Proof of Concept
Three patterns we see again and again — backed by industry research, real numbers, and the open-source projects that make them work.
The Great Cloud Jailbreak
Cloud vendors make it easy to get started — frictionless onboarding, managed services for everything. But once RDS is in your ORM, SQS in your event bus, and Lambda in your API layer, switching providers becomes a multi-quarter project. That's not necessarily malicious — it's just how proprietary services work. The fix: swap them for open-source alternatives that run anywhere Kubernetes does. CloudNativePG for your database. NATS for messaging. MinIO for object storage. Same application logic, zero vendor coupling, and suddenly your cloud negotiations get a lot more interesting.
“Across 50 top public software companies, an estimated $100 billion of market value is being lost to cloud impact on margins. Repatriation results in one-third to one-half the cost of running equivalent workloads in the cloud.”
— a16z — "The Cost of Cloud, a Trillion Dollar Paradox"Your SaaS Can't Get Past the Lobby
Your product demos beautifully. Pipeline's full. Then the enterprise buyer says "we need this in our VPC" and your team realizes there's no playbook for that. A government agency wants it air-gapped and the timeline starts stretching. This isn't a niche requirement though — in a survey of 405 ISVs, 92% reported on-prem sales growth over five years, and 54% pull the majority of their revenue from it. GitLab does $459 million a year in self-managed subscriptions — that's 60% of their total revenue. The pattern: one Helm chart, one artifact, deploy to any Kubernetes cluster in under an hour.
“92% of companies reported their on-premises software business has grown over the past five years; 50% reported strong growth. Customer demand for on-prem software equaled that of public cloud offerings.”
— Replicated / Dimensional Research — 405 ISVs surveyed, 2024# What your customer actually runs:
helm install analytics ./chart \
--set global.domain=data.acme.internal \
--set global.storageClass=gp3 \
--set postgresql.persistence.size=50Gi \
--set ingress.tls.enabled=true \
--set license.key=$LICENSE_KEY
# That's it. Same app, their infra.
#
# Works on:
# EKS, AKS, GKE, OpenShift
# k3s, RKE2, Tanzu
# Air-gapped, on-prem, edge
#
# One artifact. Every environment.Waterfall to Warp Speed
Software for DoD weapons systems used to take 3 to 10 years to ship. By the time code hit production, the threat landscape had moved on entirely. Then the Air Force's Kessel Run went concept-to-MVP in 124 days and started deploying every 11.2 hours. SoniKube put three Kubernetes clusters on an F-16 in 45 days. Platform One proved you could save $12.5 million per app per year by sharing a common DevSecOps stack instead of every program building their own. The tooling: Iron Bank hardened containers, Big Bang for the platform, and cATO to replace the 6–18 month traditional ATO cycle with continuous authorization.
“Releases that once took 3–8 months can now be achieved in one week. 37 teams are building applications on Kubernetes across weapons systems — space, nuclear, jets.”
— CNCF — U.S. Department of Defense Case Study# DoD Platform One — Big Bang
# Full DevSecOps stack. One manifest.
istio:
enabled: true # Service mesh
values:
hardened:
enabled: true # DISA STIG compliant
monitoring:
enabled: true # Prometheus + Grafana
logging:
enabled: true # EFK → Loki stack
twistlock:
enabled: true # Runtime defense
kyverno:
enabled: true # Policy engine
argocd:
enabled: true # GitOps delivery
Ready to Run the Play?
Whether you're escaping vendor lock-in, packaging for enterprise buyers, or building for federal missions — let's talk about what the numbers say is possible.