Blog Feed Post

To Build or To Buy?

The typical techie will face every challenge with a simple question: “Can I build the solution myself?” And often, the question is valid enough that it gets some significant consideration. So, should we build or buy? Evaluation of an incident management solution seems to now invite this question as well. But how do you know when you should build or buy your incident management platform?

Why Build?

Sometimes the desire to build your own solution is based on the simple fact that procurement of a commercial solution is out of your hands. For example, enterprise IT has the budget for the tool, but the DevOps team needs it. It may seem easier to build a solution from open source projects than to play the long-term games it takes to get a solution purchased. But this is an organizational problem, and not a technical one. And often times, the custom-built solution tends to be short-lived.

But there are other reasons why you might want to build your own solution:

  • Real or perceived unique requirements
  • Security and privacy concerns
  • Cost

These are valid reasons to consider building your own incident management solution — but all need to be scrutinized.

Are your requirements truly unique? The way to identify if this is the case is to look at your competitors and what they use, and research your requirements compared to similar organizations. And at the same time, even if you have a unique requirement, you might want to question why it’s so unique. Does it need to be that way?

As for security, what is it about your security and privacy concerns that make them a no-go for commercial incident management? Is it the potential for exposed data? Most of the time, application data does not need to be included as part of alerts, but if it is, this is something to consider. If the concern is around security in general, keep in mind that vendors work to make sure they are current on security threats. Often, they have the capacity to be much more on top of security than internal operations teams.

And then there’s cost. Cost is tricky because the most expensive aspects of building your own solution are not easily calculated. It’s easy to calculate the monthly fee of an incident management service versus the cost to do one-time development from a full-time developer. However, it’s hard to anticipate on-going maintenance, feature changes, and the big one — opportunity cost. What would the developer(s) be working on if they were not building this solution? And what is the cost of having projects or backlogs put aside while it’s being developed? Another issue arises when the person who built it leaves, and takes the understanding of the code base with them. You don’t want tribal knowledge leaving the organization when it’s related to a mission-critical part of your infrastructure.

Do You Integrate?

Building an incident management solution has one particular weak spot — integrations. Successful incident management platforms have a huge library of integrations into sources (like your application and infrastructure) and distribution (like your collaboration tools). Building these integrations takes quite a bit of time, oftentimes requiring developers to learn and build against new APIs. Organizations who build their own incident management platform may only have to work with integrations that matter to them, as they don’t need to support many use cases. But when the APIs for these systems change, you can be blindsided — miss out on new functionality or break the platform altogether. Open source projects are not going to respond as quickly to changes in integrations or create new ones, and if something breaks, your developer, already tasked with something else, would have to drop everything and address it. And of course, the choice of tooling that your incident management system must integrate with may also shift as the team scales and its needs change.

When to Build

There is a scenario where a custom-built incident management platform based on open source projects is useful, and that’s when it is required for purpose-built, very niche scenarios. Generally, organizations that need such a solution would have commercial incident management for the global environment, and roll up or even integrate into the incident management platform’s API for the niche scenario.

The other purpose might be for alerting that is used in a different context than for application or infrastructure support. Perhaps the alerting is used for collaboration or product management. In such cases, it might be useful to segment the use case from the commercial and mission-critical incident management system with a more homegrown and less liable system for the other use cases. This can be true for teams that already have a lot of customization when it comes to learning from their application usage. For example, when a new feature is launched you can elect to receive alerts when that feature is used, or when new infrastructure is rolled out you can choose to be alerted when you hit a certain KPI in performance to understand the impact of the changes.

The other reason is data leak concerns, both internal and external. For example, alerts where remediation exposes personally identifiable information to internal tier 1 support, but they do not have the authority to see. This could be an issue, especially in regulated industries. Nine times out of 10 you can modify your roles in the platform and what is exposed, so this is never a problem. In general, you should always try to do that. But there are the rare instances where it is unavoidable.

Your Time to Shine

A seasoned techie will know when it’s the right time to build or buy, beyond their interest to tinker and solve problems. The initial creation of the solution is not where you get stuck. It’s the long-term support, and risk associated with custom solutions. And it’s not just the creation of the solution — you also have to run it. Do you install an incident management system for your incident management system? Having to worry about the uptime of something else is stressful, and if incident management goes down, you are flying blind.

Custom niche integrations into your code base and infrastructure sometimes justify building your own incident management solution. Or if you have non-mission-critical use cases that are tangential to your commercial incident management, it may be worth the effort to build your own. In general, though, a commercial solution will have a lower total cost of ownership, will address your needs as you scale, will ensure that tooling and processes don’t break down when certain experts leave, and will have better coverage and solutions for your security and privacy concerns.

When deciding to build or buy, I suggest focusing heavily on the opportunity cost. This is the greatest unknown and expense, and usually, the answer becomes clear pretty quickly.

The post To Build or To Buy? appeared first on PagerDuty.

Read the original blog entry...

More Stories By PagerDuty Blog

PagerDuty’s operations performance platform helps companies increase reliability. By connecting people, systems and data in a single view, PagerDuty delivers visibility and actionable intelligence across global operations for effective incident resolution management. PagerDuty has over 100 platform partners, and is trusted by Fortune 500 companies and startups alike, including Microsoft, National Instruments, Electronic Arts, Adobe, Rackspace, Etsy, Square and Github.

Latest Stories
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, will discuss how from store operations...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, will discuss how by using...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
Transforming cloud-based data into a reportable format can be a very expensive, time-intensive and complex operation. As a SaaS platform with more than 30 million global users, Cornerstone OnDemand’s challenge was to create a scalable solution that would improve the time it took customers to access their user data. Our Real-Time Data Warehouse (RTDW) process vastly reduced data time-to-availability from 24 hours to just 10 minutes. In his session at 21st Cloud Expo, Mark Goldin, Chief Technolo...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
SYS-CON Events announced today that CAST Software will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CAST was founded more than 25 years ago to make the invisible visible. Built around the idea that even the best analytics on the market still leave blind spots for technical teams looking to deliver better software and prevent outages, CAST provides the software intelligence that matter ...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busine...
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, will answer these questions and demonstrate techniques for implementing advanced scheduling. For example, using spot instances ...
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
First generation hyperconverged solutions have taken the data center by storm, rapidly proliferating in pockets everywhere to provide further consolidation of floor space and workloads. These first generation solutions are not without challenges, however. In his session at 21st Cloud Expo, Wes Talbert, a Principal Architect and results-driven enterprise sales leader at NetApp, will discuss how the HCI solution of tomorrow will integrate with the public cloud to deliver a quality hybrid cloud e...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.