What Are Feedback Loops?

Feedback loops are a common term in IT and business today. But what exactly are they meant to do — and how do they work?

Let’s take a deep dive into this topic, looking at:

• The concept and a brief history of feedback loops
• Feedback loops in DevOps environments
• Positive (reinforcing, amplifying) and negative (or balancing) loops
• Best practices

What is a feedback loop?

The primary idea and goal of a feedback cycle is to identify how the output of a system impacts subsequent system behavior.

Put another way, the “feedback loop” refers to the specific part of any system — devs coding in a software development pipeline, a security operations team doing triage — in which a portion or the entirety of that system’s output is used as input for future work.

The feedback loop itself is typically the final stage of a 4-stage process:

• Stage 1. Input is created.
• Stage 2. Input is captured and stored.
• Stage 3. Input is analyzed.
• Stage 4. The insight gained from analysis is used to make decisions and changes.

Importantly, the type of feedback loop doesn’t matter. The primary function of a feedback loop remains the same for both positive and negative feedback loop types – more on this later in this article.

Use cases for feedback loops

A key concept of modern software development approaches, the feedback loop serves two important goals:

• To understand customer needs.
• To shorten the release cycles, often via operationalizing.

Feedback loops can be used in a variety of domains, not limited to software development, though that is the focus for this article. For example, former Splunker John Stoner talks about the importance of feedback loops in the cybersecurity use case of threat hunting:

“The goal of threat hunting isn't to perform the same hunt over and over again. We want to learn from every hunt, and if a hunt's successful, we must operationalize it. But what does that mean? We need to provide feedback to those who can benefit from what we learned.”

He continues: “Feedback can take many different forms, but to be effective, scalable and repeatable, it should have a process associated with it.”

Brief history of feedback loops

The concept of a feedback loop itself is not new. In fact, the concept has been adopted extensively across a variety of engineering and business domains — far outside its original purpose.

Indeed, the concept of feedback process models in the engineering domain was popularized back in the mid-20th century when mathematician Norbert Wiener studied circular casual systems. This study was a part of cybernetics, a transdisciplinary approach for describing regulatory systems, including biological, mechanical, cognitive, and social.

Feedback loop in cybernetics involves system outputs to behave as input to the system itself. The concept has fundamental principles rooted in natural and man-made systems from ancient Greek history, first appearing in Plato’s Republic as Kybernetes, or ‘(good at) steering’.

(Of course, we know today that Kybernetes has also been adopted by Kubernetes, the open-source container orchestration system.)

Feedback loops in DevOps environments

The DevOps mindset of continually reducing cycle times is achieved by establishing a constant feedback loop. That loop can encompass parts or all of the following:

• The end-user environment
• Any test environments
• The collective functions of software development and IT operations (ITOps)
• Various stages of the software development CI/CD pipeline, including product development, design and even requirements setting

A key differentiation for the DevOps feedback loops is the focus on speed. Feedback is expected continuously: as part of build development, automated testing, CI/CD, and deployment stages.

High-stake features are still developed with extensive planning — but the course of planning is guided by this constant feedback.

The most effective feedback loops run on a short cycle and are left-shifted. This means that feedback is available quickly during early stages of the SDLC pipeline. This allows Devs, Ops and QA teams to reorient their direction based on both:

• Real-world customer expectations
• Challenges identified as part of the feedback cycle

Feedback loop example

For example, let’s say you’re trying out a new feature in an existing app. The feature might roll out on one or two spots, where it works correctly and satisfies the end users (or stakeholders).

Job well done, so let’s roll out this feature more widely.

To do that, in the next sprint, the team rolls the feature out in more locations — and now we can see that on some spots, certain issues are occurring. This is excellent feedback: something needs to be tweaked in order to deliver on the appropriate needs and expectations.

Feedback loops: two types today

Now, coming back to feedback loops and cycles in enterprise IT technologies and SDLC, the two key types of feedback loops are the following:

• A positive feedback loop, also known as reinforcing or amplifying feedback loops
• A negative feedback loop, aka balancing feedback loop

Positive / reinforcing / amplifying feedback loop

The positive feedback loop is focused on the net positive outcomes of an SDLC pipeline.

The feedback loop identifies parameters, decisions and controls that contribute positively toward the success of an SDLC project. This success may be measured in terms of known metrics or unknown external factors such as customer feedback and market trends.

The focus of a positive reinforcing loop is to continue and accelerate such positive behavior metrics in the SDLC pipeline. The idea here is to identify and push the limits:

• How fast can a web service scale without compromising page load speed?
• Which data assets can be stored in public cloud data centers closest to the end-user based on global traffic trends?
• How can we engage the least number of Devs to productively push new feature builds with minimal bugs as part of our current CI/CD pipeline?

A positive feedback loop helps DevOps teams answer such questions that enhance SDLC productivity and performance and reduce the associated risk and costs.

(Image source)

Negative or balancing feedback loop

To achieve rapid release cycles that deliver better quality software and improve end-user satisfaction, organizations migrate from an extensive, thorough, and well-defined waterfall SDLC methodology to a modern DevOps approach.

The agility and pace of a rapid release cycle itself does not alone produce these results. You absolutely still require:

• Adequate collaboration between Devs, Ops and QA.
• A cultural and mindset shift away from traditional waterfall approach to the modern SDLC strategy (which is, arguably, much harder to achieve).

While organizations can identify the pain points, they miss out on the root cause. This is where a negative feedback loop comes in.

A negative or balancing feedback loop helps your SDLC teams identify the decisions, actions, and factors whose output negatively affects the pace and performance of an SDLC cycle.

For example, a Dev team is encouraged to rapidly release new software builds. They tend to overlook or intentionally limit their focus on security flaws introduced as part of the development process. The QA (quality assurance) in DevOps functions with a conflicting goal: all software builds must be secure from the ground up. Devs are expected to write better performing code without the inherent security vulnerabilities.

Therefore, QA stops the CI/CD process until Devs fix the code and commit an updated software build. The resulting slowdown in the software release cycles is attributed negatively to the contributions of the QA, since Devs and business executives may prioritize rapid release cycles with new feature releases pushed to production proactively in response to market trends and customer demands.

As stated earlier: the primary function of a feedback loop in an SDLC cycle remains the same for both reinforcing and balancing feedback loop types. The idea is to identify how the output of a system impacts subsequent system behavior.

Best practices for feedback loops

Every system unit has an impact on the next unit, as well as itself in the next state of the SDLC cycle. Therefore, it is important to use feedback loops as a mechanism to understand problem root cause and opportunities.

• Focus on both the positive and negative feedback loops.
• Train users on understanding, implementing and improving the SDLC cycle based on feedback loops.
• Look at the feedback loop as an end-to-end system with multiple cascading and parallel feedback loops.

Lastly, treat notifications and alerts as an output of a cycle — not a complete feedback loop on their own. Unless, that is, an automated system or a human action integrates their response to alerts within the inputs to the next state of the SDLC cycle.