Netflix uses that model; if someone runs a command through ChatOps that needs elevated privileges, the security team can monitor that and send a message to the user’s phone before the action is confirmed. GitHub also uses two-factor authentication to confirm that the person typing a sensitive command intended to run it, and it gives its Hubot chatbot different privileges in different Slack channels, so salespeople can’t deploy code from their channel, for example.

Slack takes it a step further internally. “If you tell a bot to shut down all the servers, the bot might say ‘you don’t have permission to do that; would you like me to ask your manager for permission’,” Shevat explains.

Cheslock suggests starting by using ChatOps to integrate third-party cloud services; “it likely won't cause hard security questions because you’re not giving a chatbot access to your private secure environment; you’re using it as a way to orchestrate these public services.”

Start with something that will be valuable to a team, suggest Shevat. “Maybe you can’t yet manage source code on ChatOps but you can manage errors on servers; take part of that lifecycle and turn it into ChatOps. Or start with source control, then move into management tools like Trello, and then PagerDuty. Start with something valuable and doable — and if it hasn’t become the standard process after a week or two, revert it. But if you see value after a week or two, choose another and try that.”

“ChatOps won’t be for everyone,” warns Governor, “but teams using modern software toolchains, with agile CI and CD [continuous integration and continuous delivery], are likely to get the most out it. It doesn’t make sense to drive ChatOps as a top-down mandate, but rather for organizations trusting their ops and development teams already.”

