Scaling CI/CD: Lessons from Enterprises | Hokstad Consulting

Scaling CI/CD: Lessons from Enterprises

Scaling CI/CD: Lessons from Enterprises

If I had to sum this up in one line: enterprise CI/CD works best when I treat the pipeline like a product, put rules into code, and train teams to use one shared setup.

Here’s the short version:

  • I see the same three fixes come up again and again:
    • standardise pipelines
    • build compliance checks into the pipeline
    • support teams with training and platform guidance
  • The outcomes are clear:
    • Atlassian cut pipeline lead time by 96%
    • Pipedrive cut compute costs by 50%
    • Chase UK cut a rollout task from 2 months to 38 minutes
    • a UK public sector team increased weekly releases by 3x
    • Saxo Bank cut provisioning from 3 weeks to under 10 minutes
    • Citi cut deployment time from days to 7 minutes
  • The main things I would track are:
    • deployment frequency
    • lead time for changes
    • change failure rate
    • MTTR
    • cloud and build spend

What stands out to me is simple: as firms grow, CI/CD stops being just a tool problem. It becomes a people, ownership, and control problem. Shared templates, policy checks, and team enablement are what move the numbers.

::: @figure Enterprise CI/CD Transformation: Real Results from Real Companies{Enterprise CI/CD Transformation: Real Results from Real Companies} :::

Enterprise CI/CD - Scaling the Build Pipeline at Home Depot - Matt MacKenny, Home Depot

Quick comparison

Area Common problem What teams changed Example result
Shared platform Duplicated pipelines, mixed tooling, slow fixes Templates, IaC, central platform ownership 50% lower compute cost at Pipedrive
Regulated delivery Manual approvals, release windows, weak audit trails Policy-as-code, GitOps history, blue-green rollouts 3x more weekly releases in UK public sector
Team uptake Low consistency across teams Coaching, standard systems, AI support Citi cut deploy time to 7 minutes

If you want the plain answer, it’s this: standardise first, automate controls next, then help teams use the platform well. The case studies in this article back that up with cost, speed, and recovery data.

Case study 1: Standardising pipelines with a shared platform team

Starting point: duplicated pipelines and uneven quality controls

At enterprise scale, duplicated pipeline logic leads to patchy controls and slower upkeep. Pipedrive shows this clearly. With 300 engineers deploying across more than 600 repositories, Stéphane Moser summed up the problem:

For each of 600 repositories, we had to duplicate the steps and environment configuration, and adding a new repository or updating the current ones was repetitive work. [4]

When every repo carries its own pipeline setup, keeping security standards and quality gates aligned becomes a slog. One team fixes something here, another misses it there, and the gaps start to add up.

What changed: templates, IaC and platform ownership

The fix was to move pipeline logic out of individual repositories and into a shared platform. A platform team took charge of the common setup with templates and infrastructure as code. Product teams still controlled local parameters, but security scans, secrets handling and compliance checks shifted into the shared layer.

At Pipedrive, that meant moving from Jenkins and Codeship to GitHub Actions. The team rebuilt runner infrastructure on Amazon EKS, with Karpenter handling node scaling and Actions Runner Controller (ARC) managing GitHub Actions runners. In plain terms, the setup could scale from zero to hundreds of runners on demand.

Faire tackled the same kind of issue from a different angle. Staff Platform Engineer Ben Poland led Project Farpoint, moving from a monolithic Jenkins setup to a Buildkite and Kubernetes model. Before the change, everything ran through a single Jenkinsfile:

One service failure blocked every deployment. [2]

The new fan-out CI model changed that. A trigger job worked out which microservices were touched by a code change, then launched only the child pipelines that mattered. That meant failures stayed isolated, and teams stopped burning compute on jobs they didn't need.

Different stacks, same pattern: central ownership, controls written into the platform, and far less duplication.

Results: faster delivery and lower running costs

The payoff was simple. Less manual work, more consistent controls, and less waste in the underlying infrastructure.

Metric Before standardisation After standardisation
Build time 6 hours [1] 1.5 hours [1]
Infrastructure flake failures Frequent Reduced by 60% [1]
Compute costs Baseline Reduced by 50% [4]
Recovery time (MTTR) About 2 hours [1] About 42 minutes [1]
PR wait times Long Reduced by 50% [2]

Pipedrive's self-hosted runner setup now handles over 500,000 minutes of workflows and 300,000 runs per month, while supporting up to 400 deployments a day at half the compute cost of its previous Jenkins setup [4]. The platform team runs the infrastructure, and product teams keep moving without having to look after runners or shared controls.

The next challenge looks a bit different: keeping delivery speed high while adding tighter control in regulated, legacy-heavy environments.

Case study 2: Scaling CI/CD in regulated and legacy-heavy environments

Starting point: quarterly releases, manual approvals and fragile deployments

Where standardisation cuts waste, regulated delivery needs something tighter: automation that keeps control in place.

In regulated organisations, CI/CD tends to slow down when approvals, audits and release windows stay manual. Continuous delivery only starts to scale when those controls move into the pipeline. In UK finance, insurance and public services, delivery models are often shaped by risk controls such as change boards, weekend maintenance windows and manual approvals. The outcome is familiar: quarterly or monthly releases become standard [3]. And despite the intent, manual processes don’t lower risk. They make compliance harder to track and audits harder to piece back together.

A UK justice organisation upgrading its CI/CD tooling during a move from UKCloud to Azure cut annual costs by over £1 million and produced more with a team of 9 engineers, compared with 14 at the previous vendor [7]. A UK public sector organisation handling OFFICIAL-SENSITIVE data was also still relying on manual waterfall processes before shifting to an automated framework built with GitLab, Jenkins and AWS CDK [3].

What changed: policy checks, progressive delivery and traceable evidence

The goal wasn’t to remove controls. It was to build them into the delivery flow.

Chase UK's approach shows this well. Between 2021 and 2024, the bank moved from a Spinnaker-based setup to a Harness-based platform and built Open Policy Agent (OPA) policy-as-code into the pipeline. Each deployment had to pass automated regulatory checks before it could reach production. As Petrut Iordachescu, Platform Lead on CI/CD and Observability, Chase UK, put it:

Go slow in prepping, so you can go faster in migration, because we have internal checks, and there's some regulatory checks and compliances that we have to make sure that we abide by. [5]

That prep work mattered. The bank scaled to 500 microservices across 50+ AWS accounts, and delegate rollout dropped from two months to 38 minutes [5].

Saxo Bank tackled the same issue in a legacy-heavy setup by codifying service needs instead of handling them by hand. Simon Rohrer, Global Head of Enterprise Architecture & Ways of Working, Saxo Bank, described the aim like this:

The objective... is to take these challenges from arcane and distributed enterprise knowledge... to a one stop declarative approach: all your service's needs in a single file. [6]

The Saxo Service Blueprint put that idea into practice. Developers state what a service needs - identity, firewall rules, database roles - and the platform takes care of provisioning and compliance. Every change goes through a pull request, which creates an audit trail without extra manual paperwork. Over 12 months, the platform ran 1,827 automated infrastructure operations from just 379 user commits [6].

For the UK public sector organisation working with OFFICIAL-SENSITIVE data, the answer was blue-green deployments paired with zero-trust IAM controls and multi-party verification inside the pipeline itself [3]. Rollback stopped being a manual fire drill and became a technical switch. That’s what gave the team the confidence to release more often.

Results: shorter release cycles without weakening control

Metric Legacy/Manual Model Automated CI/CD
Release frequency Quarterly or monthly windows Weekly or on-demand releases [3]
Provisioning time Weeks of lead time (manual tickets) Under 10 minutes (self-service) [6]
Compliance checks Manual change boards Automated policy gates via OPA [5]
Audit trail Manual documentation and spreadsheets GitOps history and pipeline logs [6]
Incident recovery Days (reactive) Minutes (auto-remediation) [3]
Manual deployment effort High, with weekend windows About 40% lower [3]

The results weren’t small. The UK public sector organisation saw a 3x increase in weekly releases after moving to automated CI/CD [3]. The UK justice organisation delivered over £1 million in annual cost savings and higher output with 9 engineers instead of 14 [7]. Saxo Bank cut namespace provisioning from an average of 3 weeks to under 10 minutes [6].

Once controls live in the pipeline, the next challenge is making sure teams use them the same way every time.

Case study 3: Training, enablement and AI-assisted improvement

Why training changed the outcome

Once controls move into the pipeline, the next hurdle is adoption. A standard platform helps, but it doesn't solve the whole problem. Big teams need coaching as well as tools if they're going to use the same pipeline patterns in a steady, consistent way.

SLB, a global energy technology company, dealt with this head-on during a multi-year transformation led by NKD Agility. Instead of just rolling out new tools, the programme built internal coaching capability alongside system consolidation. The team cut 27 fragmented DevOps toolchains down to 7 standardised systems across more than 800 teams [9]. As Martin Hinshelwood of NKD Agility put it:

Standardizing and consolidating systems is essential to enable effective leadership, collaboration, and engineering excellence at scale. [9]

That led to more confidence in delivery, better visibility for leadership, and lower operating costs. The shift came from both consolidation and team enablement.

Using delivery data and AI to target support

Once teams share common systems, delivery data starts to tell a clearer story. You can see where failures pile up, which services are brittle, and which teams need extra support.

Citi scaled CI/CD to 20,000 engineers and cut deployment time from days to 7 minutes [8]. Results like that don't come from tooling on its own. As Jidong Lab noted:

Citi's 20,000 engineers going from 'days' to '7 minutes' wasn't about swapping one tool for another. It was about letting a platform automate the act of deployment itself. [8]

AI can also help teams get up to speed faster and use the platform in the same way. It can generate pipeline YAML from plain-language prompts, classify build failures, and suggest fixes for security vulnerabilities, which helps teams get comfortable with the system [8]. Vivun reported a 300% efficiency gain after adopting a standardised platform with AI-assisted tooling [8].

Where consulting support fits

Specialist support can help enterprises keep platform adoption and training on track. For teams that already have the platform but still struggle with uptake, Hokstad Consulting can help with training, automation, and cloud cost reduction.

The main lesson is simple: scale depends on platform design and team capability.

Conclusion: Key lessons from enterprises that scaled CI/CD well

These case studies show the same pattern again and again. Enterprises that scaled CI/CD well didn't just buy better tools. They changed their view of software delivery. Instead of treating the pipeline like a shared script that nobody owns, they treated it like a product and gave it a clear owner.

After that, the next step is order. Standardise before you optimise. Get the platform into a common shape first. Then improve it once shared patterns are in place.

The same idea carries over to governance. Put compliance into code instead of stacking up approval chains. Chase UK showed that automated policy checks can cut rollout time from two months to 38 minutes [5].

Cost needs the same level of attention. Track cloud and build spend from day one, because usage goes up fast at scale. One Atlassian platform team saved £3.15m in a single year by using dynamic pipelines to remove irrelevant tests from builds [1].

None of this sticks unless teams use the platform in the same way. For UK decision-makers, the practical takeaway is simple: measure what changed, not just what was rolled out. Look at deployment frequency, lead time, mean time to recovery (MTTR), and how many manual approval steps were removed. Then close the gaps that are still slowing teams down. If you need help linking platform investment to measurable outcomes, Hokstad Consulting works with teams on DevOps transformation, automation, and cloud cost reduction.

FAQs

Where should an enterprise start with CI/CD scaling?

Treat CI/CD as production infrastructure, not just a toolbox. That shift matters. When teams see pipelines as part of the delivery system itself, they tend to give them the same care they give apps in production.

Start with the biggest pain points first. Slow build times and flaky tests usually sit at the top of the list, and for good reason: they waste time, sap trust, and slow teams down. From there, standardise pipeline patterns with shared templates. That cuts maintenance work and keeps configuration sprawl from getting out of hand.

At scale, the focus moves to a self-service internal developer platform. The aim is to give teams room to move without losing central governance, observability, and reproducible workflows. In plain terms, developers should be able to ship without wrestling the platform every day, while platform teams still keep clear guardrails in place.

Measure success with the metrics that show whether the setup is working for people: developer adoption and team velocity.

How do policy checks speed up delivery without reducing control?

Policy checks speed up delivery by swapping slow, bottleneck-heavy reviews for automated guardrails inside the CI/CD pipeline. With policies as code, teams can move on their own within pre-approved limits and get immediate feedback on compliance and security before changes hit production.

That cuts out delays from manual sign-offs while keeping standards consistent and audit-ready. It also lowers human error and helps enterprises scale deployments safely without weakening governance.

What metrics best show whether CI/CD changes are working?

Track results against DORA metrics: deployment frequency, lead time for changes, change failure rate, and mean time to recovery. Taken together, they show how fast teams ship, how stable releases are, and how well they recover when things go wrong.

It also helps to watch day-to-day measures like build duration, queue time, flaky test frequency, and platform adoption rates. These numbers make bottlenecks easier to spot and help confirm whether teams are, in fact, delivering faster.