Tech
What should platform engineering look like? | Computer Weekly
Platform engineering is based on the principles of product management and the product model applied to digital and IT systems. Fast-moving digital teams show resistance to strict process frameworks such as the Information Technology Infrastructure Library (ITIL) and IT service management (ITSM), and autonomous digital or IT product teams are becoming self-sufficient, reducing the need for traditional infrastructure engineers.
Platform engineering, grounded in product management principles, offers an approach to modernising IT operations. By injecting product thinking into platform teams, Forrester believes technology organisations can position themselves for the future.
What is platform engineering?
Forrester has compiled a capability model for platform engineering that includes frequently covered technical aspects and less frequently covered management capabilities. It is an inventory of things you should think deeply about and ensure you have covered via your organisational resources, which might include not only dedicated organisations, but also cross-functional processes, enablement teams, or other mechanisms.
Your capabilities are how your customers experience the platform. They are your front door, so to speak. Your customers will discover your platform, onboard onto it, provision it, interact with its application programming interfaces (APIs), leverage patterns for security and performance, and call for help via these capabilities. And no, there is no such thing as an entirely automated self-service platform.
Users and developers need to be able to discover the platform and its services. Managing your platform like a product means you understand the onboarding journey of users and invite them to be part of the process of defining – and even contributing to – developer platform capabilities.
They will expect easy, frictionless authorisation and access, with few, if any, human-in-the-loop workflow-based approvals. Once provisioned and actively developing, they will need information about the ongoing status of the services they are consuming.
Usually, larger organisations will have a service catalogue or portal capability for IT services. If this does not exist, you must fund and create it. Developer-focused portals – for example, Spotify Backstage, Harness Internal Developer Portal, Atlassian Compass – are gaining popularity. Toyota of North America, for instance, includes consumable blueprints, a discoverable software catalogue, education and training resources, and operational reporting for FinOps and other metrics in its developer portal.
Access to platform services and resources is typically a two-stage process, with initial provisioning (setting up accounts) followed by day-to-day demand (provisioning virtual machines, clusters, and so on). While setting up the account may require some human approvals, day-to-day demand requires API access.
A platform that cannot provision, configure and manage base resources via APIs is not a true platform. Typically, platforms support APIs to instantiate and configure required resources, such as processing nodes, data stores, queues, pipelines and observability probes. There are significant API design questions. Many organisations generally have API engineering capabilities, but may not have explored the nuances of supporting self-service provisioning.
Users of the platform also require ready access to documentation on how to use it. How will these be created and maintained? Typically, a wiki is used for core system quick starts and how-to guides. Forrester recommends documenting patterns as code and managing them via source control. It is also advisable to define the processes, roles and responsibilities for those in charge of these resources. Saying that it is everyone’s responsibility is tempting, but that approach does not work at scale or in the long run.
Support is another key capability. Platforms are typically highly leveraged. Users building tenant applications may not understand the system. The system may not behave as expected. For these and other reasons, you will likely need some level of on-call support. Human contact is required, even in the age of ChatGPT.
Most organisations have ticketed support management, such as with BMC Software and ServiceNow, for example. This may be used to support the base platforms, and tenant applications may leverage it. However, as Forrester notes, fewer have a robust major incident/critical event management capability, which is essential. Such capabilities are based on products like PagerDuty or Everbridge.
Operational capabilities
The focus for many platform engineering architectures and frameworks is the operational capabilities, especially those that are more technical. While there are many kinds of infrastructure platform components, the fundamental DevOps chain capabilities appear in most platform engineering discussions.
Forrester recommends that deployments and operational architectures are controlled for governance and policy. Increasingly, this is done as code, such as through Open Policy Agent and similar approaches. Required design patterns, configurations and hardening standards should all be checked. Are software-bill-of-materials (SBOM) checks increasingly mandatory? What are the consequences if they fail? If there is a change management process, how is risk calculated? Are chaos tests recommended or required by policy?
The platform’s direct (administrative/developer) users must be identified and authorised, and the products and applications they are building will require identity and access services, which might be quite different from the services controlling administrator access to the platform. Which are you supporting?
Forrester recommends that IT decision-makers check whether common directory services are available to administrators, if there is privileged access management and, if multifactor authentication (MFA) is being used, whether single sign-on, and/or directory services are available for users of the tenants. The pipeline needs to offer security testing such as software composition analysis, SBOM generation and static application security testing.
Considering that applications, or workloads, are installed on resources once provisioned, it is useful to have a full set of development pipeline resources within infrastructure platforms. These should include access to source control and package management, perhaps via proxying cloud services such as GitHub or GitLab.
In addition, the IT infrastructure on which the workload is deployed will require provisioning of base IT resources, which will need to be configured and managed. This is generally achieved through infrastructure automation. IT decision-makers should check whether run-time provisioning is based on Terraform or is hyperscaler-specific. Does the platform provide a proxy layer to a cloud provider?
Once initially provisioned, configuration may be a separate concern – for example, with Red Hat, Chef, or Perforce Software [Puppet] – which can also control for drift. There is a wide variation, which depends on technical feasibility.
Deployment support
Platform engineering can include AIOps, so IT decision-makers should also look at how the platform itself is monitored and observed, and how operational insights are generated.
What is the relationship between AIOps and action (for example, support)? Forrester recommends that IT decision-makers assess services like monitoring, logging and tracing that are available to tenant applications. How is user experience understood? For instance, an application performance management or AIOps tool might be available as part of the platform for real-time insights that span platforms and encompass the whole IT estate. These insights may then be published on a developer portal.
Finally, Forrester notes the significance of platform reliability. IT decision-makers should assess how the platform itself is managed for resilience, availability and learning. For example, site reliability engineers might have a specific function in defining the platform approach, leading major incident response and retrospectives, and reviewing operations. A retrospective could lead to identifying a risk for which a chaos engineering approach might be used as a control.
Overall, Forrester regards platform engineering as a viable approach to tackle traditional team silos in areas such as compute, storage, networking and middleware, where teams struggle to meet market demands for innovation and employees prefer a collaborative and responsive work environment. As such, product-centric thinking in IT platform management can be used to enhance service delivery.
This article is based on an excerpt of The Forrester platform engineering capability model. The author, Charles Betz, is vice-president principal analyst and leads Forrester’s enterprise architecture team.
On February 28, United States and Israeli forces launched a series of strikes on Iran, kicking off turmoil in the Middle East.
Pete Hegseth, the secretary of the Department of Defense, said in a recent press conference that the operation could last as long as eight weeks. President Donald Trump himself said in a press conference on March 2 that the administration projected the operation would last four or five weeks but had “the capability to go far longer than that.”
This week Iran has responded in turn, attacking Israel, regional US embassies and military bases, and other sites across the Middle East. Iran has peppered neighboring countries with hundreds of drone and ballistic missile strikes since the operation began. While many of these have been intercepted, over a thousand people have died in the region and multiple buildings have been damaged, including luxury hotels in Dubai, US military bases and embassies, and international airports and marine ports.
Israel has also started bombarding Lebanon, following strikes at the country by the Lebanese militant group Hezbollah.
The Trump administration has given various, and at times seemingly contradictory, justifications for the military action, citing everything from potential “nuclear threat” to unverified claims that Iran attempted to interfere in the 2020 and 2024 US presidential elections. As of March 5, Congress, which in the US has the sole power to declare war, has not done so.
The attacks have already disrupted supply chains, creating uncertainty for the oil and gas and fertilizer industries as key infrastructure has been targeted or shut down out of caution. Shipping traffic has halted along the Strait of Hormuz, a critical route.
As the conflict continues to escalate and expand, WIRED is tracking which countries have been affected and how. This article was last updated on March 5.
Iran
As of March 4, Iranian state media estimates that over 1,000 people have died in the country since the US-Israeli attacks began. Several schools and hospitals have been hit, according to Al Jazeera. The Israeli Air Force says it has struck Iran with over 5,000 munitions since the beginning of the operation.
Israel
Israel has faced retaliatory strikes from Iran. As of March 4, at least 11 people have died and over 40 buildings have been damaged in Tel Aviv, according to Al Jazeera.
Azerbaijan
On March 5, Azerbaijan said drone attacks launched from Iran had crossed over the country’s borders and damaged an airport building and two civilians. President Ilham Aliyev of Azerbaijan said that the country’s military forces “have been instructed to prepare and implement appropriate retaliatory measures,” according to Reuters. Iran has denied responsibility for the attacks, according to Al Jazeera.
Bahrain
Missile and drone strikes have targeted different locations in Bahrain, including a US naval base, according to the BBC. On March 2, Amazon reported that a drone strike occurred in close proximity to one of its data centers in the country. CNBC later reported that Iranian state media said that Iran had targeted the data center because of the company’s support of the US military.
Cyprus
On March 2, a drone strike hit a British air base in Cyprus, according to Reuters. It caused limited damage and no casualties. Greece, the UK, and France have lent defensive support to the country, according to a Bloomberg report.
Iraq
Since February 28, there have been reports of multiple Iranian strikes aimed at a US military base near the Erbil International Airport, according to the nonprofit monitoring group Armed Conflict Location and Event Data.
Jordan
Jordan’s armed forces have intercepted dozens of missiles since the start of the conflict. At least one Iranian-backed militant group in Iraq has claimed responsibility, according to the Associated Press. On March 2, the US Embassy in the country announced that all its personnel had temporarily departed.
Kuwait
Kuwait has endured multiple waves of Iranian missile and drone attacks since February 28. On March 2, US Central Command said in a statement that three US fighter jets were accidentally struck down by Kuwaiti air defenses during an attack that included Iranian aircraft, missiles, and drones.
Lebanon
Israel attacked southern Lebanon after the militant Lebanese group Hezbollah launched rocket and drone attacks against them. Lebanon prime minister Nawaf Salam subsequently banned Hezbollah’s military and security activities, according to Al Jazeera.
Oman
Oman’s Duqm commercial port has been hit by several drone attacks, according to Al Jazeera. Omani authorities have said at least one oil tanker off the country’s port of Khasab in the Strait of Hormuz has been attacked.
Qatar
On March 2, QatarEnergy posted on X saying that it would halt production of liquified natural gas following a military attack on its operational facilities in the country. It did not attribute the attack to any particular country. On March 3, it posted again, saying that it would also stop the production of additional products, including urea, polymers, methanol, and aluminum.
Saudi Arabia
Infrastructure in Saudi Arabia has been targeted with projectiles. On March 3, the US embassy in Riyadh, the country’s capital, was damaged following an attack. On March 4, Reuters reported that one of the Saudi Aramco’s largest domestic refineries of Saudi Aramco, the majority state-owned oil company, was targeted by an attempted drone attack.
Syria
Tom Fletcher, the United Nations undersecretary-general for humanitarian affairs and emergency relief, says that civilians and civilian infrastructure were under attack in several countries including Syria.
Turkey
On March 4, the Turkish Ministry of National Defence announced that NATO had intercepted ballistic munitions launched from Iran, and that munition fragments had fallen into Hatay, a province that borders the Mediterranean Sea and Syria. Iran has denied any missile launch towards the country.
United Arab Emirates
As of March 4, UAE Ministry of Defence officials say that the country has intercepted hundreds of drone and missile attacks from Iran. Despite the relatively high rate of interceptions, debris created by the fallout has still damaged areas of the country. In Dubai, the luxury hotel Burj Al Arab was struck by debris, as well as the Palm Jumeirah, a man-made island home to high-end hotels and apartments. On March 2, Amazon Web Services announced that two of its facilities were directly struck in the country, causing “elevated error rates and degraded availability.”
Countries Evacuating Citizens
On March 2, US assistant secretary of state for consular affairs Mora Namdar posted on X urging Americans to depart from several middle eastern countries due to “serious safety risks.” On March 4, Reuters reported that the US military has offered seats on military transport planes to Americans trying to leave the region.
Over a dozen countries have announced that they will be evacuating their citizens from the area or sponsoring repatriation flights, including the UK, Ireland, Germany and Italy.
OpenAI CEO Sam Altman is still in the hot seat this week after his company signed a deal with the US military. OpenAI employees have criticized the move, which came after Anthropic’s roughly $200 million contract with the Pentagon imploded, and asked Altman to release more information about the agreement. Altman admitted it looked “sloppy” in a social media post.
While this incident has become a major news story, it may just be the latest and most public example of OpenAI creating vague policies around how the US military can access its AI.
In 2023, OpenAI’s usage policy explicitly banned the military from accessing its AI models. But some OpenAI employees discovered the Pentagon had already started experimenting with Azure OpenAI, a version of OpenAI’s models offered by Microsoft, two sources familiar with the matter said. At the time, Microsoft had been contracting with the Department of Defense for decades. It was also OpenAI’s largest investor, and had broad license to commercialize the startup’s technology.
That same year, OpenAI employees saw Pentagon officials walking through the company’s San Francisco offices, the sources said. They spoke on the condition of anonymity as they aren’t licensed to comment on private company matters.
Some OpenAI employees were wary about associating with the Pentagon, while others were simply confused about what OpenAI’s usage policies meant. Did the policy apply to Microsoft? While sources tell WIRED it was not clear to most employees at the time, spokespeople from OpenAI and Microsoft say Azure OpenAI products are not, and were not, subject to OpenAI’s policies.
“Microsoft has a product called the Azure OpenAI Service that became available to the US Government in 2023 and is subject to Microsoft terms of service,” said spokesperson Frank Shaw in a statement to WIRED. Microsoft declined to comment specifically on when it made Azure OpenAI available to the Pentagon, but notes the service was not approved for “top secret” government workloads until 2025.
“AI is already playing a significant role in national security and we believe it’s important to have a seat at the table to help ensure it’s deployed safely and responsibly,” OpenAI spokesperson Liz Bourgeois said in a statement. “We’ve been transparent with our employees as we’ve approached this work, providing regular updates and dedicated channels where teams can ask questions and engage directly with our national security team.”
The Department of Defense did not respond to WIRED’s request for comment.
By January 2024, OpenAI updated its policies to remove the blanket ban on military use. Several OpenAI employees found out about the policy update through an article in The Intercept, sources say. Company leaders later addressed the change at an all-hands meeting, explaining how the company would tread carefully in this area moving forward.
In December 2024, OpenAI announced a partnership with Anduril to develop and deploy AI systems for “national security missions.” Ahead of the announcement, OpenAI told employees that the partnership was narrow in scope and would only deal with unclassified workloads, the same sources said. This stood in contrast to a deal Anthropic had signed with Palantir, which would see Anthropic’s AI used for classified military work.
Palantir approached OpenAI in the fall of 2024 to discuss participating in their “FedStart” program, an OpenAI spokesperson confirmed to WIRED. The company ultimately turned it down, and told employees it would’ve been too high-risk, two sources familiar with the matter tell WIRED. However, OpenAI now works with Palantir in other ways.
Around the time the Anduril deal was announced, a few dozen OpenAI employees joined a public Slack channel to discuss their concerns about the company’s military partnerships, sources say and a spokesperson confirmed. Some believed the company’s models were too unreliable to handle a user’s credit card information, let alone assist Americans on the battlefield.
Though most people associate the beginning of March with the hopefulness of spring and the indignities of daylight saving time, there’s another important event taking place yards all over the country: hummingbird season.
While many species of hummingbirds can be seen in regions year-round, others are migratory, and this time typically marks their return from wintering grounds in Central and South America. These tiny birds can lose up to 40 percent of their body weight by the time they arrive here after having flown thousands of miles, and since many flowers haven’t bloomed yet, nectar feeders can be a source of essential fuel.
Though I test smart bird feeders year-round, I don’t use hummingbird feeders as often as I should, as it’s imperative that they be cleaned and refilled with new nectar every two or three days (a ratio of 1:4 granulated sugar to water is best, and avoid any dyes or additives) to prevent deadly bacteria and mold, and I don’t always have the time.
But if you are going to invest the energy in maintaining a hummingbird feeder, right now is the best time, as you have a chance to see migratory species you might not otherwise encounter, such as black-chinned hummingbirds. A smart feeder helps you ID them, whether they’re stopping at your feeder on their way north or arriving at their final destination.
Birdbuddy’s Pro is the smart hummingbird feeder I recommend and use myself when I’m not actively testing. The app is easy to navigate and sends cleaning reminders, the built-in solar roof keeps the battery charged, and, unlike other feeders, only the shallow bottom screws off for refilling. No having to pour sticky nectar through a narrow opening, or turn a giant cylinder upside down and risk spilling.
Note that it’s not perfect; the sensor is inconsistent and doesn’t capture every hummingbird that visits, but for the camera quality (5 MP photos, 2K video with slow-motion, 122-degree field of view) and ease of use, it’s a foible I’m willing to put up with. If you already have another Birdbuddy feeder, the hummingbird feeder images and videos will integrate seamlessly into your app feed.
Birdbuddy
Pro Smart Solar Hummingbird Feeder
Right now, the feeder is 37 percent off on Birdbuddy’s website—a deal I usually don’t see outside of shopping events like Black Friday or Amazon Prime Day. Note that the feeder only runs on 2.4 GHz Wi-Fi, and while it is fully functional without a subscription, a Birdbuddy Premium subscription will let you add friends and family members to your account so they can see the birds as well. That’s $99 a year through the app.
Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.
Maisie Peters surprises fans in Australia with Ed Sheeran
Trump pays tribute to Lou Holtz after legendary football coach’s death
Hegseth warns Iran miscalculating US ability to sustain war
What are Iran’s ballistic missile capabilities?
India Us Trade Deal: Fresh look at India-US trade deal? May be ‘rebalanced’ if circumstances change, says Piyush Goyal – The Times of India
Attock Cement’s acquisition approved | The Express Tribune
-
Business1 week ago
Attock Cement’s acquisition approved | The Express Tribune
-
Politics1 week agoWhat are Iran’s ballistic missile capabilities?
-
Business7 days ago
India Us Trade Deal: Fresh look at India-US trade deal? May be ‘rebalanced’ if circumstances change, says Piyush Goyal – The Times of India
-
Politics1 week agoUS arrests ex-Air Force pilot for ‘training’ Chinese military
-
Fashion1 week agoPolicy easing drives Argentina’s garment import surge in 2025
-
Business6 days agoGreggs to reveal trading amid pressure from cost of living and weight loss drugs
-
Sports1 week agoSri Lanka’s Shanaka says constant criticism has affected players’ mental health
-
Sports6 days agoLPGA legend shares her feelings about US women’s Olympic wins: ‘Gets me really emotional’