striking-the-balance-between-velocity-and-governance-in-software-delivery

Home / Blog

1 AUGUST 2025

Striking the Balance Between Velocity and Governance in Software Delivery

Author: Nick Durkin

banner

Engineering leaders are constantly caught on a tightrope – balancing developer freedom with the need for control. On one hand, they’re expected to create space for innovation. On the other hand, they’re responsible for ensuring that software is secure, reliable and scalable before it reaches production.

It can often feel like a lose-lose scenario. Too much freedom can lead to buggy or inefficient code, unexpected downtime or security incidents. But too much control can stifle innovation, slow delivery and demotivate developer teams – exposing the business to a different type of risk: falling behind competitors and customer expectations.

So how do you find the right balance between velocity and governance?

Make it easy to do the right thing

Start by embedding best practices for security, performance, and cost management – without making them a burden for your engineering teams. If governance is too difficult to follow, developers will find ways to bypass them, opening the door to shadow IT and unnecessary risk.

When setting compliance policies, design them with the developer experience in mind. Avoid top-down mandates or rigid rules that feel like micromanaging. Good governance should support the developer journey from end to end, helping teams move faster by eliminating gaps or roadblocks and minimizing friction.

As AI adoption grows across the software lifecycle, this becomes even more critical. AI can supercharge velocity, it also increases the surface area for risk. The smallest gap in cost control or security can scale exponentially, turning minor issues into major problems.

Make it hard to do the wrong thing

While encouraging best practices, engineering leaders should also establish clear and thoughtful guardrails – giving teams flexibility within a well-defined framework.

For example, let developers choose the tools that fit their workflows – like post-response scripts, MongoDB, or Microsoft SQL – while automatically preventing the use of less secure or unsupported systems. This ensures that teams stay empowered but within boundaries that protect the business.

Just as important, make sure engineers have access to the insights they need to get the job done. By shifting information left, not just workload, leaders can help teams catch issues early, before their code hits production. Whether it’s a cost inefficiency or security misconfiguration, visibility gives developers greater ownership of outcomes and fewer chances to make avoidable mistakes.

Lower barriers to innovation by creating space to fail fast and learn faster

With a strong foundation of best practices and automated guardrails, engineering leaders can carve out safe spaces for experimentation and innovation – where teams are free to move fast and try new ideas without the fear of breaking something.

This fosters a startup mindset inside larger organizations where developers feel confident testing new ideas because they know the system has controls. The result: faster iteration, greater autonomy, and less time spent navigating red tape.

A golden path to success

Trust Bank – one of the world’s fastest-growing digital banks – has set the standard on making it easy to do the right thing, and hard to do the wrong thing.

Their CI/CD pipelines allow developers to continuously test, build, and deploy code changes on demand, while automatically enforcing security, compliance and risk policies behind the scenes.

By automating checks directly into their delivery workflows, they have removed manual toil for engineers while increasing both the speed and reliability of its deployments. The impact is real: Trust Bank reduced deployment lead time from two weeks to just 24 hours.

Whether you’re in banking, healthcare, telecommunications, or any other regulated space, this model shows how speed and control can go hand in hand. The hardest challenges in software delivery aren’t just technical – they’re also human. Developers want to build great things, and it’s our job to give them the freedom to do that with the confidence that they’re doing it the right way.

When you strike that balance, you empower people to do what they love while removing the worst parts of the job.

About the Author:

Nick Durkin is Field CTO for Harness, the first Software Delivery Platform to use AI to simplify DevOps processes, including CI, CD, Feature Flags, Cloud Costs, Chaos Engineering, and much more. He is responsible for the organization's worldwide field engineering team, post-sales engineering team, and a portion of product. He previously held technical and executive roles at OverOps, DataTorrent, and Zelle (Early Warning), where he ran critical infrastructure for the United States government. He also served as lead architect on the Department of Homeland Security’s Financial Institution – Verifying Identity Credential Service (FIVICS) initiative where he developed several patents for anti-fraud technologies, which are currently in use not only by the federal government but some of the world's largest financial institutions as well. Nick has been recognized for his ability to help multiple early stage companies find market fit, get their first customers, and build a team and strategy for growth and profitability

@ 2026 Harness Inc.