I first read about the emerging threat of COVID-19, while sitting in the bone marrow transplant unit at Stanford hospital. I was there with my father as he underwent treatment for non-Hodgkin’s lymphoma.
The patients in this unit are all immune compromised to the point that an ordinary cold could prove fatal. Obsessive infection control was already part of my daily reality.
I returned to a changed world.
The F5 Tower closed for deep cleaning on March 2 and the company quickly put policies in place—not just the obvious measures, like expanding work-from-home capabilities, but also giving employees the time and space to take care of family.
I emailed our CEO to thank him for taking steps that many people at the time saw as excessive caution, given that most employees are relatively young and healthy. He responded:
“I hope everyone will think of these measures and understand them through the lens of what we need to do for EVERYBODY, not just the strongest amongst us!”
That’s culture. It’s not something that can be switched on in response to a crisis. A human-first approach was already established and in place when we needed it most.
F5’s commitment to supporting employees as whole people meant a culture that was already building around work from home. When I asked Craig Cogle, F5’s Sr. Director of IT Services, about decisions made over the last year or so that impacted F5’s ability to quickly support the sudden shift to an all-remote workforce, he pointed to investments in collaboration tools and video conferencing, as well as tightened security controls and access policies like multi-factor authentication and single sign-on.
Single sign-on contributed to our success in quickly scaling support for remote workers by reducing our dependency on VPN while still ensuring secure access. You can learn more about how F5 technical services responded here.
Which brings us to the importance of architecture.
In F5’s 2020 State of Application Services (SOAS) Report, 80% of organizations surveyed stated that they were undertaking digital transformation initiatives with the primary driver being speed to market. Those initiatives take on different kind of urgency in the face of a massive black-swan event like the one we’re facing today—the need to prioritize adaptivity and digital experiences.
Digital transformation, first and foremost, is a response to a business need. So, the initiatives that support it need to be designed with business outcomes in mind. And those business outcomes are informed by organizational culture.
Take security for example. Another finding from our SOAS report is that 87% of organizations are multi-cloud and most still struggle with security. Getting security right is as much an architectural and cultural challenge as it is a technical challenge. As F5’s Ray Pompon says in his blog, What can Pandemics Teach Us about Cyber Security?:
“Sometimes people are overly afraid of a particular threat. Although total panic is great cardio, it's not very supportive to the overall goal. We need to ensure that people focus their energies on the riskiest issues at hand and not be distracted by dread regarding unlikely scenarios.”
Effective security has to be built into the system. It can’t be left up to individual teams to sort out for themselves based on their experience and appetite for personal risk. It also can’t be a roadblock, tempting teams to find alternative paths.
F5’s Tim Wagner, in his blog, Secure Cloud Architecture: Planning for Business Outcomes, compares IT architecture design to urban planning, pointing out the relationship between thoughtful design and successful outcomes, including resilience and adaptability.
Organizations need to empower teams to move fast, while effectively addressing organizational requirements like security, visibility, availability, cost control, and so on. Equally important is making sure investments made today extend beyond solving immediate challenges and position the organization to take advantage of what’s coming next: the AI-powered future.
Ultimately, what’s required is a shift in mindset. Empowering application teams to use the environments and tools of their choosing is important. The best way to ensure that freedom doesn’t devolve into a tangle of technical debt is to build a system that leverages a consistent set of high-quality application services across applications regardless of environment or application type. That reduces unnecessary cognitive load on developers and hands responsibility for defining and managing infrastructure and security policy back to the experts.
How you build today dictates how quickly you can adapt now and in the future.