HashiCorp Products Used
- 20-person cloud platform team supporting 200 developers using HashiCorp Cloud Platform
- Cut application deployment time from 3 months to 2 weeks
- 95% fewer misconfigurations through shift-left approach and drift detection
- ~30M cross-platform views per day for SPH Media properties
- 100% on Terraform for all things infrastructure related, published 17+ modules for the open-source community
- Standardized governance and development best practices across hundreds of AWS accounts
SPH Media is a leading media group, with operations in the publishing of newspapers, magazines, and books in both print and digital editions. It also owns and operates other businesses such as radio stations and outdoor media. The mission of SPH Media is to be the trusted source of news on Singapore and Asia, to represent the communities that make up Singapore, and to connect them to the world.
Moves towards modernization
SPH Media, a media group in Singapore, wanted to modernize its operations and demonstrate to customers and potential employees its position as a cutting-edge company.
The company planned to move its website and application technology stacks to the cloud. SPH Media’s engineering team hoped the modernization would help the company automate its cloud and on-premises infrastructure, which included AWS resource creation and management. Developers should be able to freely use infrastructure resources without using AWS’s proprietary user interface or waiting for manual provisioning.
Modernizing also meant automating SPH Media’s API use. By leveraging APIs, the team could automate how engineers used AWS and other services. This way, the team would be able to reuse and reproduce any service it required, including code reviews and tracking changes on GitHub.
Standardization drives transformation
Modernizing the SPH Media cloud estate started with house-keeping, and investing in technical debt. The engineering team faced an intricate web of virtual private clouds (VPCs), where VPCs are connected to one another, as well as an on-premises data center, via Direct Connect and transit gateways.
As a consequence of this massive and deeply interconnected network, SPH Media’s cloud estate offered low visibility into the network traffic, and had started to suffer from IP address starvation.
The architecture was not ideal and required improved security safeguards and consistent, dynamic credential management. It had been determined that standardized tools across all teams would make it easier for engineers to quickly find and resolve incidents.
Beyond its technical infrastructure, SPH Media also needed to attract suitable engineering talents. Finding a solution to these issues would be key to a successful modernization.
Challenges
Accelerating digital initiatives by creating new mobile apps, transforming and modernizing old ones
Implementing standardized developer tools to retain talent, train developers and streamline access so that developers could get up and running quickly
Improving efficiency, speed, governance, and compliance across infrastructure automation
Advancing the use of dynamic credentials for applications and services, such as databases, in order to further reduce security risks
Transforming the brand image of a print-first media company to a digital-first media company to attract technical talents
Why HashiCorp
This close partnership has even enabled folks who have never done automation before to get started quickly on Terraform compared to other platforms.
Yong Wen Chua, Head of Platform Engineering, SPH Media
Cloud platform team paves way for federation, automation
To overcome these hurdles, SPH Media had formed a unified cloud platform team for individuals focused on cloud governance and infrastructure deployment. It had also provided a coordinated workstream that instilled better communication and knowledge-sharing between stakeholders involved in modernizing SPH Media’s infrastructure and applications.
Instead of gatekeeping cloud resources, the platform team focused on enablement of application teams. With this shift in mindset, the cloud became a self-service resource federated out to SPH Media’s engineers, rather than something controlled by IT. The platform team also set up guardrails and policies for secure cloud use, completely changing the security paradigm by lifting the burden from individual developers.
“As you create a decentralized, self-service model, you want to make sure you have a very strong team to train others within the organization,” says Yong Wen, head of platform engineering. “This led to the formation of the cloud platform team where members of the team are experts on cloud infrastructure and can create vetted modules that the application developers are encouraged to use and adopt.”
SPH Media’s cloud platform team purchased the HashiCorp Cloud suite on the HashiCorp Cloud Platform, including Terraform, Packer, Vault, Consul, and Boundary, providing a flexible and accelerated path to using and deriving value from HashiCorp solutions.
The mindset shifts, new cloud platform team, and HashiCorp tooling ultimately allowed SPH Media’s developers to get applications and services up and running smoothly and more quickly than ever.
HashiCorp Cloud Platform standardizes the cloud operating model
Standardizing on HashiCorp products have provided standardized, automated workflows with security and compliance to speed up development and digital initiatives. HashiCorp solutions architects advised SPH Media during their journey as the team redesigned the AWS cloud estate.
HashiCorp’s suite of tools allowed SPH Media to create new isolated virtual private clouds not connected by AWS transit gateways. A service mesh built with the new Consul DataPlane feature provided transparency, fewer potentially overlapping IP addresses and gave SPH Media better control over network traffic. Terraform automated provisioning while Sentinel’s policies as code allowed IT admins to keep control over workflows. Vault provided dynamic credentials management for applications to improve the company’s security posture. The cloud platform team is also exploring Boundary as an avenue for providing human access to internal services in the future.
Standardizing on HashiCorp, automating, and federating resource deployment has also: Given developer teams the freedom to get started on Day 1 faster, rather than spending time procuring the services they need to use. Helped SPH Media operationalize cloud estates, with operations, security, and networking teams adopting a common infrastructure foundation. Provided better security visibility, so the platform team can more easily figure out where things went wrong when issues arise. Enabled a programmatic way to provide identity access and prevent credential theft while establishing a zero-trust environment in the cloud.
As SPH Media implemented HashiCorp tools, HashiCorp’s account team had organized Terraform training workshops, answered questions from SPH Media’s engineering team and provided access to specialists and the HashiCorp product team.
“The collaboration process was eye-opening and by working closely with HashiCorp especially in advance testing and implementation of new product features, we could ensure that our modernization process went well,” said Yong Wen. “This close partnership has even enabled folks who have never done automation before to get started quickly on Terraform compared to other platforms.”
Standardizing on HashiCorp meant more time for engineers to help the business with mission-critical work. The cutting-edge tools also created excitement for job candidates, and helped SPH Media to attract and retain engineering talent. With HashiCorp, SPH Media had improved its infrastructure use and built brand awareness as an innovative organization.
Outcomes
Accelerated innovation and time to market by cutting application deployment time from 3 months to 2 weeks
Automated workflows for easier and more efficient cloud adoption
Reusable code simplified deployment and reduced effort to achieve regulatory compliance
Reduced risk of security breach, as well as blast radius in the event of a breach
Automatically enforced deployment standards to reduce the time it takes to correct security misconfigurations
Reduced operational and business costs via consolidation of cloud provisioning and security tools
Solution
SPH Media and its cloud platform team adopted the HashiCorp Cloud suite and standardized its modernization process on HashiCorp tools. This allowed SPH Media to move to a federated model for consuming cloud resources, enabling developers to deploy faster while lowering security risks. HashiCorp adoption also helped SPH Media earn brand credibility as a cutting-edge technical organization, and attract new talents to maintain its new and modern approach.
SPH Media Partner
Yong Wen Chua Head of Platform Engineering SPH Media
Yong Wen is an automation-obsessed developer who heads SPH Media’s cloud platform team. He has experience with Kubernetes, DevOps, cloud computing, and HashiCorp products. He remains an active contributor to HashiCorp solutions and open-source community.
George Irwin Director of Engineering SPH Media
George began his technical career as the co-founder and CTO of a number of private and public startups. Now leading SPH Media’s Engineering Department, he spends his time striving to enable teams to achieve their goal to transform SPH Media into an industry-leading, digital-first publisher.
Technology Stack
- Infrastructure :
- AWS, Google Cloud, Aliyun, and VMware
- Workload Type :
- Linux, Windows
- Container Runtime:
- containerd
- Orchestrator :
- Kubernetes/ECS
- CI/CD :
- Github Actions, CodePipeline
- Version Control:
- GitHub
- Data Service :
- S3, EBS
- Provisioning :
- HashiCorp Terraform Cloud
- Secrets Management:
- HCP Vault, HCP Boundary, AWS Security Hub
Take the next step
Learn how we can help you scale cloud success across your enterprise.