When the golden path can’t support a business outcome, that’s not a failure of the platform—it’s a test of organizational maturity. And the real test comes when you assign accountability.

Every deviation from the paved road triggers the same questions:

• Who’s going to pay for this exception?

• Who owns ongoing support once the initial project is live?

• How do we keep security and compliance intact while enabling delivery?

That’s where the political battle happens. Mature organizations don’t avoid these fights—they structure them.

From Gatekeeper to Product Manager: The Modern ARB

Too often, architecture review boards (ARBs) are remembered as police forces—slow, rigid, focused on compliance above all else. That model doesn’t work in a world where platform teams are competing with the cloud marketplace for developer mindshare.

A modern ARB needs to function more like a product manager for the platform:

• Managing Risk, Not Just Saying No: Security and compliance don’t go away, but they become constraints to manage, not blunt-force vetoes.

• Documenting Exceptions: Deviations should be treated as time-boxed exceptions with specific controls and a named owner. The blast radius of the new application has to be understood and contained.

• Prototyping & Planning: A “no” should always be followed by “here’s how we can safely test this.” The responsibility shifts from blocking risk to managing it thoughtfully.

When the Business Case Demands an Off-ramp

A business unit will only take the off-ramp when the promised platform can’t deliver a critical outcome.

I once worked with a pharmaceutical company where the ERP system had to be recertified every time the underlying infrastructure changed. For compliance reasons, a simple lift-and-shift to public cloud wasn’t on the table. The platform team couldn’t just wave a standard template at the business. They had to co-design a path forward that balanced innovation with regulatory guardrails.

That process wasn’t about technology—it was about governance maturity: putting names, budgets, and timelines on the exception instead of pretending the paved road fit every case.

The Platform as a Paved Road with Managed Exits

The best platforms make the secure, compliant path the easiest path. That’s the paved road: predictable, well-lit, and fast.

But there will always be off-ramps. And if you don’t define them, business teams will build their own. The key is to design those exits up front:

• Clear documentation for when and how exceptions are allowed

• Named accountability for deviation owners

• A process for review and reintegration back to the paved road

This is where organizational maturity shows. Accountability for exceptions isn’t procedural—it’s political. Who funds the ongoing support? Who carries the risk when leadership changes? Without explicit answers, exceptions become orphans, and IT inherits the mess.

The Leadership Challenge

The real maturity test isn’t how rigidly you enforce the golden path. It’s how effectively you support the business when exceptions are unavoidable—and how directly you surface the political accountability questions.

Strong platform leaders don’t sweep these fights under the rug. They shine a light on them, force ownership decisions, and manage the risk in plain sight. Governance as product management means enabling business outcomes, even when the paved road doesn’t fit, without leaving IT holding the bag.

Have you registered for our Buyer Room webinar reviewing VMware Cloud Foundation, and whether you should stay or go?