September 22, 2022
The government’s primary duty is to keep it’s citizens safe and the country secure. The Home Office plays a fundamental role in the security and economic prosperity of the UK, as the lead government department for immigration and passports, drugs policy, crime, fire, counter-terrorism and police.
Project delivery time dramatically decreased from eight months to as quickly as two weeks
The UK Home Office is a large government organisation, whose projects and services have historically been delivered by many different teams and suppliers, all with varying processes.
By 2014 it was widely considered best-practice to utilise public cloud, as the community largely shifted in that direction. This widespread cloud adoption led to a mandated policy, within the Home Office, set out by the Government Digital Service, called ‘Cloud First’.
As the Home Office began to move more of these projects to the cloud, the lack of consistent development practices caused a significant drain on resources, both from a time and cost perspective. They required a solution to drastically increase the speed, scale and security of their software delivery, enabling teams to effectively manage the delivery of their services from end to end.
Appvia created a strategic, centralised, cloud native platform with baked-in security and governance. Allowing developers to self-serve the resources needed to move across projects consistently, with ease and security. The platform, alongside the comprehensive support and training provided by Appvia, created consistent and safe developer ways of working, across 43 projects and 1,500 Home Office employees.
In 2014, the Home Office was mandated to follow a policy set out by the Government Digital Service (GDS), whose entire aim was to enforce policies, making services digital across government ‘Cloud First’. This policy states that, “when procuring new or existing services, public sector organisations should consider and fully evaluate potential cloud solutions first before considering any other option”.
In parallel, the Home Office was also following their own strategy to go ‘Digital by default’ as an effort to digitise all public-facing services. This resulted in spinning up product centric technology teams to deliver new government services. The Home Office needed to run quickly and wanted to enable teams to own a service from start to finish.
There was no existing process for teams to follow to move their applications through to production. There were no central technology standards or overarching guidelines for shared tooling at the time and individual project teams needed to create their own, unique software development lifecycle and infrastructure to support their application moving to production.
Because each project was heavily influenced by the individuals working on them, there was widespread inconsistency between development teams, resulting in:
There were 40+ developer teams facing the challenges outlined above. The Home Office recognised the need for teams to own services from the beginning to end in a consistent, secure and cost-efficient manner.
Appvia saw an opportunity to solve these problems and enable digital delivery at scale with the creation of a centralised cloud native development platform that was secure-by-default and enabled capabilities and services that developers could hook into. Adhering to the Cloud First model of utilising public cloud, the platform was built on AWS.
With a foundation of Kubernetes in AWS, the platform fully supported the software development lifecycle from development to production, and instilled best practice security guardrails, which helped create a cloud operating model, allowing the Home Office to host “UK Official-Sensitive” workloads.
The platform allowed teams to be confident and efficient in their cloud usage and significantly reduced their delivery times, providing the following principles:
Consistent framework for delivering services
Implemented supporting services for developers to iterate their applications through to production. This included standardised CI/CD pipelines. It became vastly easier to move engineers across projects, because they were working with the same platform and tools
Simple self-service for development teams
Short lived, just in time access and automation enable teams to self-serve the resources they need from what they’re able to access without asking for permission every time.
Reduced delivery time to market
On average, project delivery time dramatically decreased from eight months to as quickly as two weeks.
Minimised hosting costs
On average, the shift to central hosting reduced costs by 86% across all projects. Predominantly through the aggregation of shared services, spot instances and scheduling workloads down outside of necessary operating hours.
Less reliance on DevOps and cloud architects
Adhering to the DevOps principle of ‘you build it, you run it’, developers were able to access all of the resources they needed without knowing the ins and outs of cloud and Kubernetes. The ability to self-serve resources across projects is a huge time saver, also contributing to a steep reduction in the DevOps to developer ratio. With an average of 1-2 DevOps resources for each project before the platform, most product teams were able to remove the need for this capability entirely, which resulted in recurring annualised savings of at least £8m per year.
Improved security posture
We instilled the NCSC cloud security principles in the platform and built on this by defining a defence in depth approach to immutable infrastructure that heavily minimised the attack surface for intruders.
The platform made managing services from end to end simple and secure. To take things a step further, we provided comprehensive support to development teams within the Home Office to enable them to fully and easily utilise the platform.
We onboarded teams to the platform, continued to up-skill developers, integrated with an agile self-service management model and provided professional services as-and-when needed for more complex applications and use cases.
We provided 24/7 support processes, tooling and auditing to business-critical services across a number of portfolios until, ultimately, client teams took full ownership and control of the platform.
With the introduction of this platform and the support surrounding it, the work that external suppliers and internal development teams would have previously taken on was now automated for them, enabling projects to release faster and more frequently.