Our work
Anonymised case studies. Specific architecture, real outcomes. Full named references available under NDA.
Sector
Regulated infrastructure · Europe
Engagement
12-month design and delivery, ongoing managed services
Challenge
A critical infrastructure operator needed to replace a legacy back-office platform supporting field operations across a large distributed fleet. The existing system relied on perimeter security and shared service accounts that were no longer defensible at audit. Field devices needed reliable, sub-second authentication against a central identity service, with cryptographic identity to prevent device spoofing. The team had a fixed rollout window and could not tolerate downtime on the operational workloads the platform supported.
The work
We designed and built a zero-trust platform on Azure Red Hat OpenShift. Device and workload identity through Keycloak, federated with the operator's existing identity tenant. mTLS across in-cluster communications using an internal PKI managed via cert-manager. Application Gateway with WAF at the edge, with TLS inspection on east-west and north-south traffic. GitOps deployment pipelines via ArgoCD with policy enforcement. Secrets externalised to Azure Key Vault, surfaced into the cluster through ESO. Full observability stack with metrics, logs, and traces aligned to operational SLAs.
Outcomes
Technologies
Sector
Healthcare · United States
Engagement
8 months, transitioned to client team
Challenge
A healthcare provider operating across multiple sites was running clinical systems on aging on-premises infrastructure. Patient data lived in three different formats across two clinical platforms and one shared file server with weak access controls. A HIPAA review had given them six months to demonstrate proper data segmentation, audit logging, and disaster recovery. They needed a path to a modern platform without disrupting clinical operations.
The work
We designed an Azure landing zone aligned with HIPAA and HITECH controls. Hub-and-spoke networking with private endpoints on every PaaS service. Customer-managed keys for encryption across storage and database tiers. Conditional Access policies tied to device compliance and risk signals. A secure data migration pipeline using Azure Data Factory with field-level masking for non-production environments. Defender for Cloud enrolled at the Standard tier with custom alerting routed to the operations team.
Outcomes
Technologies
Sector
Financial services · West Africa
Engagement
6 months migration + 3 months stabilisation
Challenge
A growing payments business was running on a single-region hosted infrastructure that had outgrown its capacity. They were seeing intermittent latency spikes during high-traffic windows, had no documented disaster recovery, and faced increasing scrutiny from their banking partners around operational resilience. They needed to move to a multi-region cloud architecture, prove DR capability, and reduce monthly infrastructure costs (which had grown faster than transaction volume) without disrupting payment flows.
The work
We migrated the core payments platform from a single-region hosted provider to a multi-region Azure landing zone. Active-passive failover between South Africa North and West Europe with automated DR drills. Service mesh on AKS with mTLS between services. PCI-DSS-aligned network segmentation with strict egress controls. Database tier moved to Azure Database for PostgreSQL with geo-replication and point-in-time recovery. Cost optimisation tactics applied throughout: reserved instances on stable workloads, auto-scaling on traffic-variable services, tag-based showback for product-level cost allocation.
Outcomes
Technologies
Send us the brief. We'll respond within 24 hours with a written scope.
Request a quote