Skip to content
NewLatest articleDatabricks Lakebase: what it is and how to prepareRead
HAVI Logistics & Fleet

HAVI: visibility and a 22% Azure saving, found

22% Azure cost reduction identified by the audit

The challenge

HAVI is a global logistics and supply chain company serving the food and beverage industry, with more than 10,000 employees and over $1B in annual revenue. A few years earlier it had moved to the cloud fast. The migration worked, but speed came at the cost of best practice, and the tech debt stayed.

Then the company began shifting from centralized governance to business-unit-oriented operations, which meant the Azure estate had to be understood before it could be handed over. Nobody could see it clearly enough to do that. As Joel Ferreira, HAVI’s Senior Manager of Cloud Engineering and Operations, described the environment:

More than just a ‘black box’! Everything around it was also pitch black. We had zero visibility into things like: How many databases are there? How many servers do we have? Firewalls? What does our security look like? What are our risks?

Three problems sat underneath that: poor visibility across systems, security and compliance gaps, and cost inefficiency carried forward as technical debt. All of it had to be addressed during a restructuring, which is the hardest possible time to do it.

What we did

Three senior Tarmac DevOps engineers, each with more than ten years of experience, embedded alongside HAVI’s own team. We ran a comprehensive, evidence-based DevOps audit rather than a questionnaire. Global read-only access let us discover the estate without touching it, and we worked in two-week agile sprints throughout.

The audit inventoried and validated the environment from several angles at once:

  • Azure Resource Inventory and Azure Resource Graph to map every resource and dependency
  • Manual validation through the Azure Portal and CLI, so the map was verified rather than assumed
  • An Azure DevOps review of pipelines, repositories, service connections, and governance controls
  • Security posture checks across RBAC, Azure Policy, Defender for Cloud, and identity configuration

The output was built to be used, not filed: documentation with network maps and diagrams, a prioritized remediation roadmap over 0, 3, 6 and 12 months, and a longer modernization plan across 3 to 5 years. We then executed against it, moving the estate onto infrastructure as code with Terraform and Terragrunt under GitHub version control.

This was never a requirements-to-proposal-to-delivery consulting engagement. The restructuring meant the path had to be discovered:

There was a lot of uncertainty, a lot of things that needed to be done to chart our path. It was never like ‘Tarmac is coming here to do this, this, and this.’ It was a lot of mutual exploration and discovery.

The results

Cost. The audit identified a 22% potential reduction in Azure spend, decommissioned outdated resources, and replaced manual operations with infrastructure as code, which also removed a third-party dependency.

Security. Critical vulnerabilities were discovered and mitigated. 27% of users held excessive permissions, corrected through RBAC and access policies, and a joiner-mover-leaver process was introduced to keep identity governance from drifting back.

Efficiency. Deployment and operational workflows were standardized across teams, infrastructure changes that used to be manual now complete in seconds, and the cloud architecture is unified, documented, and scalable.

HAVI can now see its cloud, owns it in code, and knows exactly what to fix next and in what order. The engagement has been running for more than a year and continues today.

Tech stack

  • Azure
  • Terraform
  • Terragrunt
  • GitHub Actions
  • Azure DevOps

“From my experience with other companies, when a consultant is in an environment where they have to sink or swim, they usually sink. With Tarmac, it was the opposite.”

Joel Ferreira Senior Manager of Cloud Engineering & Operations, HAVI

Let’s build something worth taking off.

Tell us what you’re building. We’ll assemble the senior team to ship it.