Getting a Handle on Technical Debt – Intel IT’s Systematic Approach

“Technical debt” is a hot topic these days. It seems like everyone is talking about what technical debt is, and why it’s important to address in large enterprises. But fewer people talk about how to deal with it in a pragmatic way. As the 2018-2019 Intel IT Annual Performance Report, “Driving the Digital Enterprise Transformation” reveals, Intel IT has developed an approach to dealing with technical debt that can be a blueprint for not only reducing technical debt, but preventing it from building up again.

Why It Is Important to Address Technical Debt

To deliver innovative and modern solutions that align with business strategy and customer needs, it is imperative for large enterprises to address the “elephant in the room,” which is technical debt. Even though there may be bits and pieces of modern technologies and digital transformation initiatives in progress, the big roadblock to accelerating transformation is decades-old technical debt with legacy, custom, homegrown, and monolithic systems. If technical debt is not addressed, interest on the debt will continue to increase and eventually impact the enterprise’s ability to function and will increase security risk. Failure to address technical debt will also increase run costs, limiting investments for innovation, modernization, and acceleration of delivery of new capabilities that are necessary to keep pace with business transformations at Intel.

Intel IT has made modernization and technical debt reduction a strategic priority. We are driving an integrated effort where the initiatives are coordinated and aligned to business capabilities and target enterprise architecture.

Feeling Overwhelmed? Take a Systematic Approach

One of the key challenges in large enterprises like Intel is identifying and prioritizing the technical debt. The scope can be daunting, which can lead to not taking the right level of action. With the broad scope of technical debt across different areas, every Agile Persistent Team (APT) has its own idea of what should be focused on. But charging after small bits of debt in every direction will not produce the desired end result: reduce run costs to free up budget for innovation.

Instead, we took a more systematic approach, where we inventoried ALL applications, systems, and platforms in use and established a baseline architecture across the whole “business, data, application, and technology” (BDAT) stack. Using this baseline, we could prioritize and align our efforts to the business strategy and vision and our enterprise architecture (EA).

To build momentum, we started paying down Intel’s technical debt by going after the “low-hanging fruit” – things that were easy to fix, like eliminating duplicate applications based on capability mapping and EA. Then, we progressed to the next level of assessment – identifying “big-bet” investments we must make for digital transformation and modernization and then rationalizing current applications against those. Applications that were identified as not aligning were marked as a potential candidate for consolidation/elimination or modernization (both of which reduce technical debt). Legacy and homegrown applications that have accumulated over the years are the major contributors to technical debt and security gaps, and hence required a comprehensive strategy, EA, and roadmap to eliminate/consolidate with core platforms and commercial off-the-shelf (COTS) solutions.

Think of it this way: We minimize ownership of our technology footprint by focusing on: 1) comprehensive, key investments that deliver more than one thing (instead of 10 isolated solutions that may be best-in-breed themselves but deliver only one thing each; and 2) standardization on certain platforms, databases, web servers, OS flavors, and so on. The benefits are many:

  • Fewer required APTs, lower support costs, and fewer suppliers to manage.
  • Fewer changes to the core platform means fewer bugs to fix.
  • Faster pace of change (faster validation).
  • Business units know what capabilities are available, and developers know how to introduce new functionality.

If I could summarize our approach in one sentence, it is this: Optimize at every layer, then focus on what makes a difference for the business.

Choosing a Framework for Technical Debt Reduction

When we began our technical debt journey, we started with information security (InfoSec), and used a framework of controls from the National Institute of Standards and Technology (NIST). Having such a standard set of controls allowed us to establish a target state to reduce our technical debt in that area. But beyond InfoSec, solutions and use cases are disparate. It wasn’t easy to put a comprehensive model around all that.

We have chosen to combine Gartner’s TIME model (Tolerate, Invest, Migrate, or Eliminate) and Gartner’s Pace-Layering strategy (a methodology for categorizing, selecting, managing and governing applications to support business change). As with the consolidation example given earlier, some decisions were easy. Others are not so obvious and require understanding who is using the application and the business processes involved.

Another key component of our rationalization process is to calculate the total cost of ownership (TCO) for an application (including licenses, support costs, and other more “hidden” costs). Being able to tangibly show the TCO for an app helps us explain our decision about its fate.

Since we began our reduction process with this approach, we have eliminated over 665 applications in 2017 and 2018, and we are now focusing on modernizing legacy mission-critical apps by moving them to the cloud and modern platforms. We try to deliver everything faster by providing almost everything as a service (infrastructure as a service, platform as a service, software as a service, etc.). Modern application development supports Intel’s digital transformation and business needs.

Get Fit, Stay Fit

As rare as it is for people to talk about how to manage technical debt, even fewer discuss how to prevent it.

As you release new capabilities, they need to align with the enterprise standards, roadmap, EA, and design. Any time you deviate, you accrue technical debt. Of course, sometimes, it’s impossible to avoid introducing technical debt due to the need for a short-term win (business requirements always trump technical debt avoidance). But don’t get complacent. No enterprise will ever be completely technical debt-free. It’s a continual process to identify it and pay it down. If you don’t have a cycle of continuous improvement, you will notice your velocity decreasing over time because development and validation begin to take longer.

We allocate a certain percentage of our APTs’ capacity to pay down technical debt periodically. (The exact percentage will vary from enterprise to enterprise.) We have established metrics and look at those metrics in real-time, which allows prioritization based on several factors. This approach keeps things more stable and maintains our velocity.

Reducing Technical Debt Fuels Other Enterprise Initiatives

Of course, technical debt reduction isn’t the only thing Intel IT has been working on to help Intel become more agile. As mentioned previously, we are also defining an EA and modernizing our entire infrastructure for the hybrid cloud. We have found that the coordination, collaboration, and communication required to find, eliminate, and prevent technical debt has significantly contributed to these other initiatives.

Want to Learn More?

You can find more details about how Intel IT is playing a strategic role by reading the 2018-2019 Intel IT Annual Performance Report, “Driving the Digital Enterprise Transformation.”

Published on Categories SecurityTags , , , , , ,
Harish Thanneer

About Harish Thanneer

Harish Thanneer, Senior Enterprise Architect and Principal Engineer in the Information Security Architecture group at Intel is responsible for delivering strategy, architecture and enablement for application security, vulnerability management along with other IT enterprise architecture initiatives like reducing technical debt and modernization. Harish has established application security framework aligning to Information Security policy and has led several initiatives in IT and information security like DevSecOps to improve security posture of Intel applications. Prior to joining IT Harish was a Principal Engineer in Assembly Test Technology Development Automation (ATTD) leading software architecture and is an expert in application security/cryptographic protocols, distributed middleware and mission critical systems engineering. He has played key roles in defining automation architecture and has been instrumental in driving standards & frameworks-based development methodology to enable factory automation capabilities and has experience implementing e-commerce, content management systems early in his career. Harish is Certified Information Security Service Professional (CISSP), TOGAF9 certified Architect and GCDA (GIAC Certified Detection Analyst). Harish received his Master’s degree in Computer Science from Villanova University and has authored multiple technical papers (IEEE) on distributed middleware integration and manageability of software systems. Harish enjoys spending his free time with his family and friends. His interests are hiking, traveling, and researching new technologies.