Balancing Autonomy and Control - An Adaptive Approach for Security Governance in Large-Scale Agile Development
Abstract:
Companies are increasingly adopting agile methods at scale, revealing a challenge in balancing team autonomy and organizational control. To address this challenge, we propose an adaptive approach for security governance in large-scale agile software development, based on design science research and expert interviews. In total, we carried out 28 interviews with 18 experts from 15 companies. Our resulting approach includes a generic organizational setup of security-related roles, a team autonomy assessment model, and an adaptive collaboration model. The model assigns activities to roles and determines their frequency based on team autonomy, balancing the autonomy-control tension while ensuring compliance. Although framework-agnostic, we applied our approach to existing scaling agile frameworks to demonstrate its applicability. Our evaluation indicates that the approach addresses a significant problem area and provides valuable guidance for incorporating security into scaled agile environments. While the primary focus is on security governance, our insights may be transferable to other cross-cutting concerns.
| Attribute | Value |
|---|---|
| Address | |
| Authors | Dr. Sascha Nägele , Nathalie Schenk , Florian Matthes |
| Citation | Na24b |
| Key | |
| Research project | |
| Title | |
| Type of publication | |
| Year | 2024 |
| Acronym | |
| Project | |
| Publication URL | |
| Team members |