Contact

GCP Architecture & Platform Engineering for SaaS and Technology Companies — Canada & USA

SaaS platforms have a specific architectural problem that most cloud consultants underestimate: the platform has to be secure, multi-tenant, and highly available from day one — but it also has to be cheap enough to run at Series A and scalable enough to handle Series C growth without a redesign. Getting that balance wrong at the architecture stage costs months of engineering time to fix later.

I’m Amit Malhotra, a Principal GCP Architect based in Toronto with 20+ years in IT and 6+ years hands-on designing and operating Google Cloud platforms for SaaS teams. I specialise in the platform layer — the GKE infrastructure, Terraform foundation, DevSecOps pipelines, and internal developer platforms that let your engineering team ship product fast without worrying about what’s underneath. I’ve worked with SaaS teams across Canada and the USA at every stage — from pre-launch architecture through to platform modernisation at scale.

Every SaaS engagement I run is guided by the SCALE Framework — my structured GCP architecture methodology covering Security by Design, Cloud-Native Architecture, Automation with Terraform, Lifecycle Operations (DevSecOps), and Elastic Scalability. It ensures the platform we build doesn’t need to be redesigned when you hit your next growth milestone.

PROBLEMS I SOLVE

WHAT I TYPICALLY SEE

The SaaS Platform Problems I’m Brought In to Fix

I’m typically engaged when a SaaS engineering team is hitting one or more of these walls — often when the platform that worked at launch is starting to buckle under growth:

  • Infrastructure that was provisioned manually at launch and never properly automated — no Terraform, no IaC, and configuration drift between Dev, Staging, and Production that causes bugs you can only reproduce in production
  • A GKE or Kubernetes platform that was adopted without the operational foundations to run it reliably — no cluster hardening, no workload isolation, no proper node pool strategy, and on-call engineers firefighting instead of building
  • Multi-tenant architecture that wasn’t designed with tenant isolation from the start — shared resources between customers creating both security risk and noisy-neighbour performance problems
  • DevSecOps pipelines that are fragile and slow — CI/CD that takes 40 minutes, breaks regularly, has no security scanning, and makes every deployment feel like a risk
  • No internal developer platform — each engineering team provisioning infrastructure differently, with no self-service foundation and no standardised way to deploy workloads to GKE or Cloud Run
  • GCP costs scaling faster than revenue — over-provisioned node pools, no autoscaling strategy, and no FinOps visibility into what’s actually driving the bill
  • Security and compliance requirements becoming a blocker — SOC 2 requirements or enterprise customer security reviews exposing IAM gaps, missing audit logging, or network segmentation that was never designed in
MY APPROACH

Platform Foundation First — Then Velocity

The mistake most SaaS teams make is optimising for shipping speed at the expense of platform quality — and it works, right up until it doesn’t. By the time the platform is causing engineering pain, the team is too busy shipping features to stop and fix it. I’ve seen this pattern enough times that I now start every SaaS engagement with the same question: what does this platform need to look like at 10x your current scale, and what do we need to change now to get there without a crisis?

My approach is to build the right GCP foundation first — the Terraform module structure, GKE cluster architecture, multi-tenant isolation model, and DevSecOps pipeline design — so that every feature your team ships lands on a platform that’s already ready for the next stage of growth. I work directly with your engineering team throughout, not through a project manager or account team.

What I design and implement for SaaS platforms on GCP:

  • Multi-tenant GKE architecture — namespace isolation, network policies, workload identity per tenant, and node pool strategy designed for both security and cost efficiency
  • Terraform-driven infrastructure — every GCP resource version-controlled, reproducible across environments, and deployable without manual steps
  • Internal Developer Platform design — a self-service platform built on GKE and Cloud Run so engineering teams can provision environments and deploy workloads without infrastructure tickets
  • DevSecOps CI/CD pipelines — automated, secure delivery with SAST/DAST scanning, container image signing, Policy-as-Code, and zero-manual-step deployments
  • GCP security architecture — Workload Identity Federation, least-privilege IAM, VPC Service Controls, Binary Authorization, and Secret Manager integration
  • Multi-region and high-availability architecture — regional failover, Cloud Load Balancing, and GKE regional clusters designed for the uptime SLAs your enterprise customers expect
  • FinOps and cost architecture — autoscaling node pools, Spot VM strategy, committed use discounts, and cost allocation by tenant or team
OUTCOMES

What Your GCP Platform Looks Like After We Work Together

SaaS platform engineering isn’t measured in services deployed or lines of Terraform written. It’s measured in what your team can do that they couldn’t before — and what they stop worrying about:

  • Deployments are automated, fast, and low-risk — your team ships to GKE or Cloud Run in minutes via a CI/CD pipeline with security built in, not bolted on
  • Infrastructure is reproducible — every environment provisioned from the same Terraform codebase, with no manual steps and no configuration drift
  • Multi-tenant isolation holds — customers can’t affect each other’s performance, and your security boundary is structural rather than policy-dependent
  • Developer velocity increases — your internal developer platform gives engineers self-service access to environments and deployments without waiting on infrastructure
  • GKE is stable and operable — your team can deploy, scale, and debug workloads on Kubernetes without depending on a specialist to keep the cluster running
  • Security is audit-ready — your GCP IAM model, audit logging, and network controls are structured so SOC 2 or enterprise security reviews confirm what you already know
  • Costs are predictable — GCP spend scales proportionally with usage, with visibility into what each team or tenant is consuming
WHEN TO ENGAGE

When SaaS Teams Typically Engage Me

I’m typically brought in at one of these inflection points — when the platform is becoming a constraint rather than an enabler:

  • Pre-launch — building the GCP platform from scratch and wanting to get the Terraform foundation, GKE architecture, and DevSecOps pipeline right before engineering velocity becomes a priority
  • Post-Series A — the manual infrastructure that got you to launch is now causing deployment pain, and you need a proper IaC and CI/CD foundation before the team scales
  • GKE adoption — moving from Cloud Run or VMs to Kubernetes and needing the platform engineering depth to design, harden, and operate GKE at production scale
  • SOC 2 or enterprise compliance — a security review or compliance requirement exposing IAM gaps, missing audit logging, or network controls that need to be redesigned, not patched
  • Platform scaling — user growth creating GCP cost and performance problems that require a proper autoscaling strategy and architecture review
  • Internal developer platform — multiple engineering teams needing a standardised, self-service deployment foundation built on GKE and Cloud Run
LETS TALK

Building or Scaling a SaaS Platform on GCP? Let’s Start With a Direct Conversation.

I work with SaaS teams at every stage — from pre-launch architecture through to platform modernisation and compliance readiness. Whether you’re building from scratch, dealing with infrastructure pain from fast growth, or preparing for a security audit, I start with a free 30-minute architecture review: an honest look at where your platform is, what’s holding it back, and what needs to change.

You work directly with me — Amit Malhotra, Principal GCP Architect. No account manager, no junior engineers, no hand-offs. Just hands-on architectural work from someone who has built the kind of platform you’re trying to build.

Let’s Talk

Speak Directly With Amit Malhotra

Email

amit@buoyantcloudtech.com

Operating From

Based in Toronto (EST), working with engineering teams across Canada & USA

Tell me about your current platform and where you're trying to get to. I'll respond with thoughts, not a proposal.

Speak directly with me — a Principal Cloud Architect — about your GCP architecture, security, platform engineering, or MLOps goals. I typically respond within one business day.

✓  Free 30-minute call     ✓  No proposal, no pressure     ✓  Responds within one business day

Get In Touch

Buoyant Cloud Inc
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.