44-7 · Chapter 44 · 4 min read

What Six Different Organizations Taught Me About CI/CD

Every engineering team I have worked with started from the same place: they needed to get changes to where users could use them. But how they built their

What Six Different Organizations Taught Me About CI/CD

Every engineering team I have worked with started from the same place: they needed to get changes to where users could use them. But how they built their delivery process looked completely different depending on who they were.

A startup with three people does not need the same pipeline as a fintech company under regulatory oversight. A mobile team shipping to app stores faces constraints that a database team managing legacy systems has never even considered. Yet when you look closely at all these cases, the same three patterns emerge.

The First Pattern: Everyone Starts From The Same Needs

No matter the organization, every team needs three things:

A way to send changes to where users can access them
Confidence that those changes will not break things
A way to fix problems when they inevitably appear

A small startup meets these needs with a simple pipeline and basic monitoring. A regulated company adds approval steps and audit trails. A SaaS company with multiple teams builds a service catalog and golden paths. A mobile-first team implements staged rollouts and remote configuration. A team dealing with legacy databases creates safe migration strategies. An infrastructure-heavy team adds governance for infrastructure-as-code and drift detection.

These are not different approaches. They are the same answers to the same questions, just with different levels of complexity.

The Second Pattern: Risk Determines How Much Safety You Need

The bigger the impact of a mistake, the more safeguards you add.

A small startup can tolerate a few minutes of downtime because they have few users. A fintech company cannot tolerate a single transaction error because the risk hits customers and regulators directly. A SaaS company with multiple teams cannot let one team break another team's service. A mobile-first team cannot push an update that crashes on thousands of devices. A team managing legacy databases cannot lose data because recovery takes days. An infrastructure-heavy team cannot let configuration drift because the impact spreads across the entire system.

Your risk profile determines how tight your process needs to be. Do not build more safety than your actual risk requires. Do not build less than your risk demands.

The Third Pattern: Automation Is Not The Goal

Automation is a tool for reducing repetitive manual work. Nobody automates for the sake of automation.

A startup automates deployment because they are tired of logging into servers every time. A regulated company automates audit trails because manually recording every decision is impossible. A SaaS company automates golden paths because they cannot train every new team from scratch. A mobile-first team automates staged rollouts because controlling thousands of devices one by one is not feasible. A legacy database team automates migrations because manual changes are too risky. An infrastructure team automates drift detection because checking infrastructure manually at scale is impractical.

Automation solves a specific pain. If you do not have that pain yet, do not automate yet.

Where Each Organization Starts

The difference is not in what they eventually build. The difference is where they start and what they prioritize first.

A startup starts with the simplest possible pipeline. They add safeguards only when something starts hurting.

A regulated company starts with compliance. Then they figure out how to make the process faster without losing the compliance.

A SaaS company with multiple teams starts with consistency across teams. Then they add flexibility within agreed boundaries.

A mobile-first team starts with distribution control. Then they build observability to monitor the effects of their releases.

A legacy database team starts with safe migration patterns. Then they fix the application deployment process around it.

An infrastructure-heavy team starts with governance. Then they ensure infrastructure changes do not disrupt the applications running on top.

How To Apply This To Your Team

There is no single pattern that fits every organization. But there is a framework you can use to figure out your own starting point.

First, identify what hurts most right now. Is deployment still manual? Do errors only get discovered after hitting production? Do database changes make you nervous? Does infrastructure keep drifting from the desired configuration?

Second, find the case study that most closely matches your situation. If your team is small, start with the startup pattern. If you are under regulatory oversight, start with the regulated company pattern. If you have multiple teams, start with the SaaS multi-team pattern.

Third, build one layer of safety at a time. Start with a simple pipeline. Add basic monitoring. Add approval steps only for high-risk changes. Add the next layer only when the need actually appears.

A Quick Practical Checklist

Before you design your next pipeline or add another tool, ask these questions:

What is the actual risk if this change fails?
What manual step is causing the most friction right now?
Can I solve this with a simpler approach before adding automation?
Does this safeguard match the actual risk level, or am I over-engineering?

The Concrete Takeaway

Your delivery process will change as your team, product, and risks grow. Do not copy someone else's pipeline. Understand what you actually need right now, build the simplest thing that meets that need, and add complexity only when the pain justifies it. The pattern that works for you today will not be the pattern you need next year. That is normal. That is how good engineering organizations evolve.