The concept of segregation of duties is deeply ingrained in the
enterprise and for very obvious reasons. Some very high profile bad
things were possible because
one person was able to play more than one role.
Segregation of duties is an important principle of control and is
enshrined in all sorts of institutions from the checks and balances of
the American Constitution to the procurement procedures of your own
organisation. And I guess it’s why you need several people with
several keys to launch missiles.
Unfortunately, segregation of duties also seems to be the motivation
for some dubious defenses of siloed approaches to test and deployment
that go against the DevOps way of delivering software.
Time and time again, I hear people object to collapsing costly
divisions of labour or removing wasteful governance processes on the
grounds that depending on unified delivery teams to meet the same
goals would be “like checking your own homework” or “marking your own homework”.
This is a strangely compelling argument. It appeals to intuition by
evoking common experience, and it is prima facie applicable to the
case of software delivery in the enterprise because of the
possibilities of fraud and error.
However, it doesn’t take much pressure to push the simile to breaking point.
To start with, you absolutely would and should expect people to
check their own homework. That’s simply one of the traits of a
successful student. The appeal is rather that a student’s
double-checking their own work should not be blindly accepted as valid
by the teacher. i.e. it doesn’t count as “marking” or “grading”. To
accept the student’s grading would leave the process open to abuse and error.
That’s fair enough.
But would the appeal to our intuition be quite so compelling if our
student’s self-marking procedure was:
- designed through open collaboration between student and teacher
aimed at removing the possibility of incorrect answers
- fully automated to implement the agreed process
- fully audited and insusceptible to undetected tampering by
student, teacher or any other party
- fully published and verifiable by any stakeholders (student,
teacher, exam board, school governors, government meddlers) or
interested parties (parents considering the school, universities or
employers, Joe public)?
I don’t think it would.
In fact, in that circumstance it’s hard to see how the student could
actually get any questions wrong at all.
Which is exactly the point.
Segregation of duties protects against error or subterfuge in the
realm of manual execution by sacrificing efficiency for increasing the
number and diversity of the people who would need to be compromised
for errors to pass through.
In the realm of automation, equivalent protection is available through
checks that are collaboratively defined, automatically executed,
automatically audited, and automatically evidenced, all of which is
consistent with adherence to sensible access control and
least-privilege policies. And diverse duties, responsibilities, silos,
missile-key-holders can clearly be involved in auditing the pipeline
and its execution.