Team-as-Code: How to Apply Platform Engineering to DevOps’ Coding Stage

Learn how secure Cloud Development Environments (CDEs) enable platform engineering to automate the creation and setup of user environments, personalize developer experiences, define and enforce data security policies, and streamline team onboarding at scale.

Published: April 15, 2024

Author:Laurent Balmelli

Article Landing Image

Why Apply a Platform Approach to the Coding Stage

While both parts of the modern software development lifecycle, DevOps and Platform Engineering target distinct challenges.
DevOps focuses on integration and continuous delivery (CI/CD) and teams track metrics such as code deployment frequency, lead time for changes, change failure rate, etc.
Platform Engineering aims for a broader scope: designing and managing the underlying platform that supports DevOps practices. Hence tracked metrics are typically CI/CD platform uptime, resource utilization, tool adoption rate, process automation level, etc.
Platform Engineering has rapidly evolved from providing basic infrastructure to creating comprehensive, self-service platforms such as an Internal Developer Platforms (IDP). In practice, the following domains are increasingly important from a platform perspective:
    • Security: In terms of the need to improve both infrastructure and code security by embedding measures into the development lifecycle.
    • Developer Experience: In terms of the need to reduce complexity and enabling developers to focus on building software without worrying about the underlying infrastructure.
    • Analytics: In terms of the need to offer (AI-assisted) predictive and prescriptive analytics as well as intelligent automation to aid developers and leaders optimize resources and anticipate potential issues.
In general, Platform Engineering contributes to the coding stage in an indirect manner compared to its impact on deployment, monitoring, and operations.
This is done for example by providing standardized development environments (e.g. via container registry), CI/CD services, self-service portals to resources and support, documented API and SDKs, as well as embedding security checks in pipelines.
In this article, I explain how Platform Engineering can also be applied to defining an entire code development project, including the developers’ laptop setups, needed development resources and applications, infrastructure and code security policies, and the organizational policies related to the team’s onboarding, including budget planning and other predictive governance information. This allows organizations to automate the deployment and setting of an entire development effort.
Platform Engineering automates setup and onboarding
Figure: Applying Platform Engineering to the coding stage automates the setup and deployment of an entire project including team onboarding, development devices, resource access control, policies and governance requirements.
This application aligns with the three axes that I mentioned above, notably:
    • by enforcing security and organizational compliance policies both from an infrastructure and code perspective before any code reaches the build pipelines,
    • by personalizing the developer experience to the level of each development device that is provided to them by the organization, and
    • by leveraging analytics for the sake of governance and compliance to the execution of a project before it even started.
To enable Platform Engineering to address the above concerns, one can use the capabilities of secure Cloud Development Environments (CDE), an emerging technology that I have been writing about extensively in previous articles and that my company has been pioneering.

The Breadth of Secure Cloud Development Environments

The technology of CDEs has been identified recently in Gartner’s Agile and DevOps report as an emerging technology. I’ll start by briefly explaining the difference between CDEs and Secure CDEs.
CDEs and Secure CDEs offer distinct approaches to managing the development process, each with a focus on enhancing productivity, security, and governance within software development projects. Both provide a platform for software development that moves traditionally local development activities to the cloud with benefits explained here.
Secure CDEs, while incorporating the core advantages of traditional CDEs, place a strong emphasis on security measures to protect development assets. This approach is integral to protecting intellectual property and sensitive data from threats such as exfiltration and infiltration​​​​.
Secure CDE Setting protects against data leaks
Figure: In contrast to CDEs (left), Secure CDEs (right) provide proxied access to resources and applications using a combination of IDE and secured web browsing to protect the organization’s data against data leaks.
In the context of serving a Platform Engineering approach and automating the process of onboarding an entire development team, the key advantage of Secure CDEs over other CDEs is that they address a broader set of concerns, notably around developer experience, DevOps productivity, as well as security.
Also, I explain in this article that Secure CDEs are providing a renewed approach to DevOps core principles, namely the principles of flow, feedback, and continuous learning. Hence their impact is not limited to bettering Platform Engineering automation.
Describing the full architecture of a secure Cloud Development platform—which delivers Secure CDEs—would take us off-topic. Hence I recommend that interested readers refers to this article.

Breaking Down Access to the Desktop Monolith

Platform engineering aims at reducing the cognitive load of developers primarily to enhance productivity and focus, typically by fostering standardization and simplification of tools and processes.
Key benefits include a heightened focus on core tasks, improved quality and consistency, enhanced collaboration and my favorite one: increased innovation, i.e. by freeing brain cycles to experiment with new ideas.
Let’s look at an additional aim around reducing cognitive load that I did not include in the above list: faster onboarding.
While this is a concern addressed by Platform Engineering, notably by standardizing development environments, there are still numerous set-ups tasks that developers and support teams must handle to onboard an entire project team.
This includes personalizing development environments to their liking (environment files, tool customizations, etc.), configuring their favorite tools and more. In addition, support teams need to make sure that all security and compliance controls are in place. Take, for instance, how risk controls applied to internal and offshore teams are likely to vary significantly.
This is where Secure CDEs provide additional granularity to enable automation in order to execute a secure and compliant onboarding, starting from organizational requirements, down to each developer’s personal preferences.
In a previous article, I have explained that the use of Secure CDEs and, in practice, of a secure Cloud Development platform enables organizations to deliver an abstraction of a secure developer laptop, referred here to as a workspace for simplicity.
In effect, a workspace replaces the use of a virtual desktop with data loss prevention to address security concerns over intellectual property protection (a typical approach by many organizations), while jointly providing additional security and productivity advantages delivered by Secure CDEs.
In the figure below, I depict how the abstraction covers concerns around developer experience, resource consumption and data access control, as well as security policies attached to the operational aspects of the team. Hence the stakeholders to a virtual incarnation of the secure developer laptop are, at a minimum, developers, platform engineering teams and security teams.
Strong Network workpspace replace a secure laptop
Figure: A workspace is an abstraction of a secure developer laptop that covers the needs of the stakeholders mentioned in the figure, namely developers, platform engineering teams (with concerns around resource usage, tools and data access, etc), and security teams.
In contrast, accessing a secured virtual desktop (think of Citrix VDI) is akin to providing a monolithic infrastructure component to developers and IT teams, where most of the set-up that I mentioned before is left as a burden to individual contributors.
Hence, the use of a template to configure Secure CDEs is the key to enable Platform Engineering (API-based) programmatic automation to achieve the full onboarding of a development team. Essentially, it provides a means to implement a 'team-as-code' concept.
In sum, the granularity of the template’s parameter metaphorically breaks the virtual desktop monolith.
While the actual parameters of the template are left to the platform’s implementation, I give a depiction of the common concerns addressed by the implementation of our own platform at Strong Network. In particular, we provide a text-based representation for the template in YAML such that templates can be easily edited and version-controlled.
automate the deployment of development projects
Figure: The template parameters to define Secure CDE allow organizations to break the virtual desktop monolith and automate the deployment of organizationally-compliant development projects using a “team-as-code” approach.

How to Build and Deliver your Team-as-Code

Now that the main technology components are in place, I’ll address the process automation aspect of implementing a team-as-code approach.
Platform engineering implementations often leverage the use of an API in order to choreograph the successive operations realizing the automation. Here this approach works as well and the entire team onboarding and setup process can be laid out as follows:
    1. Create a project within the organization that hosts the team.
    2. Onboard the different users on the project with their respective roles.
    3. Create a series of workspaces from pre-created templates that capture data access control permissions and security policies.
    4. Assign the workspaces to individual users.
    5. Authenticate the individual users to the resources assigned to their workspaces.
    6. Personalize each workspace based on the individual user's preferences.
Note that, some of these steps are performed jointly but laid out as above for clarity. Also, executing such a sequence in practice using any one of the big Clouds (Azure, AWS, GCP, etc) takes under a minute.
Finally once workspaces are running users can log in to the platform and start coding.
Note that such an API sequence can be triggered from any Project or ITSM tool such as Altassian’s Jira or ServiceNow. The figure below illustrates the use of a project management tool to create the team setup via the API.
API Project management tool
Figure: Create a team-as-code from your project management tool using a series of API calls that leverage workspace templates, policy definitions and anticipate settings using analytics.

Approach’s Benefits and Opportunity for Analytics

The use of Secure CDEs provides granular access to platform engineering teams in typical governance topics that are assigned to them, for example: tool sprawl reduction, productivity improvement, policy enforcement, scalability increase, and security strengthening.
While many of the needs in these areas are addressed by Internal Developer Platforms (IDP), Secure CDEs allow organizations to tackle them starting from the coding stage with granular control over developer workspaces and the policies that surround the onboarding of a team on a particular project. Without access to a platform that manages Secure CDEs, such an early grip on project setup automation is out of reach from current IDP capabilities.
Here is a summary of the benefits of the approach to the aforementioned topics:
    • Tool Sprawl: Organization can enforce the use of IDEs, with an approved set or plugins, and the use of a standard browser with approved extensions. In addition, Secure CDEs are automatically configured to use standard software stacks (the underlying container definitions) and a suite of DevOps and DevSecOps tools.
    • Productivity: Secure CDE templates, as shown in one of the previous figures, enable users and teams to create complex workspace setups. These templates are readily available for self-serve access, significantly reducing the time needed to start or onboard a team on a new project on complex, pre-configured workspaces.
    • Policy Compliance: The templates also allow multiple stakeholders to enforce compliance rules using a single framework supported by the platform team. From DevOps teams to security teams, compliance around software stacks, dependencies, role-based access control, and data security are part of the team-as-code definition.
    • Security: Secure CDEs allow organizations to address security across multiple facets with a unified approach:
    • security against data exfiltration by defining data loss prevention measures across the entire workflow of developers.
    • security against data infiltration by protecting against data that might be added to the project inadvertently (credential, licenced code etc) or maliciously (malware), and finally,
    • code security measures by setting-up the environment such it enforces the systematic use of code and supply chain (SBOM) security tools.
In addition to the above benefits, in my opinion the most exciting aspect of moving code development online with Secure CDEs is the opportunity to collect both predictive and prescriptive analytics.
A simple example of predictive analytics is resource cost budgeting when onboarding a team in the scope of a time-bounded project.
In that case, past workspace activities and resource allocation by the underlying infrastructure (e.g. Kubernetes) are leveraged to assess the likely Cloud consumption by the project team during the time period. Platform engineers can implement the predictive analysis using API calls such as the one depicted in the figure.
Metric platform API
Figure: The platform API allows organizations to retrieve a trove of metrics extracted from the workspaces and the underlying infrastructure. In turn, these metrics can be transformed into predictions and prescriptions for the project operations.
Another example of, this time, a prescriptive analysis is project resource sizing, i.e. figuring out the necessary computational resources to work on a specific project. In this case, a capability of our platform is to embed real-time collections of measurements during workspace activities.
These measurements allow organizations to estimate the necessary resources by comparing metrics such as the average project building time across the project timeline and align productivity expectation with best-practices, e.g. to minimize idle time.
In conclusion, Secure CDEs provide a means for platform engineers to grab control of development project definitions, their associated needs around resources and organizational compliance, in order to implement mechanisms to ensure productivity and governance.
---
All material in this text can be shared and cited with appropriate credits. For more information about our platform, please contact us at hello@strong.network
Copyright © 2020-2024 Strong Network All rights reserved.

Recomended Reads

team_as_code_webinar_cover_image
Tech Brief

Team-as-Code: How to Apply Platform Engineering to DevOps’ Coding Stage

Learn how secure Cloud Development Environments (CDEs) enable platform engineering to automate the creation and setup of user environments, personalize developer experiences, define and enforce data security policies, and streamline team onboarding at scale.

Read more

19/07/2024

the_need_for_secure_cloud_development_environments_webinar_cover_image
Tech Brief

The Need for Secure Cloud Development Environments

In this article, I am discussing why organizations need Secure Cloud Development Environments (CDEs) for onboarding efficiently and securely diverse, global development teams. I review the benefits and challenges around this new approach to CDEs. Read how Secure CDEs are different from “standard CDE” like the ones from GitHub Codespace, GitPod or Coder.

Read more

17/06/2024

genai_secure_cdes_webinar_cover_image
Tech Brief

Enterprise Compliant GenAI Coding with Secure Cloud-Based Development

In this article, we look at how GenAI practices can be made secure, compliant and productive for application development across the enterprise. In particular, we look at the main threats of using AI for code development and explain four key reasons why a Secure CDE platform is a key enabler to deploy a GenAI enterprise strategy.

Read more

10/06/2024

rediscover_devops_webinar_cover_image
Tech Brief

Rediscovering DevOps' Heartbeat with Secure CDEs

Cloud Development Environments are pivotal in DevOps, streamlining the path from development to deployment. In this brief, I look at how they enhance the core DevOps principles: flow, feedback, and continuous learning. I focus on secure CDEs and the advantages of online coding, to show how they bring DevOps principles closer to developers and improve application development.

Read more

07/05/2024

key_differences_webinar_cover_image
Industry Brief

Securing Development: Differences in VDI, Browsers and CDEs

Which technology to secure your development process against data leaks? Check the key differences between the use of virtual desktops, enterprise browsers and secure cloud development environments along dimensions such as applicability to the development process, security and developer experience.

Read more

06/05/2024

the_virtual_secure_developer_laptop_webinar_cover_image
Industry Brief

How Secure Cloud Development Replaces Virtual Desktops

In this article, I discuss how modern virtualization and security advancements have led to technology that enables the online delivery of secure development environments, eliminating the need for a virtual desktop infrastructure and secure development laptops.

Read more

07/03/2024

software_development_outsourcing_operational_efficiency_webinar_cover_image
Industry Brief

How to Work with Remote Teams with Secure CDEs

Secure Cloud Development Environments (CDEs) have transformed software development, especially for organization facing challenges in remote collaboration settings. I explain here how these environments secure and streamline collaboration across geographically dispersed teams and allow organization to save costs.

Read more

12/02/2024

made_cde_secure_webinar_cover_image
Tech Brief

Why and How We Made Cloud-Based Development Secure

This article is a short story of why and how my co-founder and I created the first Secure Cloud Development platform to jointly address the efficiency and security challenges of cloud-native application development. In particular, I explain how Secure Cloud Development is different from other Cloud-based development approaches and our target market.

Read more

06/02/2024

the_trusted_liquid_workforce_webinar_cover_image
Industry Brief

The Trusted Liquid Workforce (Revisited)

In this revisited version of my 2022 article on the subject of managing a remote development workforce, I discuss strategies to securely incorporate a 'liquid workforce', exemplifying the use of secure Cloud Development Environments to implement digital trust while providing flexibility to developers when working remotely.

Read more

02/02/2024

devops_link_cdes_webinar_cover_image
Tech Brief

Brief History of DevOps and the Link to Cloud Development Environments

In this article, I use the famous DevOps HandBook to regurgitate a concise history of DevOps, add my personal experience and opinion, and establish a link to Cloud Development Environments (CDEs), i.e. the practice of providing access to, and running, development environments online as a service for developers.

Read more

31/01/2024

strong_frog_practice_webinar_cover_image
Tech Brief

Strong DevSecOps Practices With JFrog

Cloud Development provides the ability to manage development environments in a centralized manner, allowing organizations to ensure uniform security policies and regulatory compliance across all projects. One way to implement code security policies with Strong Network is by using JFrog’s platform. In this article, we detail the process and benefits of using JFrog’s solutions to achieve this goal.

Read more

16/01/2024

secure_cloud_development_ten_tenets_for_enterprise_security_webinar_cover_image
Industry Brief

Secure Cloud Development:Tenets for Enterprise Data Security

In the article, we discuss the critical role of data security in the cloud for enterprises. In particular, we review ten security tenets and highlight how Secure Cloud Development Environments (CDEs) are essential for protecting sensitive data, ensuring regulatory compliance, and maintaining customer trust.

Read more

10/01/2024

sirius_reduces_it_costs_with_secure_cdes_webinar_cover_image
Case Study

How Sirius Tech Reduces IT Costs by 46% With Secure CDEs

The case study describes how Sirius Technologies reduced IT costs by 46% by adopting Strong Network's Secure Cloud Development Environments (CDEs). This strategy enhanced productivity and security, streamlined onboarding, and improved resource management, particularly for a distributed workforce and BYOD policy.

Read more

07/01/2024

what_are_cdes_webinar_cover_image
Tech Brief

What is a Cloud Development Environment?

A Cloud Development Environment (CDE) is implemented with a container or virtual machine accessible for the purpose of supporting code development activities. Here is a brief history of this technology, how it was recently recognized as a Gartner category and a summary of the benefits of coding online.

Read more

14/11/2023

thwarting_the_theft_of_oauth_session_tokens_webinar_cover_image
Tech Brief

Preventing the Theft of OAuth Session Tokens

In this blog, we explore the rising trend of cyberattacks targeting session tokens, illustrating their impact through recent high-profile cases, and explain how online, secure Cloud Development Environments (CDEs) can fortify your DevOps process against such threats.

Read more

10/02/2023

how_zero_trust_architecture_design_enables_global_business_processes_webinar_cover_image
Industry Brief

How Zero-Trust Enables Global Business Processes

In this article, we address the security challenges posed by globalization in code development and data science processes, discussing the implementation of dynamic, zero-trust security architectures and how they can protect intellectual property in distributed work environments.

Read more

26/05/2021