Contact

Enterprise Platform Modernization on Google Cloud — Architect-Led, Canada & USA

Enterprise platforms don’t age gracefully. What worked at 200 employees becomes a liability at 2,000 — tightly coupled applications, manually managed infrastructure, deployment processes that require institutional knowledge to operate, and security models that were designed for on-prem and were never meant for cloud-native workloads.

I’m Amit Malhotra, a Principal GCP Architect based in Toronto with 20+ years in IT and 6+ years hands-on with Google Cloud, Terraform, GKE, and DevSecOps. I specialise in the architectural work that makes enterprise modernisation succeed — not just lifting workloads to GCP, but redesigning the platform foundation so it’s secure, automated, and built to support engineering teams for the next decade. I’ve done this across some of the most complex and regulated enterprise environments in North America, including RBC, Tangerine Bank, Telus Health, and Loblaws — environments where getting the architecture wrong has real operational and compliance consequences.

Every enterprise modernisation engagement I run is guided by the SCALE Framework — my structured architectural methodology for GCP platforms. It ensures the platform we build is secure by design, cloud-native, Terraform-automated, DevSecOps-integrated, and built for elastic scalability from day one. It’s what separates a clean modernisation from one that creates new technical debt while resolving the old.

PROBLEMS I SOLVE

WHAT I TYPICALLY SEE

I’m typically engaged when an enterprise engineering team is dealing with one or more of these situations — often several at once:

  • Legacy applications tightly coupled to on-prem infrastructure — where every deployment is a manual, high-stakes event that requires coordinating multiple teams and carries real risk of breaking production

  • Infrastructure provisioned by hand with no Terraform or IaC foundation — no reproducibility between Dev, Staging, and Production, and configuration drift that causes bugs you can only find in production.

  • A GKE or container platform adoption that stalled — teams that moved to Kubernetes but never built the operational foundations to run it reliably at enterprise scale
  • Security designed for on-prem — static service account credentials, overprivileged IAM, no Zero Trust, no Workload Identity Federation — creating audit exposure in a cloud-native world
  • No internal developer platform — multiple engineering teams running different infrastructure configurations with no shared foundation, no self-service, and no standardized deployment process
  • A CI/CD pipeline that’s fragile and manual — releases that require coordination across teams, carry deployment risk, and slow down engineering velocity
  • Cloud costs growing faster than the business — over-provisioned VMs, orphaned services, and no FinOps visibility into what’s driving the GCP bill
MY APPROACH

The most common mistake in enterprise modernisation is starting the migration before the architecture is right. I’ve seen teams spend months moving workloads to GCP only to find the security model doesn’t meet their compliance requirements, the network design can’t support their workloads, and the infrastructure has no Terraform automation — just the same manual processes running in a new environment.

My approach is to get the foundation right before anything moves. That means designing the multi-project GCP landing zone, Workload Identity Federation model, Terraform module structure, and GKE cluster architecture first — so every workload we migrate lands on a solid, standardised platform rather than adding to the technical debt.

What I design and implement in enterprise modernization engagements:

  • Multi-project GCP landing zone architecture and organisation hierarchy design
  • Terraform-driven Infrastructure as Code — replacing all manual provisioning with reproducible, version-controlled IaC across every environment
  • GKE platform design and hardening — cluster architecture, node pool strategy, workload isolation, and Kubernetes security baseline
  • Internal Developer Platform (IDP) design — giving engineering teams a self-service, standardized platform to deploy from, built on GKE and Cloud Run
  • DevSecOps pipeline implementation — CI/CD with security scanning, Policy-as-Code, and automated compliance checks embedded at every stage
  • Zero Trust security architecture — Workload Identity Federation, least-privilege IAM, VPC Service Controls, and network segmentation
  • FinOps and cost visibility — right-sized resources, autoscaling strategy, and GCP cost governance tooling so spend grows proportionally with usage
OUTCOMES

What a Modernized GCP Platform Looks Like After We Work Together

Enterprise modernization isn’t measured in lines of Terraform or number of services migrated. It’s measured in what your engineering team can do that they couldn’t before:

  • Deployments are automated and low-risk — your team ships to production via CI/CD pipelines, not manual processes coordinated across Slack
  • Infrastructure is reproducible — every environment provisioned from the same Terraform codebase, with no configuration drift and no snowflake servers
  • Security is structural, not reactive — your GCP security posture is auditable because it was designed in, not patched after the fact
  • Your GKE platform is stable and operable — engineering teams can deploy, scale, and debug workloads without depending on a specialist to keep it running
  • Developer velocity increases — engineers spend time building product, not fighting infrastructure or waiting for manual environment provisioning
  • Cloud costs are visible and governed — you know what you’re spending on GCP, why, and where you can optimize without impacting reliability
  • The platform scales without a redesign — your GCP architecture handles 10x growth without requiring another modernization project in 18 months
WHEN TO ENGAGE

When Enterprise Teams Typically Engage Me

I’m typically brought in at one of these inflection points — often when an internal team has hit the limits of what they can solve without an independent architectural perspective:

  • Migrating from on-premises infrastructure to GCP and needing a structured landing zone and migration architecture — not just a lift-and-shift
  • Adopting Kubernetes and GKE but lacking the platform engineering depth to design, harden, and operate it at enterprise scale
  • Building or rebuilding an Internal Developer Platform — standardizing how multiple engineering teams provision infrastructure and deploy workloads
  • Facing a security audit, SOC 2, or compliance requirement that’s exposing gaps in the GCP IAM model, network segmentation, or DevSecOps pipeline
  • Replacing manual Terraform management or legacy infrastructure tooling with a proper IaC foundation across all environments
  • A modernization project that’s stalled — workloads partially migrated, technical debt accumulating, and no clear path forward
LETS TALK

Planning an Enterprise GCP Modernization? Let’s Start With an Honest Conversation.

  • Enterprise modernisation projects fail when the architecture isn’t right before migration begins. I start every engagement with a free 30-minute architecture review — an honest assessment of your current GCP environment, what’s worth keeping, what needs redesigning, and what the right sequence is for getting there without disrupting production.

    Whether you’re in the early planning stages or mid-way through a modernisation that’s stalled, I work directly with your engineering team — no sales layer, no junior delivery, no hand-offs. Just a Principal GCP Architect with hands-on experience in the environments your platform needs to match.

    Book a Free Architecture Review

Let’s Talk

Speak Directly With Amit Malhotra

Email

amit@buoyantcloudtech.com

Operating From

Based in Toronto (EST), working with engineering teams across Canada & USA

Tell me about your current platform and where you're trying to get to. I'll respond with thoughts, not a proposal.

Speak directly with me — a Principal Cloud Architect — about your GCP architecture, security, platform engineering, or MLOps goals. I typically respond within one business day.

✓  Free 30-minute call     ✓  No proposal, no pressure     ✓  Responds within one business day

Get In Touch

Buoyant Cloud Inc
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.