Executive Summary

Partnering with multiple market-leading healthcare and financial organizations, software vendors, and startups, our client delivers a service that allows companies to define whether their cloud infrastructure complies with modern security standards, such as HIPAA, GDPR, etc. However, the company needed help with scaling their business because of the outdated Python library. Luckily, the Matoffo team came up with an efficient Cloud Custodian solution to solve this issue. Ultimately, our cooperation resulted in the development of a new service for analyzing cloud infrastructure.

About the Client

Our client is a leading provider of innovative solutions for organizations seeking to establish and maintain robust compliance programs in the public cloud. With the rise of cloud computing and the increasing demand for secure and compliant data management, the company offers a comprehensive platform that simplifies policy development and technical control implementation while ensuring compliance with industry standards like HIPAA and SOC 2. Standing for the mission of unlocking healthcare and finance in the cloud, our client empowers organizations by developing custom policies and technical controls that align with their unique business needs and security objectives.

Customer Challenge

Unfortunately, the core of the platform’s functionality (the scanner that directly analyzes the cloud infrastructure) used a Python library that had not been maintained by the developer for a long time and was not adapted to the client’s scaling needs. Over time, these shortcomings became critical for the client since the ability to scale their business was severely limited by the previously chosen technical solution, which also did not allow for the use of new service delivery models such as SaaS.

Considering the above, our client was looking for skilled developers with deep knowledge of Python and excellent analytical capabilities to define whether it is possible to tailor the library to their company’s needs. The client consulted with their development team and other experts and came up with an idea to make changes to the outdated library but to focus on alternative libraries and tools, i.e., Cloud Custodian.

Why Cloud Custodian

Cloud Custodian is an industry standard in the field of cloud governance that is actively used and updated by the community, minimizing the risks associated with using this tool and ensuring its further support. Hence, if you are looking for a powerful solution to manage your cloud resources, Cloud Custodian is the answer.

This exceptional technology provides a wide array of robust tools that enable you to filter, tag, and take action on your cloud resources, ensuring that your infrastructure is always well-managed, secure, and cost-optimized. With Cloud Custodian, you can also easily define rules using our YAML DSL to enforce policies and automate tasks across your cloud environment.

Why Matoffo

The client had previously approached Matoffo for DevOps expertise. Since our exceptional quality of work, commitment to customer satisfaction, and intense focus on innovation and creativity resulted in great cooperation, the client returned to our team again with a request to develop a Proof-of-Concept using Cloud Custodian for a SaaS model of a cloud resource scanner based on AWS services.

Matoffo Solution

We implemented a comprehensive cloud infrastructure analysis solution leveraging AWS services and Cloud Custodian for automation and operational excellence. The solution includes:

Infrastructure Components:

• AWS Lambda for serverless compute execution
  • Python 3.9 runtime environment
  • Automated scaling based on workload
  • Configurable memory and timeout settings
• AWS API Gateway for RESTful API access
  • API versioning and stage management
  • Request throttling and quotas
  • API usage monitoring
• Amazon S3 for report storage and archival
  • Lifecycle management policies
  • Versioning enabled for audit trails
  • Cross-region replication for redundancy

Workflow Orchestration:

• AWS Step Functions for process automation
  • Error handling and retry logic
  • State management and tracking
  • Visual workflow monitoring
• Cloud Custodian integration
  • Custom policy definitions in YAML
  • Resource filtering and tagging
  • Automated remediation actions

Monitoring and Observability:

• CloudWatch Logs for centralized logging
  • Log retention policies
  • Log insights for analysis
  • Real-time log monitoring
• CloudWatch Metrics for performance tracking
  • Custom metrics for business KPIs
  • Automated alerting thresholds
  • Operational dashboards

Security and Compliance:

• IAM roles and policies for service access
• API Gateway authentication and authorization
• S3 bucket encryption and access policies
• VPC endpoints for secure communication
• AWS X-Ray for distributed tracing

The development process followed an iterative approach, starting with a simple PoC and gradually expanding to a full SaaS solution over four months. The implementation team consisted of two DevOps engineers focusing on Python development and infrastructure support.

Business Value

Operational Excellence:

• Reduced cloud infrastructure analysis time by 75%
• Decreased mean time to detect (MTTD) issues by 65%
• Achieved 99.9% service availability

Cost Optimization:

• Reduced operational costs by 40% through serverless architecture
• Optimized resource utilization across client environments
• Decreased infrastructure waste by identifying unused resources
• Automated cost allocation and reporting

Security and Compliance:

• Automated detection of 95% of security misconfigurations
• Implemented continuous compliance monitoring
• Achieved real-time security posture visibility

Scalability and Performance:

• Reduced analysis latency by 80%
• Maintained consistent performance during peak loads

Resource Management:

• Automated tagging compliance
• Reduced manual infrastructure reviews
• Enhanced resource lifecycle management

Client's Feedback

The cloud infrastructure analysis service provided by Matoffo is an excellent solution for businesses looking to optimize their cloud infrastructure, which is why the client was satisfied with the result. Moreover, we provided this global professional services company with valuable guidance on improving infrastructure and answered any questions that arose during the development process. Wrapping up, our client highly recommends Matoffo to anyone looking for an efficient on-budget solution to enhance their cloud infrastructure.