Hey there! Welcome to Platform Weekly. Your weekly lay of platform engineering bricks. Every week, we unpack another piece of the best practices, news, and insights from the platform engineering community. This week we’ve got another guest newsletter by Lou Bichard, he’ll be sharing some thoughts on the new wave blasting it’s way through regulated industries. Let’s get crunchy🥐

What’s hot in platform engineering?

• Haven’t answered the 2025 DevEx survey yet?
• The Community Platform as a Product whitepaper gets an update🔥
• The next certification class of Platform Engineering Fundamentals opens it’s doors. Come join!

Make regulated companies fun again

Picture this: You’re working at a neobank fintech startup. The vibes are great and your team is a bunch of cracked devs. Yeah it’s hard work but it’s fun. Then all of a sudden, there’s chat about “regulatory requirements” and the CISO is talking about VDI…

You can literally feel the energy draining from the company. 

And it’s not even rolled out yet! Since it’s not your first rodeo in fintech you know exactly what's coming: ridiculous constant disconnections and pure frustration. 

That flow state you’ve just got back? It’s gone. 

Security is the achilles heel for platform in regulated industries

For platform engineering teams in regulated industries, this has always been an impossible situation. 

You want to provide an amazing developer experience but you also need to maintain security and compliance. Tools like VDI are a deal with the devil where you trade developer productivity for security. For developers working in banks, healthcare, or government this has been the status quo forever. We have to hear our friends talk about their smooth development setups while we’re over here writing code with chopsticks. 

But something very interesting is happening in regulated industries now. (And I am not just highlighting it because I am known as the CDE guy in Platform Weekly).

According to Gartner, by 2027, 40% of highly-regulated organizations will write software in secure, automated, standardized development environments (CDEs). Bear in mind this isn't just “another Gartner tech prediction”. We’re already seeing the wheels turning in a fundamental shift to how regulated industries are approaching development that’s already underway. There is a reason why one of the world’s largest private equity funds just ditched their VDI for a CDE.

Getting side-project flow whilst working in a regulated industry

Remember that feeling from a side project? Perfect flow. Everything is simple. Restart the server, refresh the page and boom. Instant feedback loop. That's what we're talking about but in regulated industries. That means using your IDE of choice, so either VS Code or JetBrains. And it’s literally those exact editors and not some frankenstein online web editor thing. 

For platform teams, this is the breakthrough we've been waiting for. Instead of being the team that has to say "it's complicated" to every request, we get to be the team that delivers a development experience that our developers—and us, too—actually want to use. We can meet those security and compliance requirements, without compromising dev experience. 

This is at the same time when the rise of AI and coding assistants makes regulated organizations realize how much they need to modernize their developer experience to even participate. Platform teams are at the critical epicenter of all these changes (great news for you). The days of clunky, slow, frustrating development in regulated industries could actually be seriously numbered. There’s light at the end of the tunnel for actual developer experience in regulated industries.

“Sounds good, but that won’t work for us”

I know what you’re thinking: "This all sounds great, but it won't work for us”. Because you have super strict security requirements, compliance needs, and regulatory obligations that will prevent the security team from even considering this. That’s the thing, these tools pass security reviews at the world's most secure organizations. We're not talking about a potential, hypothetical future; this is already happening across the world’s largest banks, healthcare providers and government entities. So it is not impossible that poor devex in regulated industries could become a thing of the past.

No-one wants to develop software where you can’t even get the most simple development task done. It’s soul-sucking and worse still it’s often horrific for your career. You can literally feel your dev skills atrophying. 

If you want to read more from someone other than myself, I suggest grabbing a copy of the Gartner Platform Engineering Hype Cycle that I shared above where you can find that exact quote. Let’s forget making deals with the devil and no longer trade-off our developer experience for security through clunky VDI solutions.