What is Service Maturity?

What is service maturity? 

Service maturity is a method of ensuring a consistent level of software engineering quality across your company, no matter the scale. It defines both minimum standards that teams must meet to ship software and aspirational goals that improve product quality, increase performance, and reduce delivery time. 

A service maturity model defines levels of maturity, along with criteria for meeting these levels. These criteria can span multiple categories, including code quality, security, reliability, and observability. Each level provides concrete steps a team can take to raise its maturity level. 

The concept of service maturity is critical in our age of microservices, where small teams concentrate on delivering a small set tightly-scoped services. These teams work independently, taking dependencies on other teams through shared libraries and API contracts. 

This model enables service teams to move quickly, ship often, and change direction rapidly as market conditions and business needs change. However, it also carries risks. 

Many service teams end up establishing their own engineering practices. That leads to high variability in service quality and delivery from team to team.

Over time, teams evolve different tech stacks, making it more difficult to establish a consistent baseline. This problem compounds as a company grows in size. 

Service maturity enables a company to level-set its teams to a shared set of benchmarks. By defining these benchmarks in terms of concrete improvements, the company can also provide visibility into each team’s current maturity level and ongoing progress. 

The return on investment from investing in service maturity can be stunning. The Financial Times found itself hitting a wall in terms of how often and how quickly its engineers could push changes to production. After investing heavily in engineering enablement, the company went from 12 releases a year to 30,000.

Features of service maturity 

The concept of maturity levels in software isn’t new. One-size-fits-all approaches such as the Capability Maturity Model have existed for decades. However, such models are often inflexible and tend to go out of date quickly.

A service maturity model offers a more flexible approach to defining and implementing a maturity model. Every company can define its own maturity levels that reflect its business by creating its own security maturity rubric. Additionally, individual teams and sub-organizations can define their own standards by creating scorecards. Using global rubrics and local scorecards enables establishing global standards while also allowing for great flexibility and individuation at the org, department, and team level. 

A maturity model consists of: 

• Levels representing a team’s current state of maturity (e.g., Bronze, Silver, and Gold; Levels 1 to 5; etc.);
• Categories defining areas of improvement; and 
• Checks that define criteria for meeting maturity in a category at that level, along with (optional) code that verifies whether the criteria for the check have been fulfilled. 

Companies can define levels and categories as they see fit. Once set, these are consistent across all scorecards, which helps level-set all teams to a global standard. A few standard examples of categories include: 

• Security
• Reliability & scalability
• Observability
• Ownership
• Discoverability 

Let’s look briefly at which checks you might choose to implement for each category.

Security 

• Authentication and authorization implemented on each service endpoint 
• All data encrypted at rest and in transit
• Static and dynamic security scans implemented (e.g., binary security scans, certificate signing of binaries and scripts, HTTP REST API security scans) 
• Proper management of secrets (e.g., no secrets embedded in code or checked-in configuration files)
• Service has been deployed within the last n days or weeks

Reliability & scalability

• Whether a service has filed a Service-Level Objective (SLO) and is emitting Service-Level Indicators (SLIs) to measure them
• Disaster recovery plans, backups, and redundant architecture
• Number of Sev2 incidents per month

Observability 

• Capturing logs in a central, easy-to-search location 
• Emitting metrics on runtime state (e.g., request time, latency) 
• Using alerting and automated issue creation/routing 

Ownership 

• Service has an assigned owner
• All of a service’s code repositories are registered with the service and have technical and administrative points of contact
• Resources (e.g., cloud capacity) are properly tagged to indicate their owning team and deployment stage 

Discoverability 

• Service is registered in a centralized service catalog
• The service is documented and the documentation is readily discoverable and available

Benefits of service maturity 

The first and foremost benefit of tracking service maturity is that it enables measuring and improving engineering quality across your broader organization. It accomplishes this, not through vague top-down mandates, but through concrete measures that teams can measure and track themselves via a centralized dashboard.  

For example, freight carrier software company Convoy found itself with an inconsistent tech stack over its 40 services and 150 engineers. It used OpsLevel to implement a service maturity model and enforce automatic quality checks against all new software components added to projects. This change has enabled Convoy to scale to 75 new services while maintaining a high bar for ship quality. 

Another benefit is that a service maturity model can lower the cost and friction in improving software quality. A service maturity program implemented in a developer portal tool such as OpsLevel provides rich graphical reports on maturity level progress and tools for easily implementing a roster of standardized checks. This enables teams to self-service and manage their own progress. 

‍

Finally, a service maturity framework enables rolling out improvements in quality and security in a uniform fashion. For example, say that the developer of a component ships a critical security patch for their library. Using a service maturity framework, a company can roll out a new check to ensure every team using the component ships the patch promptly. 

How to get started tracking service maturity 

How does a company get started with service maturity? It’s not an overnight journey—but it also doesn’t have to be complicated. You can start your journey to service maturity by implementing the following steps: 

Get executive buy-in. Any critical improvement requires investment from leadership. Define the return on investment for a service maturity program and show how it ties back to your company’s overall key performance objectives (KPIs). For example, a key selling point is that investing in service maturity will give you an apples-to-apples comparison of software development team health across the organization.

Use this information to pitch the program’s value to senior leadership and obtain sign-off and funding. Define what KPIs the program will itself define, and provide reports that leadership can use to track improvements in software engineering quality and velocity. 

Select a service maturity-aware developer portal. Many large Fortune 50 companies have created their own service maturity solutions out of necessity. That’s not feasible for many companies—and, in most cases, isn’t necessary. Investing in a commercial developer portal solution that supports service maturity will enable you to realize value from your investment much more quickly than creating a home-grown solution from scratch. 

Make time for service quality. For a service maturity program to work, service maturity has to become part of a company’s culture. That means engineers need time in their schedules to focus on it. Make service maturity action items a regular part of a team’s sprints. Additionally, look at assigning embedded resources, such as PMs and SREs, who can make service maturity work items their first priority.  

Get started with service maturity tracking today

Implementing a service maturity program can lead to huge improvements in cross-team security, reliability, and quality. It can enable greater accountability across teams and make cross-team collaboration easier. 

With the right tooling, a service maturity program provides an all-up view of how well every team is meeting the bar for established engineering best practices. It takes the guesswork and uncertainty out of software engineering quality management. 

In the past, establishing a service maturity program was a software engineering project in and of itself. OpsLevel makes implementing service maturity easy with its comprehensive developer portal. Using OpsLevel, teams can define and catalog service, establish company-wide service maturity rubrics, and even automate common operational tasks. 

Want to start down the road to more secure and resilient services?

‍Try OpsLevel today and see how easy it is to get started.

‍