Case Study – Platform Team to DevSecOps Team


Large cloud providers such as Amazon Web Services, Microsoft Azure and Google Cloud Platform all offer prescriptive guidance regarding how to build your own Cloud Operating Model, including typical team structures observed.  This case study provides a real-world example of how it was necessary to transform a team structure and delivery approach to realise the cloud adoption benefits the organisation desired.



An organisation needed to take ownership of a large cloud platform from a third party supplier.  The size and complexity of the system, in particular the single, complex delivery pipeline necessitated an extended handover period to ensure a safe transition of the service and operational stability.



The solution was to lead the knowledge transfer and handover in a way that prioritised the most crucial operations.  Fundamental items such as identity and access management, backup and restore and patching were covered first, followed by how changes were delivered to the most commonly changed components.  Detailed accounts were made of how changes were being made, together with metrics that provided insight into the effort required in making changes.

This required an extensive discovery across the entire estate, working closely with the whole team consisting of over 100 internal and external members of staff. Regular workshop sessions and demos were held, including publishing updates to increase understanding of the existing implementation and help promote engagement and discussion for handover and improvement.

The success of the handover gave the organisation the desire to push forward with changes and new features that had previously been descoped from the original implementation.  This led to exposing weaknesses in several areas, where introducing even a single new service could not be done without substantial manual effort and knowledge of the existing system.

Over a relatively short period of time, it became apparent that the current platform lacked the maturity to cope with business demand.  However, the business still had to function and changes in operational practices, including the impact of Covid-19 resulted in some changes needing to be implemented quickly.  A two-pronged strategy was formed that brought together people from all delivery disciplines to help understand two specific questions;

  1. How can we safely deliver the immediate changes required using a version of the existing delivery and platform approach?
  2. How can we create a new mechanism for delivering changes in a safe, repeatable and scalable way?

The first part of the strategy received very little push-back at a business level and some at a technical level.  The second part of the strategy received significant push-back at a business level and very little at a technical level.  While it may be a relatively well-worn joke that developers love to play with new technology, the data metrics gathered during the handover period and subsequent changes demonstrated change was required beyond what could be achieved with the existing approach.

A strategic outline business case was created highlighting the need to mature the cloud platform to help facilitate the next phase of transformation, including reducing costs and increasing delivery cadence.  The summary paper received backing at board and ministerial level.

Implementing the strategy required a change in the ways of working.  Collaboration across all disciplines helped to produce the beginnings of self-sufficient teams, including close working relationships with in-house security and trusted third parties.  By championing the introduction of containerised services and DevSecOps practices, the organisation could see the long-term benefits associated with a change in both the technology and delivery strategy.


The organisation successfully took complete ownership of the cloud platform and successfully progressed the strategy on both fronts, including making iterative improvements to the efficiency and operations of the service.  The strategic outline business case helped secure funding for the next few years to build an improved platform.