65% team reduction: re-engineering a software asset platform

Context

A global investment bank operated a Tier-1 Software Asset Management (SAM) platform supporting 12,000+ Linux servers across a Hadoop-based Enterprise Data Lake. The platform had grown organically over a decade — high operational toil, heavy support load, recurring incidents, and ballooning licensing costs.

Problem

• Access provisioning was manual, slow, and audit-fragile
• Recurring incidents from misconfigured access and stale entitlements
• Licensing spend was untracked across the fleet — paying for unused seats
• Support team had grown to handle service requests linearly with fleet size

Approach

Re-architected the platform end-to-end as a privileged-access governance system:

• Modeled access as code with full lifecycle automation — request → approval → provision → expire → revoke
• Closed the loop with usage telemetry — entitlements unused for N days were auto-flagged for revocation
• Extended the platform to manage the full software lifecycle — procurement, packaging, SCCM-based deployment, deprecation
• Operated Ansible at fleet scale across Hadoop, Kafka, and Windows / Linux servers — OS patching, drift prevention, HashiCorp Vault integration to eliminate plaintext credentials
• Automated infrastructure provisioning with Hyper-V VMs and sandboxes; enforced least-privilege and immutable patterns

Outcome

• 65% team-size reduction for ongoing operations
• 60% reduction in service requests
• 100% elimination of the recurring incident class
• 60% licensing cost savings through automated revocation of unused entitlements
• Compliance audits closed without findings

Stack

Ansible, SCCM, Hyper-V, Hadoop, Kafka, HashiCorp Vault, Splunk, ServiceNow ITSM, internal SAM tooling.