Strengthening security and resilience in SaaS company’s AWS modernisation

A leading SaaS provider partnered with Cevo to enhance their application migration process to their recently deployed AWS infrastructure, with a focus on robust security, resilience and cost management. Cevo implemented strategic initiatives to bolster security, streamline systems management, and improve monitoring and alerting. This resulted in a 90% faster client migration, a 25% reduction in non-production AWS costs, and improved operational efficiency and disaster recovery capabilities.

90% faster migration

of over 200 clients

Independent Software Vendor

Industry

Business challenge

The SaaS provider was facing technical challenges that were delaying their application migration process to AWS accounts previously established by Cevo using AWS Control Tower. Running two environments in parallel resulted in an approximate $100,000 increase on their annual AWS bill. Due to the time-consuming nature of building the in-house skill set required for the migration, the organisation partnered with Cevo leverage our expertise in AWS solutions to enhance security, improve operational efficiency and reduce costs.

Solution

Cevo collaborated with the SaaS provider over three months to conduct a comprehensive review of their existing environment and implement strategic initiatives to enhance security, resilience and operational efficiency across their AWS infrastructure.

Data and Client Migration

The Cevo team established a scalable serverless solution for migrating over 200 clients to the new AWS environment, enabling parallel migrations and seamless transitions. Migration efficiency increased by approximately 90%, with smaller client migrations reduced from over 10 minutes to less than 4 minutes.

As a part of this migration activity, Cevo migrated the application and database components to the new AWS account using efficient, purposebuilt solutions. This included 1TB of NFS to EFS using AWS Datasync, 4TB of application data stored using S3 cross-replication, and 2TB of RDS database using a serverless solution.

Enhanced Security

Security was a primary concern throughout this project. Cevo bolstered the organisation’s security posture by implementing key AWS best practices. This included least privilege for IAM roles to limit access, transitioning sensitive data from parameter store strings for enhanced protection, deploying AWS WAF for Load Balancer protection to safeguard against web exploits, and transitioning public EC2 instances to private subnets for improved network security. These measures collectively fortified their infrastructure, mitigating security risks and enhancing overall resilience.

Automated Patching

Cevo also implemented AWS Systems Manager for streamlined management and scheduling of EC2 instance patching, ensuring timely updates and reducing the window of vulnerability.

Monitoring and Alerting Enhancement

Datadog SIEM implementation

To enhance visibility and enable proactive response to potential issues, Cevo implemented Datadog SIEM and configured dashboards for real-time monitoring and alerting, empowering the SaaS provider to respond quickly to any anomalies or security threats.

Slack Notification for ECR Scanning

The organisation’s existing environment lacked a mechanism to receive notifications about application image vulnerabilities. To address this gap, Cevo integrated Amazon ECR scanning results with Slack notifications. This enabled the SaaS provider to promptly receive alerts about any identified vulnerabilities in their application images, empowering them to take swift action to remediate security issues and bolster their overall security posture.

Increased Operational Efficiency 

RDS Granular Backups 

Cevo rearchitected an Amazon RDS backup management solution to improve efficiency and reliability, and developed an automated solution for RDS granular database backups using AWS Step Function, S3, ECS, and AWS Lambda. 

Bulk Client Deployment 

The organisation’s existing process for deploying application packages to multiple clients was tedious and time-consuming. Cevo developed a bulk deployment system using AWS serverless services, automating the process and enabling simultaneous application versions deployment across hundreds of client environments. This serverless solution ensured scalability, cost-effectiveness, and streamlined management, providing the organisation with a powerful tool to expedite automated deployments and improve operational efficiency. 

Disaster Recovery 

The SaaS provider needed a disaster recovery plan to ensure business continuity in the face of potential disasters. Cevo helped establish a comprehensive disaster recovery process, including long-term backup processes using AWS Backup and centralised storage in a data bunker account. Cevo leveraged automation to ensure the seamless migration of significant data volumes across various storage services, minimising downtime and data loss in the event of a disaster. 

Cost Optimisation 

Cevo implemented several cost optimisation solutions for the organisation’s AWS infrastructure. This included deploying Instance Scheduler on AWS for EC2 and RDS instances to optimise resource utilisation and costs. Cevo also built a custom power management solution tailored specifically for ECS (Elastic Container Service) to enhance cost and resource efficiency in non-production environments. Finally, Cevo established S3 lifecycle rules to automatically manage the storage costs by transitioning infrequently accessed data to lower-cost storage classes or deleting expired objects, while ensuring data accessibility and compliance.

Outcomes

Cevo’s migration and modernisation efforts have resulted in significant enhancements across security, systems management, monitoring and alerting, disaster recovery, and data migration for the SaaS provider, including:

  • Rapid client migration – Successful migration of over 200 clients and their respective databases and files without a single incident, at a speed approximately 90% faster than the previous process.
  • Enhanced security – Strengthened security posture through AWS IAM controls, data encryption, infrastructure segmentation, and improved visibility into vulnerabilities, eliminating all high-severity vulnerabilities.
  • Improved operability – Scalable AWS platform offers seamless operability for migrated clients, with improved monitoring, alerting, and logging for a better user experience and simplified management.
  • Cost savings – Notable 25% reduction in the organisation’s non-production bill due to optimised resource utilisation and cost management strategies.
  • Reduced backup time – RDS Backup storage time is reduced from 8 hours to 3 hours, enhancing data protection and recovery efficiency.
  • Configuration as Code – Ensures consistent system configuration, reducing the risk of errors and downtime and enabling scalable infrastructure and applications management.
  • Streamlined deployments – Automated bulk deployment system allows simultaneous application version deployments across hundreds of client environments, improving operational efficiency and scalability.
  • Comprehensive disaster recovery – Established a robust disaster recovery process, ensuring business continuity with minimal downtime and data loss in the event of a disaster.

Enjoyed this customer story?

Share it with your network!