Keyrock is a global crypto market maker and liquidity provider, operating critical trading infrastructure across digital asset markets. The business runs a multi-account cloud environment on AWS, alongside additional cloud providers and SaaS systems. At this scale, infrastructure needs to be delivered with speed, governance, and clarity – without relying on a centralized team to manage every change
Keyrock used Terraform Cloud to manage infrastructure delivery. As Keyrock grew and its cloud infrastructure scaled, Terraform Cloud became harder to operate with confidence. Drift and manual changes introduced risk, and permissioning couldn’t keep up with how Keyrock needed to scale access across teams. The infra team ended up absorbing too much of the day-to-day change load.
Keyrock Challenges: infrastructure bottlenecks, limited control & drift
Terraform Cloud did the job early on, but as Keyrock scaled, infrastructure became harder to manage with confidence. Legacy Terraform code, drift, and unmanaged-by-IaC resources introduced operational risk, while workspace sprawl made it difficult to enforce ownership at scale.
Keyrock needed a model that could scale access across engineering teams while enforcing segregation and least privileged operations.
Rob Dudley, Head of Infrastructure at Keyrock, described the business impact:
“We were introducing significant risk through drift and unmanaged-by-IaC resources. This lack of confidence then impacts your delivery cadence and velocity.”
Keyrock began looking for a Terraform Cloud alternative. The goal wasn’t just to fix drift – it was to democratize infrastructure access without losing control. Keyrock needed a solution that was reliable enough to safely hand infrastructure ownership to engineering teams across the business.
Keyrock Solution: replacing Terraform Cloud with ControlMonkey
Keyrock adopted ControlMonkey as a Terraform Cloud replacement to build a more scalable infrastructure delivery model – one that delivers full visibility into discrepancies between cloud vs. code, enforces permissioned access across teams, and supports audit-ready automation across the cloud estate.
First win: visibility into IaC vs. real infrastructure
Keyrock’s first win with ControlMonkey was visibility – surfacing the gap between Terraform code and real cloud infrastructure, including drift and ClickOps. The DevOps Team gained clear visibility across the estate.
“The big one was the ability to visualize and surface the delta between what we thought we had and what we actually had. We went from 0% visibility on ClickOps & drift to having 100% visibility”
Compliance-ready governance
Keyrock operates under strict regulatory and security requirements, including DORA, MiCA, and SOC 2. At this scale, compliance depends on infrastructure delivery that is locked down, auditable, and clearly owned across teams. ControlMonkey gave Keyrock the foundation to enforce segregation and responsibility, so the business can move fast while staying secure and audit-ready.
Our ability to meet our compliance needs all depend on having a system that is fully locked down, fully auditable, nicely segregated, and very clear in terms of responsibility.
Democratizing IaC: shifting infrastructure ownership beyond a central team
As Keyrock grew, infrastructure delivery couldn’t stay centralized within the infrastructure team. The team needed a way to expand infrastructure access across engineering teams while keeping delivery controlled, auditable, and safe. ControlMonkey enabled that shift – making infrastructure a shared workflow rather than something handled only by a small group.
Rob described the impact ControlMonkey has had on his Team:
I highly recommend ControlMonkey to peers. Not only for its amazing technology stack but also because of the speed in which they push features that make our lives easier
As part of this shift:
- Stakeholders contributing to Infrastructure changes grew 8× – from ~5 people to ~40 active contributors
- ~70–80% of infra change management contributors are now from outside the infrastructure team
- Engineers gained the context they need to make safe changes, even when access is read-only — including full plan visibility
The Results
With ControlMonkey, Keyrock gained clear visibility into the gap between infrastructure in code and infrastructure running in the cloud – including drift and manual ClickOps changes. What started as a Terraform Cloud replacement quickly became a foundation for scaling infrastructure delivery across engineering teams, without losing governance or auditability.
Already, the platform has delivered meaningful impact – Keyrock now have 0 drift & clickops on their best practice cloud estate.
More importantly, infrastructure is no longer something that is “done to teams.” It has become a shared workflow and a common point of conversation across the engineering org:
The sheer level of support, service and partnership that we get from working with ControlMonkey can’t be overstated. It is night and day compared to other providers that we’ve worked with
Ready to eliminate ClickOps, and scale IaC across your engineering org?
ControlMonkey helps engineering teams ship infrastructure with confidence — with full ClickOps visibility, drift control, and org-wide IaC participation.
Request a demo to see how it works:
A 30-min meeting will save your team 1000s of hours
A 30-min meeting will save your team 1000s of hours
