Whether you look at the growing adoption of new industry standards like reference architectures and the MVP framework, or even just at the quality of talks and conversations at events like KubeCon and PlatformCon, it’s obvious that the platform engineering space has been maturing quickly.

At the same time though (and like most trends) we still see a lot of simplistic rebranding. Teams that used to be SysAdmins or Ops and had rebranded to DevOps because it was cooler and made more money, are now doing the same thing and rebranding to platform teams for the same (wrong) reasons. This further confuses the industry as to what are the actual differences between DevOps, SRE and Platform Engineering.

This also doesn’t help engineering organizations that are trying to figure out the right operating model combining platform engineering, SRE and DevOps that can work for them. What is the right operating model to win?

DevOps was never meant to be a job title of course. It was a cultural shift meant to tear down silos and walls between devs and ops teams. Often in combination with a “shift left” movement that meant declining developer productivity and lower ops efficiency.  

Platform engineering was born out of the need to address such inefficiencies at scale. It aims at delivering a platform layer in between devs and ops, an Internal Developer Platform (IDP),  built following a “platform as a product” approach.

In contrast, many DevOps teams support on a team or individual level with certain tooling, but they do not really solve org-wide problems.

Concrete team responsibilities

But beyond such general statements, we should get this more concrete.

To have a high-performing engineering organization, you need clear responsibilities with clear ownership, where every team knows exactly what they own and what they need to take care of.

  • Platform Team:
    • Configures and manages the platform’s golden paths, including baseline infrastructure and application configurations.
    • Creates and maintains resource definitions and packs, ensuring consistency across environments and enabling ease of use for developers.
    • Responsible for platform-specific tooling (e.g., Platform Orchestrator, Workload Spec, Portal) and the overall developer experience, ensuring developers can easily interact with and leverage the platform.
    • Manages delivery and deployment tooling, including CI/CD pipelines and the deployment processes for platform services.
  • DevOps/Cloud Operations/SRE Team :
    • Provides input on infrastructure configuration standards and ensures that cloud infrastructure is set up securely, efficiently, and in line with the platform team’s needs.
    • Responsible for cloud infrastructure management, including compute, storage, and networking, ensuring high availability, redundancy, and disaster recovery.
    • Manages core security controls at the cloud level, including IAM, physical security, and compliance at the infrastructure layer.
  • Application Developers:
    • Build, test, and deploy applications using the tools, golden paths, and pre-configured workflows provided by the platform team, while adhering to platform best practices.
    • When necessary, leave the golden path to address specific application performance needs or other critical requirements, creating custom configurations as needed.
    • Share any new configurations developed with the Platform Engineering Team, who can evaluate and decide whether to make these configurations available as part of future golden paths or standard workflows.
    • Provide feedback on platform functionality and usability, working collaboratively to drive platform enhancements.

A more detailed view could look like this:

Responsibility Area Platform Team Responsibility Operations Team Responsibility (aka I&O, DevOps, SRE) Application Developers Responsibility
Platform Design & Maintenance Design, build, and maintain a scalable, self-service platform Not responsibleNot responsible
Platform Tooling & Developer ExperienceOwns, develops, and maintains platform-specific tooling, including Platform Orchestrator, Workload Spec like Score.dev, Portal, and ensures a seamless developer experienceProvides input on tooling standards but not responsible for platform toolingProvide feedback on tool usage and improvements; use tools for application deployment and management
Golden Paths & Baseline ConfigurationsDefine and manage golden paths, baseline infrastructure configurations, and resource definitions; ensure consistency and adherence to best practicesNot responsibleUse golden paths and pre-configured workflows wherever possible; leave the golden path and create custom configurations as necessary for application performance, provide feedback and related scope on golden paths (help the platform team understand use-cases and user stories)
Security & Compliance (general)Ensure platform components and workflows are in compliance with and enforce standards and requirements in line with security best-practicesEnsures that underlying infrastructure and systems are architected against security requirements, and defines standards for use and access that are able to be made into “consumables” by the platform teamEnsure application-specific security, adhering to platform-provided security standards
Physical SecurityResponsible for security of physical devices in their possession with access to secure information or systemsManages physical security at data centres and access controls; may be responsible for enforcing device security across the organizationResponsible for security of physical devices in their possession with access to secure information or systems
Application SecurityDesigns and enforces application security policies; makes these easily consumable as part of platform componentsNot responsibleResponsible for ensuring application-specific security, adhering to provided standardized security requirements
Data SecurityEncrypts and manages platform data, enforces data retention policies, and ensures compliance for data within platform servicesProvides encryption for storage services, key management at the infrastructure levelSecure data at the application level, manage application-specific data requirements
Infrastructure ManagementUses Resource Definitions to make infrastructure consumable by developers through the platform via abstraction, adhering to configuration standardsManages, monitors, and configures cloud infrastructure (compute, storage, networking) and defines standards for configurationNot responsible
Identity & Access Management (IAM)Defines and manages user access and permissions within the platformConfigures cloud IAM policies, manages root account and cross-account permissionsAdhere to access controls and defined roles, request adjustments as needed
Logging & MonitoringMonitors platform-specific logs and alerts for application health, performance, and securityManages infrastructure-level monitoring, collects logs for network and compute healthResponsible for workload-level monitoring
Compliance and GovernanceEnsures platform services comply with corporate standards, manages data privacy within the platformManages compliance for cloud infrastructure, including audits and certificationsComplies with platform requirements, ensuring application adherence to standards
Backup & Disaster RecoveryManages backup and restore processes for application data; designs platform around VC structure and policyProvides infrastructure-level backup solutions, ensures data redundancyManages local backup and follows VC policy
Deployment & Release ManagementOwns CI/CD pipelines for application deployments, automates deployment processes, and manages delivery toolingProvides foundational CI/CD tools and maintains infrastructure for automated deploymentsDeploy applications using provided CI/CD tooling, managing app-specific deployment needs
Incident Response & SupportResponds to platform-specific incidents, handles application-level outages and issuesResponds to infrastructure incidents, manages escalations and root cause analysis for cloud-level failuresRespond to application-specific issues, raising platform concerns with the Platform Team when necessary
Observability (Logging & Monitoring)Provide observability tooling, monitoring dashboards, and logging capabilities as part of PlatformMaintains observability over infrastructure; reviews latency, performance, and emergency response metrics accordinglyUse observability tools to monitor applications and performance, raising platform-related issues as necessary

And SRE?

You might ask now, where does SRE fit into this. According to Google, who came up with SRE initially, SRE teams are responsible for system availability, latency, performance, monitoring, emergency response, and capacity planning (computing resources). So you see, there is a high overlap with the ops team as we defined it above. In the end, the main responsibility of SRE remains the reliability of production environments. They are important stakeholders but not part of the platform team, and their responsibilities overlap with those of modern cloud ops or DevOps teams.

Summary

It’s important to understand that your platform team doesn’t replace your existing SRE or Infra and Ops teams. It complements them. You still need people running your infrastructure, optimizing and maintaining it. But at enterprise scale, you also need someone repackaging that in a self-serviceable layer to drive automation and standardization by design, across all your teams and workflows. Ultimately impacting your time to market. As for DevOps teams, engineering organizations are finally realizing having one didn’t really make sense in the first place. Infrastructure, SRE and platform teams cover all your bases and it’s the right operating model and separations of concerns that sets top performers apart from the rest of the industry.

Related articles

AI and Platform Engineering
Luca Galante
Core contributor @ Platform Engineering
What is Infrastructure Platform Engineering?
Mallory Haigh
Workshop host @ Platform Engineering
What are golden paths? A guide to streamlining developer workflows
Mallory Haigh
Workshop host @ Platform Engineering