logo

Return on Investment

If Hoop.dev saves 1 hour per month for each developer you already returned the investment. But instead we see teams getting 10x this return on their investments.
In this guide we will explore the financial results generated by using Hoop at companies of different industries and scale.

Direct Returns

Consider the average 100k salary for a developer:
USD 100,000 / year
USD ~8000 / month
USD ~50 / hour
The 100k/year investment isn't counting hunting, hiring, onboarding, and other costs of finding and adding developer to a team.
If Hoop saves 1 hour for each developer in the month it is already paying for itself. This tend to happen in the first few days of the month as we will see in this guide.
Let's look at a real-life example to see this in practice:
Every time someone stops a task because they don't have access to a resource you have two problems:
  1. the engineer that needs access lost the focus required for the software engineering task at hand, and
  1. the person solving the access problem have the exact same problem.
Two engineers out of flow.
But it gets worst: engineer 1 is blocked until engineer 2 context-switches to unblock them.
By the time engineer 1 gets a reply, they were already working on something else and have to context-switch again to continue the previous task.
Image without caption
It generally takes about 15-20 minutes to enter a state of deep concentration and this process can be disrupted by any distraction. This concept is sometimes referred to as "attention residue," where shifting attention even briefly can significantly affect one's ability to focus on a demanding task.
That is your 1 hour per engineer if this happens once a month for each developer. And for each engineer that blocks on access needs they stop a second engineer.
If if 50% of the engineering team gets blocked at least once a month, 100% of engineers will context-switch.
At most companies engineers stop multiple times a day. This means dozens of hours a month wasted per engineer.
Image without caption

Indirect Returns

If we consider a hyper conservative scenario Hoop investment is returned by many multiples only from direct returns. Now, adding the indirect side-effects of Hoop shows that 10x is the minimum to expect from the solution. Here are some of these side-effects:
  • Time-to-market: Increased revenue from increased product velocity. Releasing product faster should impact all key business metrics.
  • Hiring: The efficiency gains results in the more output with the same amount of people. People is one of the hardest areas to scale in a company. Hoop reduces hiring pressure by making existing teams more efficient.
  • Culture: Most of Hoop efficiency gains are a result of increasing autonomy of team members in charge of execution. Increasing ownership and happiness at the edges by making people solve their problems with less dependency on different teams. The impacts for DevOps culture are substantial. Learn more.
  • Security: Centralizing authentication using SSO (Google, Okta, etc) and MFA for all tools used by developers, including databases and containers, removes the largest attack vector responsible by all the large data breaches in history: static keys and passwords stored in developers devices.
  • Compliance: The centralization and standardization of audit data created by Hoop fills many requirements and accelerates major certifications like SOC 2, PCI, HIPAA, and others. Hoop tracks who, what, when, why, with whom's approval, and many others; for every single bit of production access.
  • Reliability: The simplicity to build automations on top of Hoop (Runbooks) increases the use of automations reducing the biggest source of service disruptions: manual interventions to production systems without peer review.

Build vs Buy

What if we built Hoop features in-house using open-source tools?
It is not possible to answer this question in a single article section because we would need to detail what it would take to build Hoop, which we plan to do here.
Even so, let's shed some light on some key components and the most efficient way to do it in-house leveraging open-source tools to speed up the process:
Let's look at some key Hoop components and how you could build them in-house:

Authentication

Adding SSO to web apps is easy doable. Things get tricky when doing it for shell and TCP applications, like databases and containers (Kubernetes, ECS, etc). You won't find a lot of help doing this with open-source tools, so to get the Hoop experience you would have to get ready to write some TCP stream binary protocols parsing rules.
But you could say: "We don't care about developer experience or speed." In this case, an alternative would be to spend days setting up SSO in Jenkins or Rundeck. If you don't already have an instance of these apps running (most companies do), reserve a few more days for this. Then a few weeks integrating these tools with the solutions you want to manage access for.
Then you can plan a few weeks to train your engineering team on how to use raw access to all the tools they need to access. Remember the TCP stream binary protocol you didn't implement? It's time to pay the price: you won't be able to abstract complexity with this setup.
In the end you will be looking at 1-2 months of work from your Platform team to get something that developers can use to run an SQL query with SSO, accessing a container on Kubernetes/ECS, or running an awscli command.
This is only for authentication. The good news is that you will re-use most of this work for the next components. The bad news is that you will spend a similar amount of time for each one of the next components.
We won't go over the implementation of other components for now, so hit us up if you want tips on how to do it. But just to give you some sense of what are they in case you're curious:
  • Ubiquitous clients: CLI, Slack app, Web. A diverse set of clients is key for developers adoption of your solution.
  • Dynamic Authorization: leverage contextual data to make authorization decisions, like if someone is reading or writing on a query, and make different decisions based on the context.
  • Unified and Accessible Audit Log: reports on who, did what, when, why, with whom's approval, and so on.
  • PII Data Redact: Machine learning service for redacting PII data in real-time from accessed data.
  • Automation Layer: Easy to build and use automation layer. Make sure developers can go from ad-hoc access to automations in seconds is the key to reduce ad-hoc access in production, and so reducing downtime and security risks