Where Does Your Platform Stand?
After working with dozens of platform engineering teams, I’ve identified five maturity levels. Most organizations are at Level 2 and think they’re at Level 4. Here’s how to honestly assess and improve.
The Five Levels
Level 1: Ad-Hoc (The Wild West)
- Developers SSH into servers
- No standardized deployment process
- Each team invents their own CI/CD
- Infrastructure changes are manual and undocumented
- Symptom: “Ask Dave, he knows how the deploy works”
Level 2: Standardized (The Template Era)
- CI/CD pipelines exist but differ per team
- Terraform/Ansible for infrastructure, but not consistently applied
- Some documentation exists
- Container adoption in progress
- Symptom: “We have a wiki page for onboarding, but it’s outdated”
Level 3: Self-Service (The Platform Emerges)
- Developers can provision resources without tickets
- Golden paths exist for common patterns
- Internal developer portal (Backstage/Port)
- Automated compliance checks
- Symptom: “New services go from idea to production in a day”
Level 4: Product-Oriented (Platform as Product)
- Platform team treats developers as customers
- SLOs for platform capabilities
- Feedback loops drive platform evolution
- Cost visibility per team/service
- Symptom: “Developers choose our platform because it’s better, not because it’s mandated”
Level 5: Intelligent (AI-Augmented Platform)
- AI-powered recommendations (right-sizing, security, optimization)
- Predictive scaling and self-healing
- Automated incident response
- Natural language infrastructure provisioning
- Symptom: “The platform suggests improvements before we ask”
Assessment Checklist
Infrastructure
- Infrastructure as Code for all environments (Level 2)
- Self-service infrastructure provisioning (Level 3)
- Automated cost allocation per team (Level 4)
- AI-driven capacity planning (Level 5)
Developer Experience
- Standardized CI/CD templates (Level 2)
- Golden paths for common service patterns (Level 3)
- Developer portal with service catalog (Level 3)
- DORA metrics tracked and improving (Level 4)
- < 10 minutes from code to production (Level 4)
Security & Compliance
- Automated vulnerability scanning (Level 2)
- Policy-as-code in CI/CD (Level 3)
- Automated compliance evidence collection (Level 4)
- AI-powered threat detection (Level 5)
Observability
- Centralized logging (Level 2)
- Distributed tracing (Level 3)
- SLO-based alerting (Level 4)
- Anomaly detection (Level 5)
How to Level Up
Level 1 → 2 (3-6 months)
- Adopt IaC for all infrastructure
- Standardize CI/CD with shared pipeline templates
- Containerize all new services
- Write runbooks for critical processes
Level 2 → 3 (6-12 months)
- Build self-service provisioning (Terraform modules + automation)
- Create golden paths for top 3 service patterns
- Deploy a developer portal
- Implement automated security scanning
Level 3 → 4 (12-18 months)
- Define and track platform SLOs
- Implement DORA metrics
- Build cost visibility dashboards
- Establish developer feedback program
- Hire a platform product manager
Level 4 → 5 (18+ months)
- Integrate AI for right-sizing recommendations
- Build self-healing capabilities
- Implement predictive scaling
- AI-powered security monitoring
The Golden Rule
Don’t skip levels. Teams that jump from Level 1 to Level 4 tooling without building Level 2/3 foundations end up with expensive infrastructure nobody uses.
Need help assessing or improving your platform engineering maturity? I help teams build platforms that actually work. Get in touch.