Finding value in your project workstreams

Learn how to calculate the value of project workstreams to provide metrics for your key business objectives and key performance indicators.

by Nek Polk

Before delving into value stream mapping, I want to briefly introduce HashiCorp’s cloud operating model (COM). The cloud operating model is an approach that enables organizations to unlock the fastest path to value in a modern, multi-cloud data center. When the COM is adopted within organizations; it enables technology, processes, and people to work more efficiently.

As a part of the cloud operating model, HashiCorp provides a suite of tools operating at different layers to assist customers in their multi-cloud journey. The layers are as follows:

  • Infrastructure layer: Terraform enables infrastructure as code and infrastructure automation at scale.

  • Security layer: Vault provides secrets management and helps customers to move towards a “zero-trust” environment with no clear static perimeter.

  • Network layer: Consul is a dynamic service registry allowing customers to move away from static-based networking.

  • Runtime layer: Nomad shifts customers away from deploying artifacts to static application servers to deploying applications on a pool of infrastructure that is provisioned on-demand.

With an understanding of the HashiCorp cloud operating model, we can use some of the tools to assist us in finding value in our project work streams. 

»What is value stream mapping?

Value stream mapping (VSM) represents an organization's steps to implement solutions that provide a continuous flow of value to an internal or external customer. Additionally, leadership within companies may use value streams to maximize productivity by mapping a solution end-to-end and removing unnecessary steps and pain points. Value streams are usually separated into two key categories: Operational and Development value streams.

»Why is value stream mapping important?

Value stream mapping allows you to understand internal process flows, the value of your processes, and the impact on your customers. Value stream mapping can also help you improve process velocity with the shortest sustainable lead time while maintaining the highest possible quality. Value stream mapping is a journey and will require you to think about the possibilities and challenge the current state. 

Key questions to ask yourself before starting:

  • What process are you going to map?

  • What are the objective and key results for mapping the process?

  • Do you have a current process map?

  • If not, do you have adequate software to map the process?

  • Will you have access to everyone, i.e., different teams that are needed to accurately map the process?

  • Do you have enough data to assign a cost value to the stream being mapped?

»Different types of value streams

»Operational value streams

An operational value stream (OVS) contains the steps and the people who deliver end-user value using solutions created by the development value streams. Operational value streams are usually triggered by a request from a user or a ticket submission. When conducting an operational value stream mapping exercise, remember to capture data from the consumer (end-user) and administrative (processor) perspectives. 

»Development value streams

A development value stream (DVS) contains the steps, systems, and the people who develop the solutions used by operational value streams. Development value streams are triggered by feature requests and account for the define, build, validate, and release steps to deliver a new increment of value. 

»Components of value stream mapping

Value stream mapping may contain one or more of the three key elements which are technology, processes, and people. The technology component includes all the infrastructure required to host processes and solutions for consumers. The process component consists of the necessary steps to complete a task or deliver a requested item. The people component encompasses the number of human resources required to build and or maintain a feature.  


Optimization of infrastructure is key to the technology value component. Before optimizing your infrastructure component, think about your current usage patterns along with new onboarding projects and ask yourself the following questions:

  • What is the cost of running the current configuration?

  • Can I move to optimized infrastructure (based on provider)?

  • Is my infrastructure based on SLAs or vendor recommendations?

Work with your Tech Finance team or Cloudability team to understand the current cost of your infrastructure. Use the current cost as your baseline to compare costs as you choose different vendors, hardware options, and configurations. If you are a cloud customer, you can enlist the help of your technical account manager to implement savings plans or utilize reserved instances without making unnecessary changes to your infrastructure. 

Another area to review is utilization. Look at your current utilization metrics to determine if your infrastructure is being used as expected or underutilized. If your infrastructure is underutilized, you may want to revisit service level agreements (SLAs), disaster recovery plans, and vendor recommendations. 

As an example, HashiCorp Vault recommended architecture indicates that customers should build Vault clusters with five nodes distributed between three availability zones allowing for a loss of two nodes from within the cluster or the loss of an entire availability zone. Additionally, HashiCorp recommends utilizing a multi-datacenter deployment where you can replicate data across data centers for performance as well as disaster recovery.

»Infrastructure example:

You are a Vault customer with less than 2,000 clients. Your primary usage of Vault is Key/Value Version 2 (KV2) secrets that are read at application startup or restart. Your current infrastructure consists of a 5-node primary cluster in one region-1, a 5-node disaster recovery (DR) in region-2, and an 8-node performance replica (PR) in region-2. You have a three-year savings plan reducing your computing cost to  $284 per month, per node.

After reviewing Vault cluster metrics, you noticed that the Vault cluster utilization is less than 15% and process SLAs are met consistently without traffic being routed to the PR cluster. Because traffic was not being routed to your PR cluster, you decide to remove the cluster reducing your monthly cloud costs by 8 nodes. Additionally, you decide to reduce the primary and secondary clusters to three nodes with the option to autoscale standby nodes when necessary to help with the reading of secrets. Leaving 1 node in each availability zone provides a quorum for Vault and the ability to recover from the loss of an availability zone. Keep in mind that removing your PR will require a well-orchestrated DR plan to stay within SLAs.

With a reevaluation of your infrastructure needs, you are able to remove 12 nodes from your monthly cloud costs. Technology value stream = 12 nodes x cost per node (12 x $284 = $3,408 per month) leading to cost savings and technology value add. 


Before evaluating a process for value stream mapping, consider the following:

  • Are all the steps necessary? 

  • How long does each step take?

  • Who/What performs each step? 

  • What systems are needed? 

  • What information is necessary?

  • How often is this process utilized (day, week, month)?

  • What is your expected yearly growth?

After answering the previous questions, confirm that you have a diagram of the current process. Having a diagram of the current state can help you identify gaps and/or improvements before creating a future state. If you do not have a diagram, utilize software such as LucidChart,, Visio, etc. to create a process flow diagram outlining each step of your process. Take your time and account for each step in the process because you will need to assign a time value to each step later in the process. See the example below.

When a process is triggered to deliver new security credentials, a new cloud resource, etc., the amount of time that is required to complete the request is called delay time (DT). Until the security credentials are provided to a developer or a server is delivered to an application team, productivity is lost. The actual time needed for a process to complete via automation or human intervention is called process time (PT). The total time from request to delivery is called lead time (LT). Lead time is determined by adding process time (PT) and delay time (DT) or 6 hrs + 18 hrs = 24 hrs. Time efficiency (TE) is 6 hrs / 24 hrs = .25 which if calculated at each step will help you identify bottlenecks in your process.

»Process example:

You are the manager of a security team responsible for identity and access management (IAM). You receive feedback from the application development team indicating that they are losing valuable productivity time when submitting requests for access to databases. You and your team review the current process and assign process times and delay times to each step to identify unnecessary lead time. The diagram below illustrates the current process.


Your review of the process indicated that your team is not effectively monitoring the shared mailbox, and requests on average take 1 day to review. After the review of the email, an IAM team member is assigned a task to create the database credentials which takes 1 day to complete. Upon creation of the credentials, the IAM team member stores the new credentials in a repository and sends an email to the requestor. On average, the database credential process takes 2 business days to complete.

Based on the review of the process, the actual work to deliver database credentials should take 2 hours or less. Currently, the process is taking 2 business days which means the current process has a TE of 13%. As previously stated, TE = PT / LT or TE = 2 hrs / 16 hrs. As long as an application team does not have their credentials, they are not able to move forward with development. Think about the productivity time lost per request to calculate the cost of lost productivity. Furthermore, think about each credential request that is manually created. On average, a developer’s hourly rate is $65 per hour, and an IAM team member’s is $48 per hour.

Based on the review of this process, the IAM team identified some changes to reduce the cost of lost productivity associated with the old steps. See the following diagram:

To streamline the process and remove unnecessary wait times, the IAM team utilized ServiceNow integration (Vault AppRole) to dynamically create just-in-time credentials within Vault. Not only does the new process reduce unnecessary wait time, but it also strengthens your security posture because Vault can automatically rotate credentials. The new automated process removes 15 hours of wait time which is a TE of 98%. The process value stream = (15 hours x cost of a developer per hour) + cost of an IAM team member per hour or (15 x $65) + $48 = $1,023 per request.


The people component of VSM is usually impacted by the technology component or the process component. In some cases, the people component is impacted by both technology and process components. When the amount of infrastructure or the number of environments to maintain is reduced, the number of full-time employees (FTEs) needed to support the infrastructure should reduce as well. When a process is streamlined, you should no longer need as many FTEs for enhancements or maintenance allowing them to focus on improvements.

In the infrastructure example above, the number of servers needed to maintain the solution was reduced by 12 which is a reduction of 67%. Because of a reduction in infrastructure to support, a certain percentage of FTEs can be reduced or reallocated for additional improvements. The process example above removed unnecessary wait times for the development team increasing their productivity. Further, the elimination of the manual steps removes the opportunity for human error. The reduction of support and wait times allows the FTEs more time to focus on service improvements. The people value stream = number of reallocated FTEs x cost of reallocated FTEs.


In summary, we covered the overall concept of value stream mapping via two examples. Within those examples, we discussed the difference between development and operational value streams. Now it is time for you to combine the concepts of value stream mapping with tools from the HashiCorp cloud operating model to optimize your hardware, streamline your processes, and utilize your people more effectively.

More resources like this one

  • 3/15/2023
  • Presentation

Advanced Terraform techniques

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 2/1/2023
  • Case Study

Should My Team Really Need to Know Terraform?

  • 1/20/2023
  • Case Study

Packaging Security in Terraform Modules