← All case studies

Energy

Dutch energy grid operator

AWS and Azure landing zones plus a unified Kubernetes platform. Engineering teams got self-service provisioning across two clouds and one operating pattern.

Dutch energy grid operator
Client

A Dutch regional grid operator distributing electricity and gas to millions of households and businesses. They wanted a cloud foundation with predictable costs, consistent security baselines, and faster delivery of new workloads such as smart-grid telemetry, customer data platforms, and renewables integrations.

Challenges

Cloud usage had grown organically and the gaps were starting to bite:

  • Cloud spending was hard to attribute. Teams could spin up resources, but management could not tell which project or department was responsible for which line on the bill.
  • Account and security baselines drifted between teams. Each project set up networking, IAM, and logging its own way, which made governance reviews painful.
  • Security controls and compliance evidence were inconsistent. There was no shared set of guardrails, so each audit started from scratch.
  • Cloud skills were uneven across teams, which slowed adoption and made the few experienced people a bottleneck.
  • Provisioning new environments was mostly manual, with long lead times and small mistakes that were expensive to roll back.
  • Container workloads had grown faster than the operational story around them. Teams ran a mix of ECS and Kubernetes without consistent patterns for security, scaling, or upgrades.
What we did

We worked with their cloud and security teams on both the foundation and the operating practices around it:

  • Built a cost visibility model with consistent tagging, per-team budgets and alerts, and a regular review cadence so teams could see and own their spend.
  • Ran requirements workshops with engineering, security, and finance to settle on principles before we wrote infrastructure code.
  • Set up an AWS Landing Zone in 2019 with standard account structure, network design, baseline security controls, and shared services for logging and identity.
  • Extended provisioning into Azure, with a single workflow for requesting environments and applying firewall and security policies across both clouds.
  • Added security monitoring and automated response paths for the issues that came up most often: misconfigured public buckets, unexpected IAM changes, suspicious console activity.
  • Migrated workloads from Amazon ECS to Kubernetes. We ran multi-tenant clusters for shared platform services and dedicated clusters for workloads with stricter isolation needs.
  • Ran training and pairing sessions for internal teams and partners so the new patterns would actually get used after we left.
Results
  • Spend became attributable. Teams could see their own usage and act on it, and finance had numbers it could plan against.
  • New environments dropped from weeks of ticket back-and-forth to hours of self-service provisioning.
  • Security baselines and audit evidence became consistent across accounts, which shortened compliance work considerably.
  • The Kubernetes platform absorbed both shared services and isolated workloads on one set of operational patterns, which cut the amount of bespoke runbook-keeping.
  • Engineers across teams could ship to AWS and Azure without waiting on a small group of cloud specialists.
  • The company had headroom to take on smart-grid and renewables work without rebuilding the platform underneath it.

Working on something similar?

Send a few sentences about what you're building. We'll be honest about whether we can help.

Start a conversation