The best way to get started? "Select a small proof-of-concept project, pluck people from each silo, put them in a room together, and look at the result," says Moloney.
If this is such a great idea, why isn't everyone doing it? A lot of organizations haven't solved the first problem, yet -- getting good code out the door quickly, says Olson. Interdepartmental politics also plays a role, especially in larger organizations. And the devops concept is still fairly new, while divisions between developers and admins are not.
"Dev people and ops people speak different languages," Olson says. "The role of the ops guy is to reduce risk so he doesn't get desperate phone calls on the weekend. The goal of the dev team is to produce as much good new stuff as possible. There's a conflict there. You can't just buy a tool to make it happen. It requires a change in culture."
Essential IT Project No. 4: Create a crisis response teamWhen Sony's PlayStation Network was taken down by hackers last spring, spilling some 77 million customers' records, the electronics giant responded by doing just about everything wrong, says Christopher Budd, a former member of Microsoft's worldwide crisis response communications team.
After the network went offline last April, Sony failed to acknowledge or explain the cause of the outage. For a week the company provided virtually no information -- allowing the press and blogosphere to fill the gap with speculation and misinformation, says Budd, who now runs his own crisis communications company.
The reason? Sony lacked an effective incident response process for online security and privacy issues, something even smaller organizations need to implement. "Any organization that's a custodian of customer data needs to spend time figuring out what it's going to do if something happens to that data," he says. "Besides avoiding damage to their reputations, they also need to protect themselves against legal and regulatory risks."
Nearly every state has laws requiring organizations to notify customers in the event of a data breach. Publicly traded companies must also worry about the impact of security and privacy incidents on their share price.
Building an emergency response team means marshaling resources across the organization -- legal, communications, and technical. It also requires a mandate from top management that empowers the team to do what needs to be done, swiftly and without interference, Budd adds.
"You need to get out there as quickly as possible and be as transparent as you can be," he says. "You need to say what has happened, and also what hasn't happened. Because one way or another, the story will get out. You want to be the one to step out onto the stage, grab the microphone, and take charge of the situation."
Sign up for CIO Asia eNewsletters.