi-automated, and ad hoc methods. It is as ad hoc as the General Counsel emailing the CTO validating that “the software is not deployed to Europe” or sales confirming that an upgrade to a B2B SaaS product they sold to a massive IT team didn’t have its UI inadvertently updated.
Why is this the case? Aren’t ephemeral environments all the rage for developers to solve this?
The answer is that ephemeral environments solve the pre-runtime validation in many cases. Still, there are quite a few cases in which they cannot validate.
The Unique Nature of the Production Environment(s)
The production environment is distinct from other environments like development or testing, not just in its function but also in its structure and the rules that govern it. Several factors contribute to this uniqueness:
Capacity Size: Production environments often operate at a much larger capacity than their testing or development counterparts. They are designed to handle real-world loads and user demands, which are more variable than those simulated in test environments.
Compliance Rules: The production environment is subject to stricter compliance rules. These can range from data protection regulations to industry-specific standards. Adherence to these rules is critical, as non-compliance can have significant legal and financial consequences.
Business Rules: There are often specific business rules regarding software deployment in production environments. These can include restrictions on deployment times to minimize user impact, approval processes, and adherence to business continuity plans. Such rules are usually less stringent in the development and testing phases.
Deployment Methods: The methods of software deployment in production can vary significantly. Depending on the needs of upstream users, it may involve a mix of multi-tenant and single-tenant configurations. This complexity is generally not present in simpler development environments.
Software Behavior: Software in a production environment may behave differently than in testing due to different data sets, user interactions, and integrations with other systems. This can reveal issues that were not apparent in the testing phase.
Testing the unique attributes of a production environment — such as capacity size, specific compliance rules, unique business rules, varied deployment methods, and distinct software behavior — poses challenges that often cannot be fully replicated or "shifted left" into earlier stages like development, testing environments or ephemeral environments.
The primary reason is the inherent complexity and scale of the production environment. For example, the capacity size in production is designed to handle real-world, high-volume traffic that is challenging to simulate accurately in pre-production environments. Similarly, compliance and business rules in production are often tied to real-world scenarios, legal requirements, and customer interactions that are not present in test environments.
Deployment methods, particularly the mix of multi-tenant and single-tenant configurations, are specific to production and involve complexities that are difficult to replicate earlier in the cycle.
Lastly, the behavior of software in production can differ significantly due to its interaction with real data, actual user behavior, and integration with other live systems. These factors make it challenging to shift the testing of these attributes further left without compromising the accuracy and effectiveness of the tests.
So what do we do?
Deployment processes are critical in any organization, acting as the final gate through which products or services pass before reaching the end-user.
If done correctly, the deployment system allows for a final, comprehensive check. By regulating the deployment process, organizations can ensure that products and services are ready for release and meet all necessary standards and regulations.
The major challenge here is that most deployment systems exclusively focus on software delivery bits and do not consider how to bring in the additional requirements These bits ideally are brough into the system and “compiled” into the organizational rules. This enables teams to do what they do best: keeping compliance controls in the compliance systems, finance data in the finance systems, and security information in the security systems.
The deployment processes provide a strategic point for validation, ensuring that all products and services are released in the best possible state.
Upgrade your business processes, starting with deployment to create a more streamlined workflow for your entire organization.