Platform Engineering - xtype: Beyond the pipelines, look at the governance
This is a guest post for the Computer Weekly Developer Network written by Scott Willson in his position as head of product marketing at xtype – the company is known for its platform engineering solution that helps manage ServiceNow instances and provides visibility, governance and automation for multi-instance environments.
Willson reminds us that platform engineering has become one of the most talked-about disciplines in enterprise IT, but much of the current discourse seems to have narrowed the field to an echo chamber of DevOps pipelines, internal developer portals and YAML-based configurations.
In search of the new truth in this space, Willson writes in full as follows…
Let’s zoom out and examine the enterprise IT landscape from a less parochial vantage point. In thousands of enterprises, platform teams aren’t building infrastructure-as-a-product or curating golden paths for microservices. They’re building (and governing) mission-critical applications and business workflows on platforms they don’t own but deeply extend: ServiceNow, Salesforce, Workday, SAP and many more.
These platforms are not containers for applications; they are the “application frameworks” behind strategic initiatives that non-traditional coders and engineers build and deliver value for the enterprise. They are increasingly the nervous system of enterprise operations.
So, what does platform engineering mean in that world?
It means something far more complex – and something far more strategic.
To the average observer, such platforms may appear to be simple workflow automation tools. To the enterprise platform engineer, it’s a full-stack application platform hosting finance systems, customer service orchestration, HR processes, compliance tracking and even public sector mission workflows.
Massive development tsunami
This is no longer just about configuring and customising a SaaS product. It’s proper engineering and it’s time to recognise this massive development tsunami and consider a more comprehensive context for the term platform engineering.
ServiceNow developers, for example, build scoped apps, craft reusable modules, follow delivery pipelines and automate entire business functions. But unlike traditional software engineering, they’re doing this on an opinionated platform with its own abstraction layers, release constraints and multi-instance architecture.
By design, most of these instances or environments are entirely disconnected from each other. What appears to be “one platform” is dozens of environments – development, test, staging, production, training, sandbox and regionals – all with critical changes being exchanged back and forth, often without policy guardrails or visibility. The complexity here isn’t just technical; it’s operational and organisational.
With this understanding, platform engineering is not just about speed or automation. It’s about control… and that’s control over who changes what, where and when. Without that, you don’t have the Triple-S of platform engineering i.e. speed, safety and scale. You have a liability.
That’s why governance (not pipelines) must be the backbone of platform engineering, especially in SaaS-native and low-code ecosystems.
The challenges are well known:
- Environments drift apart
- Update packages get orphaned between instances
- Roles and permissions proliferate unchecked
- Real-time visibility of changes across environments
- Compliance audits become resource-intensive exercises
These aren’t bugs in the system. They’re symptoms of the lack of governance in modern platform development.
To truly engineer on platforms like the ones mentioned, organisations need to operationalise governance with:
- Cross-environment visibility to see what’s deployed where in real-time – not just what’s supposed to be deployed according to spreadsheets.
- Immutable audit trails to track changes, authorship and approvals with tamper-proof records that survive regulatory scrutiny.
- Policy-driven deployment flows that enforce how updates move – not just when they move – with automated quality gates and security checks.
- Centralised permission controls to prevent over-entitlement and enforce least-privilege principles across all environments.
- Automation with compliance baked in, not bolted on as an afterthought.
This isn’t DevSecOps theatre. This is governance by design.
Shift the focus: DX to EX
The DevOps community often discusses “developer experience” (DX). That’s valid – until you realise most enterprise platform engineers don’t control their underlying stack. They can’t dockerise their way out of a misconfigured production environment in ServiceNow, Salesforce, Workday, SAP and other enterprise platforms. What they need isn’t just smoother deployment – they need guaranteed control.
In this reality, Enterprise Experience (EX) matters more.
That means:
- Knowing what’s been deployed, where, when, how and by whom.
- Verifying compliance and permission integrity across all environments.
- Measuring platform change velocity and stability as business metrics
The best platform teams don’t just ship code faster. They provide platform-level assurance that enables the business to move at speed with safety.
Rethinking the definition
If we define platform engineering only as pipeline building, we exclude the entire class of teams responsible for the most valuable platforms in the business. Instead, let’s define it like this:
“Platform engineering is the discipline of designing, governing and operating scalable platform environments to accelerate value delivery safely.”
This includes DevOps and infrastructure teams. But it also includes teams, architects and anyone else driving business transformation through platform-led change. This broader definition recognises that platform engineering isn’t just about what you build – it’s about how you govern what you buy at scale.
The future is governed
Willson: Governance (not pipelines) must be the backbone of platform engineering.
The organisations that will thrive in the next decade aren’t just those with the fastest deployment pipelines. They’re the ones who can deploy fast and maintain control on strategic enterprise platforms. They’re the ones who can innovate quickly while ensuring the Triple-S of platform engineering – speed, safety and scale.
Pipelines don’t reduce risk. Governance does. In a world where every enterprise runs on platforms whose stacks they don’t fully control, governance isn’t just important – it’s the only thing that matters. The future of platform engineering isn’t about moving faster. It’s about moving smarter.
… and that starts with governance.
Scott Willson has over 20 years of technology experience that spans software development across financial services, manufacturing, government and tech industries. Professionally, Scott has built software, managed professional services and sold and implemented software. Scott is passionate about technology and helping businesses achieve value through technology and was leading DevOps at organisations before it was coined DevOps.
He has also co-authored papers for the DevOps Enterprise Forum. As a data transformation leader, Scott also played a pivotal role in spearheading the data transformation initiative for the monumental $6.6 billion merger between 3Com and U.S. Robotics, demonstrating expertise in managing large-scale data transitions.
