Platform engineering vs. DevOps vs. SRE

As platform engineering matures, organizations are looking for ways to best blend platform engineering, DevOps, and SRE in their operating models. Here is a proposal for differentiating concrete team responsibilities.

Luca Galante

Core contributor @ Platform Engineering

•

Published on

January 21, 2025

Whether you look at the growing adoption of new industry standards like reference architectures and the MVP framework, or even just at the quality of talks and conversations at events like KubeCon and PlatformCon, it’s obvious that the platform engineering space has been maturing quickly.

At the same time though (and like most trends) we still see a lot of simplistic rebranding. Teams that used to be SysAdmins or Ops and had rebranded to DevOps because it was cooler and made more money, are now doing the same thing and rebranding to platform teams for the same (wrong) reasons. This further confuses the industry as to what are the actual differences between DevOps, SRE and Platform Engineering.

This also doesn’t help engineering organizations that are trying to figure out the right operating model combining platform engineering, SRE and DevOps that can work for them. What is the right operating model to win?

DevOps was never meant to be a job title of course. It was a cultural shift meant to tear down silos and walls between devs and ops teams. Often in combination with a “shift left” movement that meant declining developer productivity and lower ops efficiency.

Platform engineering was born out of the need to address such inefficiencies at scale. It aims at delivering a platform layer in between devs and ops, an Internal Developer Platform (IDP), built following a “platform as a product” approach.

In contrast, many DevOps teams support on a team or individual level with certain tooling, but they do not really solve org-wide problems.

Concrete team responsibilities

But beyond such general statements, we should get this more concrete.

To have a high-performing engineering organization, you need clear responsibilities with clear ownership, where every team knows exactly what they own and what they need to take care of.

Platform Team:
- Configures and manages the platform’s golden paths, including baseline infrastructure and application configurations.
- Creates and maintains resource definitions and packs, ensuring consistency across environments and enabling ease of use for developers.
- Responsible for platform-specific tooling (e.g., Platform Orchestrator, Workload Spec, Portal) and the overall developer experience, ensuring developers can easily interact with and leverage the platform.
- Manages delivery and deployment tooling, including CI/CD pipelines and the deployment processes for platform services.

DevOps/Cloud Operations/SRE Team :
- Provides input on infrastructure configuration standards and ensures that cloud infrastructure is set up securely, efficiently, and in line with the platform team’s needs.
- Responsible for cloud infrastructure management, including compute, storage, and networking, ensuring high availability, redundancy, and disaster recovery.
- Manages core security controls at the cloud level, including IAM, physical security, and compliance at the infrastructure layer.

Application Developers:
- Build, test, and deploy applications using the tools, golden paths, and pre-configured workflows provided by the platform team, while adhering to platform best practices.
- When necessary, leave the golden path to address specific application performance needs or other critical requirements, creating custom configurations as needed.
- Share any new configurations developed with the Platform Engineering Team, who can evaluate and decide whether to make these configurations available as part of future golden paths or standard workflows.
- Provide feedback on platform functionality and usability, working collaboratively to drive platform enhancements.

A more detailed view could look like this:

Responsibility Area	Platform Team Responsibility	Operations Team Responsibility (aka I&O, DevOps, SRE)	Application Developers Responsibility
Platform Design & Maintenance	Design, build, and maintain a scalable, self-service platform	Not responsible	Not responsible
Platform Tooling & Developer Experience	Owns, develops, and maintains platform-specific tooling, including Platform Orchestrator, Workload Spec like Score.dev, Portal, and ensures a seamless developer experience	Provides input on tooling standards but not responsible for platform tooling	Provide feedback on tool usage and improvements; use tools for application deployment and management
Golden Paths & Baseline Configurations	Define and manage golden paths, baseline infrastructure configurations, and resource definitions; ensure consistency and adherence to best practices	Not responsible	Use golden paths and pre-configured workflows wherever possible; leave the golden path and create custom configurations as necessary for application performance, provide feedback and related scope on golden paths (help the platform team understand use-cases and user stories)
Security & Compliance (general)	Ensure platform components and workflows are in compliance with and enforce standards and requirements in line with security best-practices	Ensures that underlying infrastructure and systems are architected against security requirements, and defines standards for use and access that are able to be made into “consumables” by the platform team	Ensure application-specific security, adhering to platform-provided security standards
Physical Security	Responsible for security of physical devices in their possession with access to secure information or systems	Manages physical security at data centres and access controls; may be responsible for enforcing device security across the organization	Responsible for security of physical devices in their possession with access to secure information or systems
Application Security	Designs and enforces application security policies; makes these easily consumable as part of platform components	Not responsible	Responsible for ensuring application-specific security, adhering to provided standardized security requirements
Data Security	Encrypts and manages platform data, enforces data retention policies, and ensures compliance for data within platform services	Provides encryption for storage services, key management at the infrastructure level	Secure data at the application level, manage application-specific data requirements
Infrastructure Management	Uses Resource Definitions to make infrastructure consumable by developers through the platform via abstraction, adhering to configuration standards	Manages, monitors, and configures cloud infrastructure (compute, storage, networking) and defines standards for configuration	Not responsible
Identity & Access Management (IAM)	Defines and manages user access and permissions within the platform	Configures cloud IAM policies, manages root account and cross-account permissions	Adhere to access controls and defined roles, request adjustments as needed
Logging & Monitoring	Monitors platform-specific logs and alerts for application health, performance, and security	Manages infrastructure-level monitoring, collects logs for network and compute health	Responsible for workload-level monitoring
Compliance and Governance	Ensures platform services comply with corporate standards, manages data privacy within the platform	Manages compliance for cloud infrastructure, including audits and certifications	Complies with platform requirements, ensuring application adherence to standards
Backup & Disaster Recovery	Manages backup and restore processes for application data; designs platform around VC structure and policy	Provides infrastructure-level backup solutions, ensures data redundancy	Manages local backup and follows VC policy
Deployment & Release Management	Owns CI/CD pipelines for application deployments, automates deployment processes, and manages delivery tooling	Provides foundational CI/CD tools and maintains infrastructure for automated deployments	Deploy applications using provided CI/CD tooling, managing app-specific deployment needs
Incident Response & Support	Responds to platform-specific incidents, handles application-level outages and issues	Responds to infrastructure incidents, manages escalations and root cause analysis for cloud-level failures	Respond to application-specific issues, raising platform concerns with the Platform Team when necessary
Observability (Logging & Monitoring)	Provide observability tooling, monitoring dashboards, and logging capabilities as part of Platform	Maintains observability over infrastructure; reviews latency, performance, and emergency response metrics accordingly	Use observability tools to monitor applications and performance, raising platform-related issues as necessary

And SRE?

You might ask now, where does SRE fit into this. According to Google, who came up with SRE initially, SRE teams are responsible for system availability, latency, performance, monitoring, emergency response, and capacity planning (computing resources). So you see, there is a high overlap with the ops team as we defined it above. In the end, the main responsibility of SRE remains the reliability of production environments. They are important stakeholders but not part of the platform team, and their responsibilities overlap with those of modern cloud ops or DevOps teams.

Summary

It’s important to understand that your platform team doesn’t replace your existing SRE or Infra and Ops teams. It complements them. You still need people running your infrastructure, optimizing and maintaining it. But at enterprise scale, you also need someone repackaging that in a self-serviceable layer to drive automation and standardization by design, across all your teams and workflows. Ultimately impacting your time to market. As for DevOps teams, engineering organizations are finally realizing having one didn’t really make sense in the first place. Infrastructure, SRE and platform teams cover all your bases and it’s the right operating model and separations of concerns that sets top performers apart from the rest of the industry.