Skip to content

We didn’t have time for Governance!

Many Agile coaches and trainers often speak about the unicorns of Agile.

Spotify. Netflix. Amazon.

Agility is spoken of in the past tense. The idea that this happened a while ago, and we need to look to the past to understand how it’s been done and the criteria for achieving ‘business agility’.

There’s value in that. We should look to the past to understand the transition from ‘old’ to ‘new’.

I love the idea of defining Business Agility as a culture of innovation and a mindset that embraces excellence over the labels and dogmatic, ‘ways of working’ often used to define something as Agile.

And so, if we remove those labels, we have the opportunity to witness agility in action all around us, regardless of whether ‘Agile’ is formally adopted within an organisation or not.

We also have as much to learn from companies and organisations that respond creatively, decisively and effectively to the phenomenon as we do from those who drop the ball at crucial moments.

Enter Zoom.

Zoom was founded in 2011 by Eric Yuan, a lead engineer from Cisco Systems. By 2017, it entered the Unicorn club with a market value of US $1 Billion, and by 2020 it became the preferred technology for millions of people around the world to connect and collaborate with others.

In the first few months of 2020, Zoom added 2.2 million users to its consumer base alone.

If ever you wanted a perfect storm that propelled a brand into the stratosphere and into the hallowed territory of Apple and company, Covid-19 would be that storm.


Why has Zoom bombed?

Zoom has been a darling of the Agile world for a while because it doesn’t require much in the way of technology to facilitate and, it’s relatively straightforward to create and facilitate an online meeting.

It isn’t, however, safe to do so.

Something we’ve all discovered in the past few days.

Let’s assume, for a moment, that this isn’t something sinister. Let’s assume that it is, instead, a flaw.

A major flaw.

This is a product built by teams who value building something fast and being first to market with those features.

Consistently and frequently.

It’s built with IPOs, revenue and acquisition of customers in mind rather than delivering the thing that most matters to those users, especially those who are working collaboratively on sensitive, valuable products and services.


It could be argued that this isn’t representative of a culture of excellence. It instead embraces efficiency and effectiveness. It embraces getting things done rather than getting the most valuable things done.

This isn’t a dig at Zoom.

I’ve long been a fan of their product and have actively recommended Zoom to multiple people in multiple usage applications.

It is, however, an insight into how ‘Agile’ can sometimes have the sole focus of ‘rapidly building products and services’. The idea of doing ‘twice the work in half the time’.

Whilst this is a core and valuable benefit of both Agile and Scrum, it isn’t a principle nor the foundation that gave rise to the Agile movement.

Doing the most valuable work in the right way that frequently and continuously delights customers is a core principle of the Agile Manifesto and a value proposition upon which everything else is built.

Zoom may or may not be guilty of the accusations thrown at them. They may also prove those accusations false and swarm to rapidly and effectively address these security flaws over the next 90 days, as their CEO has publicly committed to doing.

Or they may not.

What I do know is that even Unicorns aren’t safe from the volatility and complexity of the times we are living through.

Eric Yuan, CEO of Zoom, lamented that ‘Zoom was designed for enterprises that run huge security reviews of its app. It wasn’t designed with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying and socializing at home’. (credit CNBC, Zoom stock falls 11% as CEO apologises for security lapses.)

Zoom has been criticised for ‘Zoombombing intrusions, sharing data with Facebook, abusing permissions on Mac, not properly describing how it encrypts data and having a vulnerability that allegedly exposes Windows login credentials to hackers.’

These aren’t oversights. These aren’t things that go wrong because of scale or rapid adoption by a different user group. They are a failure of governance and compliance.

We were working Agile. We didn’t have time for Governance.

In a recent video conference with Tyrrell Basson from the University of Manchester, via Zoom, the topic of governance was raised.

We had a laugh around the phrase so often used when teams drop the governance ball.

‘We were working Agile! We didn’t have time for Governance and Compliance.’

Great Agile is compliant and honours rather than neglects great governance.

It needs to be. Zoom is a perfect example of what happens when it isn’t.

Agile does not negate planning, identifying the most valuable work, and assigning the most qualified and capable teams to address that work in a structured, prioritised fashion.

Agile stresses the importance of it.

It values that as a core requirement for great teamwork, collaboration and effectiveness. It embraces rather than shuns Governance and Compliance.

Agile simply questions which elements of the Governance and Compliance policies and procedures are relevant, valuable and actionable versus that which is a product of legacy systems and ways of doing things.

I gave Tyrrell and example of how a certain project I once worked on reduced miles of Governance and Compliance paperwork into a text message distributed to a key individual once a fortnight. All it took was a couple of questions and a demonstration of how we could best serve the request.

Zoom had a once-in-a-lifetime opportunity to leapfrog from obscurity to Unicorn, and Unicorn to Fairy Tale within a decade.

It isn’t a lack of brilliant engineers, creativity and opportunity that crashed their ‘belle of the Covid-19 ball’ moment.

It was compliance. Governance.

Failing to do the most valuable work, in the right way, at the right time.

Failing to place ‘integrity’ at the heart of their brilliant, yet flawed, software.

Culture matters. Excellence matters. Integrity matters.

Three nebulous concepts that crystalise in moments of crisis into elements which are as visible, tangible and critical to success as any lines of code in your proprietary software.