We didn’t have time for Governance!

Many Agile coaches and trainers often speak about the unicorns of Agile.

Spotify. Netflix. Amazon.

Agility is spoken of in the past tense. The idea that this happened a while ago, and we need to look to the past to understand how it’s been done, and what the criteria for achieving ‘business agility’ are.

There’s value in that. We should look to the past to understand the transition from ‘old’ to ‘new’.

I love the idea of defining Business Agility as a culture of innovation and a mindset that embraces excellence over the labels and dogmatic, ‘ways of working’ that are often used to define something as Agile.

And so, if we remove those labels, we have the opportunity to witness agility in action all around us, regardless of whether ‘Agile’ is formally adopted within an organisation or not.

We also have as much to learn from companies and organisations that respond creatively, decisively and effectively to the phenomenon as we do from those who drop the ball at crucial moments.

Enter Zoom.

Zoom was founded in 2011 by Eric Yuan, a lead engineer from Cisco Systems. By 2017, it entered the Unicorn club with a market value of US $1 Billion, and by 2020 it became the preferred technology for millions of people around the world to connect and collaborate with others.

In the first few months of 2020, Zoom added 2.2 million users to its consumer base alone.

If ever you wanted a perfect storm that propelled a brand into the stratosphere and into the hallowed territory of Apple and company, Covid-19 would be that storm.


Why has Zoom bombed?

Zoom has been a darling of the Agile world for a while because it doesn’t require much in the way of technology to facilitate and, it’s relatively straightforward to create and facilitate an online meeting.

It isn’t, however, safe to do so.

Something we’ve all discovered in the past few days.

Let’s assume, for a moment, that this isn’t something sinister. Let’s assume that it is, instead, a flaw.

A major flaw.

This is a product built by teams who value building something fast and being first to market with those features.

Consistently and frequently.

It’s built with IPOs, revenue and acquisition of customers in mind rather than delivering the thing that most matters to those users, especially those who are working collaboratively on sensitive, valuable products and services.


It could be argued that this isn’t representative of a culture of excellence. It instead embraces efficiency and effectiveness. It embraces getting things done rather than getting the most valuable things done.

This isn’t a dig at Zoom.

I’ve long been a fan of their product and have actively recommended Zoom to multiple people in multiple usage applications.

It is, however, an insight into how ‘Agile’ can sometimes have the sole focus of ‘rapidly building products and services’. The idea of doing ‘twice the work in half the time’.

Whilst this is a core and valuable benefit of both Agile and Scrum, it isn’t a principle, nor is it the foundation that gave rise to the Agile movement.

Doing the most valuable work, in the right way, that frequently and continuously delights customers is a core principle of the Agile Manifesto and a value proposition upon which everything else is built.

Zoom may or may not be guilty of the accusations being thrown at them. They may also prove those accusations false and swarm to rapidly and effectively address these security flaws over the next 90 days, as their CEO has publicly committed to doing.

Or they may not.

What I do know is that even Unicorns aren’t safe from the volatility and complexity of the times we are living through.

Eric Yuan, CEO of Zoom, lamented that ‘Zoom was designed for enterprises that run huge security reviews of its app. It wasn’t designed with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying and socializing at home’. (credit CNBC, Zoom stock falls 11% as CEO apologises for security lapses.)

Zoom has been criticised for ‘Zoombombing intrusions, sharing data with Facebook, abusing permissions on Mac, not properly describing how it encrypts data and having a vulnerability that allegedly exposes Windows login credentials to hackers.’

These aren’t oversights. These aren’t the kinds of things that go wrong because of scale or rapid adoption by a different user group. They are a failure of governance and compliance.

We were working Agile. We didn’t have time for Governance.

In a recent video conference with Tyrrell Basson from the University of Manchester, via Zoom, the topic of governance was raised.

We had a laugh around the phrase so often used when teams drop the governance ball.

‘We were working Agile! We didn’t have time for Governance and Compliance.’

Great Agile is compliant and honours rather than neglects great governance.

It needs to be. Zoom is a perfect example of what happens when it isn’t.

Agile does not negate planning, identifying the most valuable work to be done, and assigning the most qualified and capable teams to address that work in a structured, prioritised fashion.

Agile stresses the importance of it.

It values that as a core requirement for great teamwork, collaboration and effectiveness. It embraces rather than shuns Governance and Compliance.

Agile simply questions which elements of the Governance and Compliance policies and procedures are relevant, valuable and actionable versus that which is a product of legacy systems and ways of doing things.

I gave Tyrrell and example of how a certain project I once worked on reducing miles of Governance and Compliance paperwork into a text message distributed to a key individual once a fortnight. All it took was a couple of questions and a demonstration of how we could best serve the request.

Zoom had a once in a lifetime opportunity to leapfrog from obscurity to Unicorn, and Unicorn to Fairy Tale within a decade.

It isn’t a lack of brilliant engineers, creativity and opportunity that crashed their ‘belle of the Covid-19 ball’ moment.

It was compliance. Governance.

Failing to do the most valuable work, in the right way, at the right time.

Failing to place ‘integrity’ at the heart of their brilliant, yet flawed, software.

Culture matters. Excellence matters. Integrity matters.

3 nebulous concepts that crystalise in moments of crisis into elements that are as visible, tangible and critical to success as any lines of code in your proprietary software.

author avatar
John McFadyen Managing Partner
John McFadyen is an Executive and Enterprise Agile Coach with proven experience working on some of the UK and Europe’s largest, most complex Agile Transformations. As a Certified Scrum Trainer, John brings a wealth of experience as an Agile coach, Agile practitioner and software developer into each of the four core courses he provides. The war stories, the insights into successful Agile transformations and everything he has learned from coaching high-performance Agile teams combine to provide course delegates with a unique, compelling training experience that transforms as much as it empowers.

Related Blog Posts