September 22, 2022
The first duty of the government is to keep citizens safe and the country secure. The Home Office plays a fundamental role in the security and economic prosperity of the UK, as the lead government department for immigration and passports, drugs policy, crime, fire, counter-terrorism and police.
Created for devs across 43 projects
By adhering to all 14 NCSC cloud security principles
By 86% for all projects
From 8 months to 2 weeks on average
The UK Home Office is a large government organization, whose projects and services have historically been delivered by many different teams and suppliers, all with varying processes.
By 2014 it was widely considered best-practice to utilize public cloud, as the community largely shifted in that direction. This widespread cloud adoption led to a mandated policy, within the Home Office, set out by the Government Digital Service, called ‘Cloud First’.
As the Home Office began to move more and more of these projects to the cloud, the lack of consistent development practices caused a significant drain on resources, both from a time and cost perspective. They needed a solution to drastically increase the speed, scale and security of their software delivery, enabling teams to effectively manage the delivery of their services from end to end.
Appvia created a strategic, centralized cloud native platform with baked-in security and governance to allow developers to self-serve the resources they
need and move across projects consistently, easily and securely. The platform, alongside comprehensive support and training provided by Appvia, created consistent and safe developer ways of working across 43 projects and 1,500 Home Office employees.
In 2014, the Home Office was mandated to follow a policy set out by the Government Digital Service (GDS), whose entire aim was to enforce policies to make service digital across government, to be ‘Cloud First’. This policy states that, “when procuring new or existing services, public sector organizations should consider and fully evaluate potential cloud solutions first before considering any other option”.
In parallel, the Home Office was also following their own strategy to go ‘Digital by default’ as an effort to digitize all public-facing services, which resulted in spinning up product centric tech teams to deliver new government services. The Home Office needed to run quickly and wanted to enable teams to own a service from start to finish from discovery, alpha, beta and, finally, to the service being live.
The problem: There was no existing process for teams to follow to move their applications through to production. There were no central technology standards or overarching guides for shared tooling at the time, and individual project teams would need to create their own, unique software development lifecycle and infrastructure to support their application moving to production.
Because each project was heavily influenced by the individuals working on them, there was widespread inconsistency between development teams, resulting in:
There were 40+ developer teams facing the challenges outlined above, and the Home Office recognized the need for teams to own services from the beginning to end in a consistent, secure and cost-efficient manner.
Appvia saw an opportunity to solve these problems and enable digital delivery at scale with the creation of a centralized cloud native development platform that was secure-by-default and enabled capabilities and services that developers could hook into. Adhering to the Cloud First model of utilizing public cloud, the platform was built on Amazon Web Services (AWS), who had an established relationship with the Home Office.
With a foundation of Kubernetes in AWS, the platform fully supported the software development lifecycle from development to production, and instilled best practice security guardrails, which helped create a cloud operating model, allowing the Home Office to host “UK Official-Sensitive” workloads.
The platform allowed teams to be confident and efficient in their cloud usage and significantly reduced their delivery times, providing the following principles …
Consistent framework for delivering services
Implemented supporting services for developers to iterate their applications through to production. This included standardized CI/CD pipelines. It became vastly easier to move engineers across projects, because they are working with the same platform and tools
Simple self-service for development teams
Short lived, just in time access and automation enable teams to self-serve the resources they need from what they’re able to access without asking for permission every time.
Reduced delivery time to market
On average, project delivery time dramatically decreased from eight months to as quickly as two weeks.
Minimized hosting costs
On average, the shift to central hosting reduced hosting costs by 86% across all projects. Predominantly through the aggregation of shared services, spot instances and scheduling workloads down outside of necessary operating hours.
Less reliance on DevOps and cloud architects
Adhering to the DevOps principle of ‘you build it, you run it’, developers were able to access all of the resources they need without knowing the ins and outs of cloud and Kubernetes. The ability to self-serve resources across projects is a huge time unblocker, also contributing to a steep reduction in the DevOps to developer ratio. With an average of 1-2 DevOps resources for each project before the platform, most product teams were able to remove the need for this capability which resulted in recurring annualized savings of at least £8m per year.
Improved security posture
We’ve instilled the NCSC cloud security principles in the platform and built on this by defining a defence in depth approach to immutable infrastructure that heavily minimized the attack surface for intruders.
The platform made managing services from end to end simple and secure. But taking it a step further, we provided comprehensive support to development teams within the Home Office so that they could fully and easily utilize the platform.
We onboarded teams to the platform, continued to upskill developers, integrated with an agile self-service management model and provided professional services as-and-when needed for more complex applications and use cases.
We created and provided 24/7 support processes, tooling and auditing to business critical services across a number of portfolios until, ultimately, client teams then took full ownership and control of the platform.
With the introduction of this platform and the support surrounding it, the work that external suppliers and internal development teams would have to take on was automated for them, enabling projects to release faster and more frequently.