Posts Tagged platform-engineering

Security as an Enabler: Building Trust into Your Platform

Security as an Enabler: Building Trust into Your Platform

In previous articles, we looked at how platform engineering fixes infrastructure chaos, enables self-service, and improves developer workflows. These pillars work together to boost both developer productivity and organizational speed.

But there’s still one critical element that can make or break all this progress: security.

Traditional security efforts — even “shift-left” initiatives — often create friction instead of clearing the way for innovation. Embedding security directly into your platform changes that. By weaving in policy-as-code, centralized secrets management, and identity-based authentication, you turn security from a blocker into an enabler. And with the right metrics, you can measure how well your platform balances protection and speed.

Read more →

Why Choose Pulumi Cloud Over DIY Backends?

Why Choose Pulumi Cloud Over DIY Backends?

Pulumi Cloud empowers engineers to automate, secure, and manage modern infrastructure platforms.

Many companies are building internal developer platforms or modern infrastructure platforms to provide developer self-service while maintaining security and compliance. Companies adopt Pulumi IaC so they can apply software engineering practices to their infrastructure scaling problems and because it is fully open source with a strong community and public roadmap.

At Pulumi, we’re committed to open source—always have been; always will be. Pulumi IaC is entirely open source (Apache 2.0 license), meaning you can adopt and extend it however you like. If you’re new to Pulumi, the open source edition is an excellent way to start modernizing your infrastructure. But as your organization grows and the complexity of your environment increases, you may find yourself devoting significant time to rolling your own enterprise IaC backend features.

Read more →

Developer Experience: From Friction to Flow

Developer Experience: From Friction to Flow

In the last article in this Platform Engineering Pillars series, we explored how self-service infrastructure sets developers free from bottlenecks and dependency gates. By providing reusable infrastructure modules and intent-based configurations, platform teams dramatically reduce infrastructure friction. This sefl-service then powers faster deployments, increased autonomy, and fewer delays.

But infrastructure provisioning alone doesn’t ensure happy, productive developers. Even with efficient, streamlined infrastructure interactions, developers still battle daily hurdles: from inconsistent local dev setups and sluggish CI/CD pipelines to poor documentation and fragmented knowledge. These obstacles quietly chip away at momentum, reduce feature velocity, and increase operational overhead.

Read more →

Provisioning: From Chaos to Control

Provisioning: From Chaos to Control

Provisioning is the first pillar of platform engineering. Without consistent infrastructure provisioning – the automated creation and management of the underlying cloud resources – the rest of the platform suffers. Self-service, governance, and streamlined developer workflows all depend on it. Ultimately, a self-service layer on top of your cloud infrastructure is the goal, enabling developers to quickly and safely provision the resources they need, while adhering to organizational best practices and policies. But before self-service, the foundation of a good IDP is a robust and reliable provisioning system.

By defining cloud resources as code and automating deployments, platform engineering teams ensure every environment – development, staging, and production – stays consistent and maintainable. This cuts down on configuration drift, reduces manual work, and supports auditable, collaborative workflows for every change.

Let’s explore how platform engineering teams can achieve this by version-controlling infrastructure, automating deployments, separating environments properly, and limiting console interventions. By applying these principles, teams can create a platform where developers can move fast without breaking things, and where infrastructure supports innovation rather than slowing it down.

Read more →

Platform Pillars: Build Platforms, Not Infrastructure

Platform Pillars: Build Platforms, Not Infrastructure

Software drives innovation. Development teams face pressure to ship features faster. But speed collides with infrastructure complexity. Developers struggle with cloud setups, juggle scattered tools, and wait on operations teams for resources. The result is friction and slower innovation.

This is where Platform Engineering comes in. It helps developers move faster by creating tools that actually work. A good internal platform lets teams self-serve infrastructure, find documentation, follow best practices, and focus on what they do best: writing useful software.

Building a platform isn’t about finding one perfect tool. It’s about assembling the right pieces, or pillars. These pillars define what every successful internal developer platform needs.

This series explores these key pillars of Platform Engineering, offering a practical guide to building platforms that remove barriers to developer speed. Each pillar addresses a specific challenge organizations face when scaling developer productivity. The first challenge is overcoming infrastructure chaos.

Read more →

Integrating DevOps and Security in Platform Engineering

Integrating DevOps and Security in Platform Engineering

Platform engineering has become essential for mid-to-large organizations, moving beyond a DevOps trend. Gartner predicts that by 2026, 80% of software companies will have internal platform services to streamline development. The goal is to empower developers with self-service tools while maintaining security, compliance, and reliability through DevSecOps practices.

At PulumiUP Europe 2024, experts shared insights on aligning DevOps with security to build scalable, secure platforms:

  • Jess Mink, Sr. Director of Platform Engineering at Honeycomb
  • Kief Morris, Global Head of Infrastructure Engineering at ThoughtWorks
  • Lindsay Jack, VP of Engineering & Security at Snyk
  • Nariman Aga-Tagiyev, Application Security Architect at WiseFrog Security
  • Komal Ali, Engineering Manager at Pulumi

The panel discussed key strategies, challenges, and pillars of successful platform engineering.

Read more →

DevSecOps Game-Changer: Security Automation That Delivers Business Results

DevSecOps Game-Changer: Security Automation That Delivers Business Results

Organizations are under constant pressure to deliver new products and features faster than ever. But speed alone isn’t enough—businesses must also navigate the complex challenges of ensuring security and managing infrastructure costs effectively.

Enter DevSecOps - the strategic integration of security practices into the DevOps workflow. By automating security processes, organizations can achieve improved speed, scalability, and business impact, all while ensuring security remains a priority.

Tivity Health, a leading health and fitness solutions provider, has embraced this DevSecOps approach using Pulumi, a modern infrastructure as code (IaC) platform. During PulumiUP 2024, David Giambruno, Tivity Health’s VP of Engineering and DevOps, shared how, by leveraging Pulumi, he led the transformation that continuously drives remarkable results in speed, cost savings, and security.

Read more →

YAML, Terraform, Pulumi: What’s the Smart Choice for Deployment Automation with Kubernetes?

YAML, Terraform, Pulumi: What’s the Smart Choice for Deployment Automation with Kubernetes?

YAML and Kubernetes go together like peanut butter and jelly. While Kubernetes objects can be defined in JSON, YAML has emerged as the de facto standard.

It’s often the first tool developers encounter when diving into Kubernetes, and for good reason - its human-readable format makes it the preferred choice in most tutorials, documentation, and even production deployments.

Read more →