Level 5 - Adapt

Business Outcomes

When reaching level five of the Cloud Native Maturity Model, the business has trust and confidence in the technology team i.e. they can sleep at night. There are no nasty surprises from auditors, no outages in the same way legacy systems faced. Your team no longer faces jarring and stressful pivots. You can look to the future without feeling anxiety about the current state.

Essentially level five is utopia. You’ve met your business goals. You’ve invested the time in a platform that allows your teams to be flexible and adapt to businesses ever-evolving needs.

Cost

IT spend has become more predictable as FinOps and policies have helped to avoid unforeseen circumstances and events. Both the business and technology teams can plot highs and lows throughout the year to make budget predictions and forecasts.

People

People Overview

You’ve reached maturity, the organization is skilled and you have DevOps and DevSecOps working. Teams are comfortable experimenting with new technologies and sandbox trials.

Organizational Change

At maturity, the entire organization is committed and onboarded to the cloud native environment.

Teams and Decentralization

You now have self-provisioning amongst different groups, along with organizational acceptance of the self-service portal. The business benefits from service ownership.

Security

You will be actively developing security internally, with the community and regulators.

Developer Agility

The group has strong ability to recover and maintain throughput tolerating individuals joining and leaving. Business decisions are well informed by rich and accurate data across all teams in the organization allowing adoption of FinOps.

Upskilling Developers

Advanced testing and release patterns developed and in use, such as blue/green or canary

Process

Process Overview

Achieving process maturity will see you build design capabilities for cloud native. You’ll also automate responses by using monitoring failures to restart or manage problematic and failing resources. Resource usage data will help you optimize spend and your process will include providing the business cost analysis.

CI/CD

Achieving maturity ensures you can demonstrate the benefit of your CI/CD process to the organization. You’ll be able to clearly see an increase in velocity, continuous deployment speed and see the effect on your business. For example, you will ship new features faster.

Change Control

You now have quality engineering (QE) capability. That means you have quality guardrails in place, continuous deployment to production with only a failed automated test preventing an update being automatically released to production. You are seeing fewer defects, hotfixes and bug fixes being released. You now have best practices in place and have removed human access from production in favor of service accounts. You are also using monitoring failures to restart or manage problematic and failing resources.

Security

The software supply chain is secured, with reproducible builds and software bills of materials providing insight into code and dependencies, with clear code provenance and secured release pipelines.You’ve shifted security left. You are preserving security by continuously monitoring Kubernetes for security and vulnerabilities.

Audit and Logs

You are enforcing audits.

Policy

Policy Overview

Based on your learnings, you will refine your policies as your organization achieves maturity, taking advantage of technologies such as machine learning in order to improve detection and enforcement.

Policy Creation

Contribute policies to the open source community and active engagement with regulators and other external stakeholders.

Compliance

Compliance never ends! You will tighten the feedback loop with stakeholders and take advantage of advanced machine learning and other tooling to understand what is normal for your environment and ensure visibility of anomalous conditions in a large volume of compliance data.

Technology

Technology Overview

Your investment is now focused on automation in functional and non-functional areas such as scanning, policy, security and testing. You’ve got operators doing your operations for you and you’re fully automated.

Infrastructure

Here you are managing your complete infrastructure lifecycle through software and tooling. Builds, upgrades, decommissioning is all taking place through code.

Container and Runtime Management

You’re now automating the response to events, and you have all your security data in one central repository. The platform is able to respond to events.

Application Patterns and Refactoring

Unless applications have specific requirements, such as extremely low latency, new greenfield applications are cloud native. You’ll look to onboard your existing portfolio of applications to your cloud native platform using your proven process. You’ll see now that your application matches your platform strengths and capabilities.

Application Release and Operations

You’re now in full production with GitOps operators and controls, and your release and operations workflows reside within Git.

Security and Policy

Here you will have ongoing optimization and adjustment in line with new requirements, aligning with the ongoing threat environment. Exceptions to policy are both minimized, and are formally controlled. You may incorporate machine learning as part of your threat detection practices.

Testing and Issue Detection

Here we further optimize the automation used in responses to issues by working to prevent mistakes from entering production in the first place.