Road to Compliance: Will Your Internal Users Hate Your Platform Team?

code red code red

Enforcing rules and best practices consistently while enhancing operational efficiency, reducing risks, and controlling costs is a tricky journey, that often leads to frustration, loss of productivity, and friction between engineering teams and yours because the challenge is not purely technical.

Empathy and a customer-focused mindset are crucial, and a suite of AWS services, including AWS Security Hub, AWS Config, Service Control Policies (SCPs), and Tagging policies, can greatly assist in automating compliance checks, enforcing governance, and managing access and costs.

In this talk, we will share our journey as a platform engineering team in achieving robust internal compliance and show how we implemented governance and FinOps initiatives in a way that kept everyone on board fostering a positive and collaborative environment.

Interview:

What is your session about, and why is it important for senior software developers? Why should attendees prioritize your session?

This session is about how platform teams can enforce compliance, governance, and cost controls without becoming the most hated team in the company. (We’ve been there — it wasn’t nice.)

Internal compliance is a mix of technical tooling (think AWS Security Hub, Config, SCPs, tagging policies) and human strategy, and the hardest challenge is usually cultural and organizational, not technical. You don’t want to become the cloud police, but without a strong mandate, how can you achieve your goals without nagging everyone?

This talk shares our real-world experience of rolling out rules and guardrails in a way that helped developers rather than blocking them.

What are the common challenges developers and architects face in this area?

Developers and architects often struggle with unclear or constantly changing compliance requirements, a lack of visibility into why certain rules exist, and tools or processes that feel more like blockers than enablers.

There’s also the tension between speed and control: teams want to move fast, but without good guardrails, they risk introducing security gaps or uncontrolled costs. Platform teams often have to bridge the gap between platform mandates and product goals, which can lead to friction if the platform team is seen as “the cloud police” rather than a partner.

What's one thing you hope attendees will implement immediately after your talk?

I hope attendees leave with the mindset that compliance and governance are team problems to be solved collaboratively. Sharing our experience is meant to help others avoid the same mistakes, prompt self-reflection, and increase empathy for both the platform team and the engineering teams. Specifically, I hope people will look at how their own rules, tools, or policies impact developer experience, and start small steps toward making compliance feel like a shared responsibility, not a top-down burden.

What makes InfoQ Dev Summit stand out as a conference for senior software professionals?

In my opinion InfoQ Dev Summit stands out because it focuses on the real-world challenges senior professionals face, from architecture and leadership to culture and scaling. It brings together people who have deep technical expertise and the scars of navigating organizational complexity, creating an environment where honest, experience-based insights matter more than buzzwords (or, worse, product pitches disguised as tech talks).

What does being part of InfoQ Dev Summit mean to you?

Being part of InfoQ Dev Summit is an exciting opportunity for me to share ideas and lessons learned with a broader, diverse audience. I’ve been actively involved in the AWS community for years, but what makes this conference special is that it brings together senior professionals across technologies, platforms, and disciplines — it’s not limited to just one cloud provider or ecosystem. It’s a chance to contribute to conversations that cross boundaries, exchange ideas with peers from different backgrounds, and hopefully offer insights that resonate well beyond the AWS world.


Speaker

Davide de Paolis

Engineering Manager @sevdesk | AWS Community Builder | Serverless Aficionado | 20+ Years in the Tech Industry

Engineering Manager, AWS Community Builder, serverless aficionado, and outdoor freak. Originally from Italy, Davide de Paolis taught himself software engineering in his twenties after a life-changing sabbatical in New Zealand. With over 20 years of experience in the tech industry, he’s been living and working in Germany since 2013.

He began his journey building the both beloved and notorious Flash websites and expanded into Java, Unity3D/C#, TypeScript, Node.js, and React, before finding his passion in cloud engineering and platform work.

Since 2018, he has been leading teams that build strategic services and internal platforms to support scale and developer productivity. Obsessed with simplicity and effectiveness, he loves solving problems with code and at the bouldering wall.

Read more
Find Davide de Paolis at:

Date

Thursday Oct 16 / 10:20AM CEST ( 50 minutes )

Location

Versailles (Ground Fl.)

Share