Background
Over the past decade, the media industry has evolved from a relatively stable environment with a few major incumbents to a hyper-competitive domain where consumers increasingly expect digital on-demand services with high degrees of personalisation. Australia has not been spared from this disruption, with local market operators now competing with international cloud-first businesses who have rapidly claimed audience share and advertiser revenues, placing additional pressure on Australian broadcasters who are a major source of funding for local content production.
Our client, a trusted Australian brand in the broadcast and media vertical, acknowledged this changing media landscape and its battle with declining revenues and budgets due to disruption from non-traditional competition and partnered with Sourced to assess the state of their technology architecture and operations. Recognising that hyper-scale cloud platforms hold the keys to enabling new business models and agile service delivery that meet these rapidly changing customer demands, Sourced was engaged by the client due to our proven track record of helping top-tier enterprises navigate the complexities and risks of such transitions.
The client’s five-year vision for its future technology services and operations was to move away from the traditional domain silos where expertise and responsibilities are concentrated into a set of waterfall-like hand-off points between teams (storage, hosting, windows, etc.), to a scaled agile framework-orientated structure with agile product delivery teams organised by business value streams.
The following case study describes the joint approach by our client, Sourced and Amazon Web Services (AWS) to enable this vision.
Strategy and Approach
Stream 1 – Platform Development and Cloud Operating Model Enablement
To enable a transition to a scaled agile delivery model for its teams, our client required confidence that it could scale the use of cloud services for its product teams whilst maintaining organisational standards covering security, risk, cost control and operations in alignment with its corporate charter, risk and security posture.
In partnership with the client and AWS, we commenced a program of work led by the Sourced Project Services team and cloud consultants to establish a Cloud Centre of Excellence (CCoE) with enterprise core foundations services in AWS along with appropriate management automation, platform consumption models, standard operating procedures and control operations.
The team delivered a scalable enterprise foundations framework with accompanying operating model and risk controls; these included:
- Accounts and VPC provisioning;
- AWS organisations and IAM integration;
- Direct connects and secure network integration to on-premise services;
- Cloud squid proxies;
- Cloud bastions; and
- Standardisation of Standard Operating Environment (SOE) management best practices.
The team, in collaboration with the client, elected to develop multiple consumption and support models for the platform to facilitate different modes of consumption and flexibility based on team maturity and controls/risk appetite in the environment.
These models entailed:
- Open Consumption leveraging post deployment detective controls only – This is intended for teams with well-established cloud native practices with demonstrable understanding in cloud risk management;
- Governed DevOps Consumption: This is in the form of pre-deployment and post-deployment restrictions using a proactive control model in Bamboo CI/CD plans. It is intended for product teams seeking to establish a DevOps practice but who do not have the demonstrable skills and experience to deploy their workloads to open consumption whilst managing their risk footprint; and
- Assisted Long Lived – long-lived patching and operational support for monolithic edge-case applications provided by the CCoE.
These services and consumption models were delivered iteratively to ensure that application migration streams, working in parallel, could exploit platform releases as they progressed their application deployments into AWS towards being production hardened.
In conjunction with core shared services and the consumption tools and controls, the team designed and implemented key auxiliary services including;
- Onboarding to Sourced’s dedicated Splunk-as-a-Service platform and ingestion of VPC flow logs, CloudWatch logs, CloudTrail event alerts and guard duty event alerts;
- Development of mission critical security and operational alerts in Splunk and PagerDuty;
- Onboarding of all corporate AWS accounts to Evident.io and development of custom signatures for risk/threat vectors;
- Integration of Evident.io breach alerts to CCoE Slack alerting channels.
As part of the development of these competencies, a successful change management plan execution allowed a transition to target state operating model which encompassed:
- Developing the corporate cloud governance charter and initiation of the strategic cloud steering and working group;
- Operations and security game days by placing documented operational Standard Operating Procedures (SOPs) under duress to test their effectiveness; and
- Development and implementation of enterprise cloud controls management plans to ensure the effective ongoing management and iteration of services and controls critical to the sustainment of the enterprises cloud operations risk posture.
Stream 2 – Transform Application Teams to the DevOps Ways of Working and AWS Migration
The second stream of the program was focused on the development of culture and competencies required to shift the organisation from infrastructure, applications and operations silos towards modern DevOps and agile value stream practices with teams organised into product-centric squads.
The client handpicked a team of application developers and support staff who would be the foundation of the new product-centric cloud practice.
Under the guidance of Sourced project services and cloud consultants, who formed a hybrid migration and training squad around the client’s staff, the squad;
- Completed a risk-assessment and prioritised 15 legacy applications for refactoring;
- Re-architected applications for stateless DevOps deployments using governed DevOps platform consumption model;
- Conducted end-to-end testing and business verification across multiple business units;
- Optimised AWS resource utilisation for workloads;
- Provided operational training of team members to conduct outage-less, blue-green deployments of the application stacks;
- Provided implementation of application onboarding procedures to monitoring tools and dashboards;
- Conducted simulations of application operational events and team responses required for apps deployed in AWS.
Results & Benefits Delivered
- Automated core foundations platform implemented with more than 20 apps on-boarded, including mission critical cloud streaming services;
- Operating model for supporting core services and controls at scale implemented with Cloud Centre of Excellence staff taking effective ownership of the platform operating model, standard operating procedures and controls for further iteration in BAU;
- Evident.io and Cloudability providing near real-time situational awareness of the security, risk and cost footprints across all AWS accounts in the enterprise;
- 15 applications refactored to stateless CI/CD deployments and production source of truth migrated to AWS; and
- Six application development and operations staff trained and immersed in the product DevOps ways of working; this team has continued to drive additional migrations to AWS in a Business as Usual capacity after the completion of the program as well as taking on internal cloud evangelism duties.
Matt Coombe has over 17 years of experience in the technology sector, specialising in the financial services industry and regulatory ecosystem across Australia, New Zealand and North America. Matt has led the planning, execution and operation of the hybrid cloud transformations on Microsoft Azure, Google and AWS platforms for some of the largest and most security-conscious banks globally.
