As cloud adoption accelerates, organisations rely on Service Level Agreements (SLAs) to define expectations around availability, security, and performance, to access and process data or service use. Yet SLAs often lag behind innovation. For CTOs and CISOs, this misalignment is a strategic risk and they need to work out how to innovate securely when infrastructure guarantees do not reflect the complexity or criticality of modern digital services.
Rather than viewing SLA gaps as blockers, technology leaders should treat them as indicators of where governance, architecture and measurement must evolve. By taking steps to align SLAs with business objectives and complementing them with Experience Level Agreements (XLAs), Key Risk Indicators (KRIs), and Objectives and Key Results (OKRs), organisations can take control and innovate efficiently.
Innovation is advancing faster than SLA maturity
Modern cloud architectures increasingly rely on container orchestration and serverless computing. Technologies like robotic process automation, generative AI, and edge computing are reshaping service delivery. Yet SLA provisions from major cloud providers (e,g, AWS, Azure, Google Cloud) typically offer 99.9% to 99.99% availability, while actual performance varies depending on configuration and dependencies.
To bridge this gap, organisations can use XLAs to measure service quality and user experience. OKRs should align with XLAs to track business goals, while SLAs and KRIs support delivery and risk management. This model then links technical output to business impact and enables leaders to assess whether innovation is translating into measurable outcomes.
Evolving governance to close SLA gaps and curb shadow IT
Public cloud spending is projected to reach $723 billion this year (Gartner). However, SLA limitations can drive unauthorised use, especially in fast-moving domains like generative AI (MIT). Recent incidents involving ChatGPT, xAI (Grok) and GitHub repositories that were accessed through Microsoft Copilot show how sensitive internal data, submitted by staff seeking efficiency, was indexed by public search engines even after repositories were made private.
While cloud platform risk can be managed by restricting users to approved systems this does not eliminate the emergence of shadow IT and staff may still bypass official channels, exposing private data. Management requires policy, training, and awareness, supported by clear governance and technical controls.
That underlines the need for continuous oversight and proactive governance and monitoring which moves from static compliance to dynamic enablement. This requires the alignment of technical controls with business goals, educating teams on acceptable use, and embedding KRIs into decision-making. Taken together these measures can help prevent shadow IT and maintain operational integrity.
Security and governance: Foundational enablers of cloud innovation
Cloud providers operate under shared responsibility models where infrastructure security is managed by the provider, while data, configuration, and access controls remain the customer’s responsibility.
This reinforces the need for layered security across the stack: hypervisor, application, access, monitoring, and operations. Security as Code, zero-trust architectures, and cloud-native tools such as AWS Security Hub and Google Cloud Security Command Center enable organisations to enhance security. These are also critical for compliance with regulations like the Digital Operational Resilience Act (DORA) and the EU Artificial Intelligence Act.
Governance frameworks such as the NIST Risk Management Framework and COBIT can help link IT with strategy. When integrated with OKRs, XLAs, SLAs, and KRIs, these frameworks can enable a structured approach to managing innovation responsibly.
Architectural strategies to address SLA limitations
Hybrid and multi-cloud strategies increase flexibility, allowing businesses to adjust SLAs through design choices such as microsegmentation, restricted access, and dedicated tenancy. Self-hosting open-source tools like Apache Spark can reduce reliance on commercial providers but need internal skills and governance to manage them. In addition, generative AI platforms may require hybrid configurations to meet data sovereignty requirements. This means that architectural decisions should reflect business needs and risk tolerance, not an idealised pursuit of perfect security.
Strategic withdrawal when SLA gaps are too significant
In some cases, SLA limitations, especially around compliance or sovereignty may require a shift to private cloud or self-hosted solutions. Offerings like AWS Outposts transfer some operational responsibility to the organisation, enabling greater control but requiring enhanced governance and technical capability.
That requires leaders to understand when strategic withdrawal from unmanageable risks can preserve resilience and readiness. Monitoring SLA exposure can then ensure agility and preparedness to allow organisations to re-engage when conditions improve or risks are mitigated.
Conclusion
SLA gaps are therefore not barriers to innovation but indicators of where leadership must act. CTOs and CISOs need to focus not just on meeting technical guarantees but ensuring cloud adoption supports measurable business outcomes.
They can do this by aligning OKRs with XLAs, and underpinning them with SLAs and KRIs, to build governance that is resilient and responsive. In highly regulated yet innovation-reliant economies, technology leaders must balance ambition with accountability. That can mean stepping back when risks are too great, and whether through hybrid cloud, compensating controls, or strategic vendor selection, remaining focused on enabling innovation securely and sustainably.
Ashley Barker, digital strategy and operations expert and Irfan Ahmed, cybersecurity expert, PA Consulting
And thanks to a mention in Dan Brown’s new novel, The Secret of Secrets, the festival has gained even more global recognition. Just a few weeks after the release of Brown’s new bestseller set in contemporary Prague, viewers were able to see for themselves what drew the popular writer to the festival, which is the largest Czech and Central European showcase of digital art. In one passage, the Signal Festival has a cameo appearance when the novel’s protagonist recalls attending an event at the 2024 edition.
“We’re happy about it,” festival director Martin Pošta says about the mention. “It’s a kind of recognition.” Not that the event needed promotion, even in one of the most anticipated novels of recent years. The organizers have yet to share the number of visitors to the festival this year, but the four-day event typically attracts half a million visitors.
On the final day, there was a long queue in front of the monumental installation Tristan’s Ascension by American video art pioneer Bill Viola before it opened for the evening, even though it was a ticketed event. In the Church of St. Salvator in the Convent of St. Agnes, visitors could watch a Christ-like figure rise upwards, streams of water defying gravity along with him, all projected on a huge screen.
The festival premiere took place on the Vltava River near the Dvořák Embankment. Taiwan’s Peppercorns Interactive Media Art presented a projection on a cloud of mist called Tzolk’in Light. While creators of other light installations have to deal with the challenges of buildings—their irregular surfaces, decorative details, and awkward cornices—projecting onto water droplets is a challenge of a different kind with artists having to give up control over the resulting image. The shape and depth of the Peppercorns’ work depended on the wind at any given moment, which determined how much of the scene was revealed to viewers and how much simply blown away. The reward, however, was an extraordinary 3D spectacle reminiscent of a hologram—something that can’t be achieved with video projections on static and flat buildings.
Another premiere event was a projection on the tower of the Old Town Hall, created for the festival by the Italian studio mammasONica. It transformed the 230-foot structure into a kaleidoscope of blue, green, red, and white surfaces. A short distance away, on Republic Square, Peppercorns had another installation. On a circular LED installation, they projected a work entitled Between Mountains and Seas, which recounted the history of Taiwan.
Software development is associated with the idea of not reinventing the wheel, which means developers often select components or software libraries with pre-built functionality, rather than write code to achieve the same result.
There are many benefits of this approach. For example, a software component that is widely deployed is likely to have undergone extensive testing and debugging. It is considered tried and trusted, mature technology, unlike brand-new code, which has not been thoroughly debugged and may inadvertently introduce unknown cyber security issues into the business.
The Lego analogy is often used to describe how these components can be put together to build enterprise applications. Developers can draw on functionality made available through application programming interfaces (APIs), which provide programmatic access to software libraries and components.
Increasingly, in the age of data-driven applications and greater use of artificial intelligence (AI), API access to data sources is another Lego brick that developers can use to create new software applications. And just as is the case with a set of old-school Lego bricks, constructing the application from the numerous software components available is left to the creativity of the software developer.
A Lego template for application development
To take the Lego analogy a bit further, there are instructions, templates and pathways developers can be encouraged to follow to build enterprise software that complies with corporate policies.
A developer self-service platform provides a way for organisations to offer their developers almost pre-authorised assets, artefacts and tools that they can use to develop code Roy Illsley, Omdia
Roy Illsley, chief analyst, IT operations, at Omdia, defines an internal developer platform (IDP) as a developer self-service portal to access the tools and environments that the IT strategy has defined the organisation should standardise on. “A developer self-service platform provides a way for organisations to offer their developers almost pre-authorised assets, artefacts and tools that they can use to develop code,” he says.
The basic idea is to provide a governance framework with a suite of compliant tools. Bola Rotibi, chief of enterprise research at CCS Insight, says: “A developer self-service platform is really about trying to get a governance path.”
Rotibi regards the platform as “a golden path”, which provides developers who are not as skilled as more experienced colleagues a way to fast-track their work within a governance structure that allows them a certain degree of flexibility and creativity.
As to why offering flexibility to developers is an important consideration falls under the umbrella of developer experience and productivity. SnapLogic effectively provides modern middleware. It is used in digital transformation projects to connect disparate systems, and is now being repositioned for the age of agentic AI.
SnapLogic’s chief technology officer, Jeremiah Stone, says quite a few of the companies it has spoken to that identify as leaders in business transformation regard a developer portal offering self-service as something that goes hand-in-hand with digital infrastructure and AI-powered initiatives.
SnapLogic’s platform offers API management and service management, which manages the lifecycle of services, version control and documentation through a developer portal called the Dev Hub.
Stone says the capabilities of this platform extend from software developers to business technologists, and now AI users, who, he says, may be looking for a Model Context Protocol (MCP) endpoint.
Such know-how captured in a self-service developer portal enables users – whether they are software developers, or business users using low-code or no-code tooling – to connect AI with existing enterprise IT systems.
Enter Backstage
One platform that seems to have captured the minds of the developer community when it comes to developer self-service is Backstage. Having begun life internally at audio streaming site Spotify, Backstage is now an open source project managed by the Cloud Native Computing Foundation (CNCF).
While many teams that implemented Backstage assumed that it would be an easy, free addition to their DevOps practices, that isn’t always the case. Backstage can be complex and requires engineering expertise to assemble, build and deploy Christopher Condo and Lauren Alexander, Forrester
Pia Nilsson, senior director of engineering at the streaming service, says: “At Spotify, we’ve learned that enabling developer self-service begins with standardisation. Traditional centralised processes create bottlenecks, but complete decentralisation can lead to chaos. The key is finding the middle ground – standardisation through design, where automation and clear workflows replace manual oversight.”
Used by two million developers, Backstage is an open source framework for building internal developer portals. Nilsson says Backstage provides a single, consistent entry point for all development activities – tools, services, documentation and data. She says this means “developers can move quickly while staying aligned with organisational standards”.
Nilsson points out that standardising the fleet of components that comprise an enterprise technology stack is sometimes regarded as a large migration effort, moving everyone onto a single version or consolidating products into one. However, she says: “While that’s a critical part of standardising the fleet, it’s even more important to figure out the intrinsic motivator for the organisation to keep it streamlined and learn to ‘self-heal’ tech fragmentation.”
According to Nilsson, this is why it is important to integrate all in-house-built tools, as well as all the developer tools the business has purchased, in the same IDP. Doing so, she notes, makes it very easy to spot duplication. “Engineers will only use what they enjoy using, and we usually enjoy using the stuff we built ourselves because it’s exactly what we need,” she says.
The fact that Backstage is a framework is something IT leaders need to consider. In a recent blog post, Forrester analysts Christopher Condo and Lauren Alexander warned that most IDPs are frameworks that require assembly: “While many teams that implemented Backstage assumed that it would be an easy, free addition to their DevOps practices, that isn’t always the case. Backstage can be complex and requires engineering expertise to assemble, build and deploy.”
However, Forrester also notes that commercial IDP options are now available that include an orchestration layer on top of Backstage. These offer another option that may be a better fit for some organisations.
AI in an IDP
As well as the assembly organisations will need to carry out if they do not buy a commercial IDP, AI is revolutionising software development, and its impact needs to be taken into account in any decisions made around developer self-service and IDP.
Spotify’s Nilsson believes it is important for IT leaders to figure out how to support AI tooling usage in the most impactful way for their company.
“Today, there is both a risk to not leveraging enough AI tools or having it very unevenly spread across the company, as well as the risk that some teams give in to the vibes and release low-quality code to production,” she says.
According to Nilsson, this is why the IT team responsible for the IDP needs to drive up the adoption of these tools and evaluate the impact over time. “At Spotify, we drive broad AI adoption through education and hack weeks, which we promote through our product Skill Exchange. We also help engineers use context-aware agentic tools,” she adds.
Looking ahead
In terms of AI tooling, an example of how developer self-service could evolve is the direction of travel SAP looks to be taking with its Joule AI copilot tool.
When structure, automation and visibility are built into the developer experience, you replace bottlenecks with flow and create an environment where teams can innovate quickly, confidently and responsibly Pia Nilsson, Spotify
CCS Insights’ Rotibi believes the trend to integrate AI into developer tools and platforms is an area of opportunity for developer self-service platforms. Among the interesting topics Rotibi saw at the recent SAP TechEd conference in Berlin was the use of AI in SAP Joule.
SAP announced new AI assistants in Joule, which it said are able to coordinate multiple agents across workflows, departments and applications. According to SAP, these assistants plan, initiate and complete complex tasks spanning finance, supply chain, HR and beyond.
“SAP Joule is an AI interface. It’s a bit more than just a chatbot. It is also a workbench,” says Rotibi. Given that Joule has access to the SAP product suite, she notes that, as well as providing access, Joule understands the products. “It knows all the features and functions SAP has worked on, and, behind the scenes, uses the best data model to get the data points the user wants,” she says.
Recognising that enterprise software developers will want to build their own applications and create their own integration between different pieces of software, she says SAP Joule effectively plays the role of a developer self-service portal for the SAP product suite.
Besides what comes next with AI-powered functionality, there are numerous benefits in offering developer self-service to improve the overall developer experience, but there needs to be structure and standards.
Nilsson says: “When structure, automation and visibility are built into the developer experience, you replace bottlenecks with flow and create an environment where teams can innovate quickly, confidently and responsibly.”
First a confession: I own more MoonSwatches than I care to admit. Never let it be said that WIRED does not walk the walk when it comes to recommending products—Swatch has assiduously extracted a considerable amount of cash from me, all in $285 increments. This was no doubt the Swiss company’s dastardly plan all along, to lure us in, then, oh so gently, get watch fans hooked. The horological equivalent of boiling a frog. It’s worked, too—Swatch has, so far, netted hundreds of millions of dollars from MoonSwatch sales.
But while I’ve been a fan of the Omega X Swatch mashup since we reported on exactly how the hugely lucrative collaboration came to be in the first place, I have never liked the iterative Moonshine Gold versions. Employing a sliver of Omega’s exclusive 18K pale yellow gold alloy in marginally different ways on each design, they seemed almost cynical—a way of milking the MoonSwatch superfans on the hunt to complete the set.
A hidden Snoopy message on the Cold Moon’s dial is revealed under UV light.
Photograph: Courtesy of Swatch
The MoonSwatch comes with a rubber strap upgrade over the original launch models.
Photograph: Courtesy of Swatch
Now, though, just when I thought I was done with MoonSwatch—having gone as far as to upgrade all of mine with official $45 color-matching rubber straps—Swatch has managed to ensnare me once again, and with a Moonshine Gold model: the new MoonSwatch Mission To Earthphase Moonshine Gold Cold Moon.
Clumsy moniker aside, this version takes the all-white 2024 Snoopy model (WIRED’s top pick of the entire collection), mixes it with the Earthphase MoonSwatches, and replaces the inferior original strap for a superior white and blue Swatch rubber velcro one. Aesthetically, it’s definitely a win, but this is not the Cold Moon’s party trick.
On each $450 Cold Moon MoonSwatch, a snowflake is lasered onto its Moonshine Gold moon phase indicator—and, just like a real snowflake, Swatch claims each one will be completely unique. When you consider the volumes of MoonSwatches Swatch produces each year, this is no mean feat.
The unique golden snowflakes appear on the moon phase dial of the Cold Moon.
.jpeg)
Sports1 week ago
Entertainment1 week ago
Politics1 week ago
Tech6 days ago
Politics1 week ago
Fashion1 week ago
Tech6 days ago