Zurück zur Übersicht
DatE
January 5, 2026
Reading Time
8 Min.

Self-service meets governance: How modern platforms solve the dilemma

Architecture
DevOps

By

Mirko Quarg

Mehr lesen
Generated with DALL-E 3

The Dilemma

Imagine this: your development team needs a new database. Immediately. A critical feature is waiting to be shipped. Time to market is crucial.

What happens? A ticket is created. It moves through multiple departments. Security reviews it. Compliance reviews it. Infrastructure plans it. Three weeks later—if you’re lucky—the database is ready.

In the meantime? Your competitor has already shipped the feature.

That’s not just frustrating. It’s expensive. Real money.

The two Worlds

Do you know the image? Two cats facing each other, tense. Both ready to fight, both suspicious. That’s exactly what IT organizations often look like:

The Developer Cat:
Wants to be productive. Deploy fast. Drive innovation. It sees only obstacles and waiting times. Its back is arched, stuck in a defensive stance.

The Governance Cat:
Wants to enforce standards. Ensure security. Guarantee compliance. It sees only risks and uncontrolled deployments. It sits upright—calm, but alert.

Both are right.
Both lose.

The Business Impact – The hidden Costs

The costs of this conflict are real and measurable:

Delayed Time to Market

Every week spent waiting for infrastructure is a week in which your competitors pull ahead. In digital markets, that can mean the difference between market leadership and irrelevance.

Overloaded Teams

Generated with DALL-E 3

Your governance team is overwhelmed by manual requests. Every ticket becomes a bottleneck. Your best people spend their time on routine tasks instead of strategic initiatives.

Shadow IT

When the official path is too slow, developers start digging tunnels. They create their own cloud accounts. They use unvetted services. The result? Compliance risks, security gaps, and uncontrolled costs.

Frustration on Both Sides

Developers feel blocked. Governance feels overrun. Collaboration suffers. Good people leave the company.

Critical Infrastructure (KRITIS): When Governance Is Non-Negotiable

For organizations operating critical infrastructure, the situation becomes dramatically worse. The NIS2 Directive, the German IT Security Act 2.0, and BSI Baseline Protection are not recommendations. They are obligations—with serious consequences if they are not met.

On top of that come industry-specific requirements: BAIT and DORA for banks, VAIT for insurance companies. Every industry has its own regulatory hurdles.

The central question is no longer “Do we need governance?” but “How do we implement it without paralyzing the organization?”

Is that even possible—agility AND compliance?

Yes.
But it requires a paradigm shift.

The Solution: The Cloud Operating Model

The answer isn’t more processes or stricter controls. It lies in a fundamental rethink of how we structure IT organizations.

The Organizational Framework

Platform Teams (centralized):

  • Build and operate the infrastructure platform
  • Define secure, compliant standards
  • Develop self-service APIs for other teams
  • Enforce governance rules technically

Workload Teams (decentralized):

  • Develop and operate applications
  • Use platform services independently
  • Work within defined standards
  • Can focus on their core business

Note: The Team Topologies framework by Matthew Skelton and Manuel Pais defines additional team types, such as Enabling Teams (support learning new skills) and Complicated Subsystem Teams (for highly specialized technical areas). For implementing a Cloud Operating Model, however, Platform and Workload Teams are the core building blocks.

Generated with DALL-E 3

The four Core Principles

  1. Clear Separation of Responsibilities: No more gray areas. Everyone knows where their responsibility begins and ends. Platform teams define the “how”, workload teams focus on the “what.”
  2. Standardized Interfaces: Teams don’t communicate via tickets—they communicate via APIs. Platform teams build infrastructure services that other teams can use just like any other software service.
  3. Self-Service with Guardrails: This is the core: freedom within defined boundaries. Developers can act independently—but only within secure, prebuilt patterns. Like driving on a highway: you can go as fast as you want, but the guardrails keep you on the road.
  4. Automation over Processes: Governance is enforced through code, not people. Technical controls replace manual approvals. The system checks, validates, and enforces automatically and consistently.

The Key Difference

Traditional: Governance as gatekeeper. Every request is manually reviewed. Humans are the bottleneck.

Modern: Governance as enabler. Rules are embedded in code. Systems check automatically. People focus on strategy, not routine tasks.

The Technical Implementation: Platform Engineering

But how do you implement such an operating model technically?

This is where Platform Engineering comes in—one of the most important developments in enterprise IT in recent years. Tools like Crossplane make this approach possible.

What is Platform Engineering?

Platform Engineering treats infrastructure as a product. Platform teams build internal products for other developer teams. These products are:

  • Self-Service: Developers can use them independently
  • Standardized: Based on best practices and compliance requirements
  • Reusable: Built once, used multiple times
  • Documented: Clear APIs and instructions

A Practical Example

Let me make that more specific:

Before (ticket-based):

  1. Developer creates ticket: “Need an application environment with database, monitoring, and external access.”
  2. Ticket goes to infrastructure team
  3. Infrastructure team manually creates Kubernetes deployment, service, database, network policies, monitoring config, gateway routing
  4. Security reviews configuration
  5. Compliance approves

After (platform-based):

  1. Developer uses a self-service portal or simple YAML file
  2. Defines what they need: “Application, 3 replicas, internet access, monitoring”
  3. Platform automatically provisions all required resources
  4. Security checks are built in
  5. Compliance is automatically ensured

What This Means for Your Organization

  • Faster Provisioning: From weeks to minutes
  • Reduced Manual Work: Your team can focus on value creation
  • Zero Shadow IT: The official path becomes the easiest path
  • Compliance: Automatic, not optional
  • Audit-Ready: Full traceability through GitOps

The Governance Advantage

Platform Engineering isn’t just good for developers—it’s even better for governance.

Control Through Code, Not People:

  • Standards are defined once and enforced automatically
  • No more manual reviews for standard requests
  • Eliminates human errors
  • No exceptions without explicit code changes

Complete Traceability:

  • All changes versioned in Git
  • Automatic audit trail
  • Compliance reporting at the push of a button
  • Forensics for troubleshooting

Scalability:

  • One pattern can be used thousands of times
  • Governance team doesn’t need to grow linearly with the organization
  • Central updates propagate automatically

The Transformation: From Bottleneck to Enabler – The Partnership

Generated with DALL-E 3

The Real Magic Happens in Collaboration

Developer Perspective:

  • “I can be productive immediately.”
  • “The platform gives me what I need.”
  • “Compliance isn’t my problem—it just works.”
  • Result: Productivity, innovation, satisfaction

Governance Perspective:

  • “Standards are enforced automatically.”
  • “We define patterns, the system validates them.”
  • “We can think strategically instead of processing tickets.”
  • Result: Control, efficiency, value creation

A Win-Win for Both

Here’s the core: it’s no longer a zero-sum game. Developers gain speed. Governance retains control. The organization gains both agility and security.

The Path Forward

The good news: you don’t have to transform everything at once. Moving to a modern platform organization is iterative.


Lessons Learned: What We’ve Learned

  1. Operating Model First, Technology Second: The best tools won’t help if the organization isn’t ready. Define responsibilities first, then choose the technology.
  2. Start Small, Think Big: Don’t try to transform everything at once. A successful pilot convinces more than the best concept paper.
  3. Developer Experience Is Crucial: If your self-service is more complicated than shadow IT, developers will use shadow IT. The official path must be the easiest path.
  4. Bring the Governance Team Along: Platform engineering isn’t a threat to governance—it’s an upgrade. But it must be communicated.
  5. Show Measurable Results: “Time to Database” from 3 weeks to 2 minutes. “Manual Work” from 8 hours to 0. Numbers like these convince.

Conclusion: The Time Is Now

Digital transformation won’t wait. Your competitors are already transforming. The question isn’t “if”—it’s “when” and “how.”

The dilemma between self-service and governance can be solved. Modern platform approaches prove it: both are possible. Agility and compliance. Speed and security.

The first step is the most important: recognize that there is a better way.

Further Resources

  • Gregor Hohpe: Platform Strategy – Innovation Through Harmonization
  • Gregor Hohpe: Cloud Strategy – A Decision-Based Approach to Successful Cloud Migration
  • Team Topologies: Organizing Business and Technology Teams for Fast Flow
  • CNCF Platform Engineering Maturity Model

knowledge

What interests us

View all articles
Self-service meets governance: How modern platforms solve the dilemma
Read more
Digital Product Passport: Obligation, Opportunity, and Knowledge Bridge
Read more
Why Your API Confuses AI Agents – The Problem with Cognitive Load
Read more
What exactly are APIs – and why is this question more important than it sounds?
Read more
© pentacor GmbH
Imprint