Essentia Analytics wanted to make a significant shift in how they operated and the type of clients they could pitch their software and services to. Operating in the financial industry, security was always going to top the priority list. But they also wanted to save on time and costs through increasing their automation and control.
Essentia Analytics is a SaaS vendor providing behavioural analytics and performance consulting services to equity portfolio managers at investment management firms around the world.
When they approached us in 2017, their platform was already hosted on AWS and made use of Amazon EC2.
What Essentia Analytics said...
We’ve been continuously impressed with the expertise at The Scale Factory. We made their team jump our infrastructure through some serious security hoops, because of the degree of control we wanted and the security needs of our clients.
It’s not always been easy because the security policies we have are complicated. But with our new infrastructure I know we can expand at scale and that we can pitch to more sophisticated clients with even higher security demands.
With the workloads we have moved over, we’re beginning to see the benefits in cost control too. And we have greater control and better visibility of our infrastructure.
This infrastructure is a step-change for us.
Before stepping up their operations, Essentia wanted to ensure their infrastructure on AWS was easily scalable and reliable, with minimal blast radius from any security issue that might arise.
Essentia’s existing platform was complex. The original developers had moved on, and with limited DevOps knowledge, they had some skill gaps that were hard to fill.
The team was building up their AWS and security experience, but lacked the deep technical knowledge of Terraform and Puppet to achieve what the company needed to, including making more of the potential savings that automation could offer.
Essentia was already using AWS. They wanted to continue using the services.
Why The Scale Factory?
Essentia chose us because of our experience building, operating, and scaling infrastructures. They knew they had tight deadlines to meet, and felt that working with an established team was their least risky option.
At the time, there were two possible options on AWS that would satisfy Essentia’s need to have their clients’ data storage components deployed on a one-account-per-tenant basis while making it possible for other components to be shared to keep cost and complexity under control. The two options were to use AWS Landing Zone or to build a custom solution with Terraform or AWS Cloud Development Kit (CDK).
Back then, CDK was too immature and we eliminated it during our discovery workshops. Instead, we decided to use AWS Landing Zone to bootstrap the account structure and establish a security baseline across the estate. It fitted the requirements well and saved having to build from scratch.
We then integrated it with Terraform, which is used for day-to-day operations. We chose it because of it’s quick development cycle, meaning features can be brought to production faster. We wrote a custom tool to make this integration possible.
Workloads continue to use Amazon EC2 and AWS RDS instances and AWS Elastic File System.
Landing Zone can be used to automatically configure a number of core AWS security features including AWS CloudTrail, Amazon GuardDuty and AWS Identity and Access Management(IAM) for new accounts. These and a number of other security features combined with logging and monitoring using Grafana and Prometheus, give the team greater visibility of the system while limiting access to data and keeping clients’ secrets safe.
We built the infrastructure, updating the Essentia Analytics team with regular show-and-tell sessions on what we were building. This was combined with running training sessions on key elements of the new infrastructure, so that the team could develop their knowledge as we built, and were then able to put it into practise as they began migrating workloads to the new platform themselves.
Through our Support Subscription they can contact our site engineers or solutions architects at any time with questions or to deal with any issues that come up because of the complex security requirements. But for the most part, the team feel they have the tools and the learning to manage the infrastructure themselves.
Essentia are well along the journey of migrating their workloads to the new infrastructure. They are confident they can now expand at scale while being able to deal with the administrative burdens that come up with different client’s security demands, such as having to deploy third-party solutions across hundreds of accounts.
They have also obtained their ISO 27001 certification on the back of the work that has been done, which will make meeting due diligence requirements from potential clients that much simpler in the future.