As an Amazon Web Services (AWS) Advanced Consulting and Solution Provider partner, CirrusHQ works with a range of organisations in both the public and private sectors. Their activities may demand very different approaches to the use of Cloud, but the need for an optimised solution is common to all our clients. 

Whatever you are working on in the cloud, from a single server right up to a multi-region, multi-account deployment, everything in the cloud should be monitored carefully to ensure it is delivering the outcome you expect, whilst optimising your monthly AWS spend.

In this series of blogs we have focussed on the main benefits delivered for clients following a well-architected review (WAR), starting with cost-optimisation and the need to develop a constant process of refinement and improvement over a workload’s life-cycle. 

In the second we detailed the benefits for security best practice likely to be attained following a WAR, with a significant improvement in Cloud security high on the list of achievements for almost all our clients. 

In this blog, the third in the series, we review the actions typically required to improve the governance of your AWS Cloud, so you have a clearer picture of what resources you are using and why. This aspect of the WAR and the remedial actions, form part of the cost optimisation pillar. 

Remediations are not all related to cost, but all ensure all architectural best practices are followed, across five pillars defined by AWS, which are (please note, a sixth pillar is to be added in 2022 for Sustainability):

  • Operational Excellence  
  • Security  
  • Reliability  
  • Performance Efficiency  
  • Cost Optimisation   

The cost-optimisation pillar seeks to address a number of potential issues and one of these is helping clients understand how they can readily govern usage in their AWS Cloud. 

Governing usage makes organisational and economic sense

Once the initial excitement of understanding just what is possible in the AWS Cloud has subsided, it is critical all of your AWS usage is tracked and you are able to define where it is all coming from. Linked to this aspect of the cost-optimisation pillar, is knowing where you are incurring cost and tracking resource usage over time, to ensure you aren’t paying for resources you do not use or need. 

It sounds simple, but the ease with which you can scale and exploit new resources to achieve innovation and new outcomes, can lead to your Cloud becoming flabby and unstructured; it works well, but can cost you more than it needs to.

Problems can arise following the initial setup of your Cloud. Typically in our experience, costs do not tend to be very well segregated, and understanding who within your organisation owns the specific costs, can be challenging. 

Additionally, costs that are quite low initially can gradually increase the longer you use the cloud, if you don’t keep an eye on them. Backups are a great example of this, we would all like to have backups available right back to day 1 when we created our services, but there is a balance to be achieved between the cost of storing backups and how far back they should go.

Concentrating on the outcomes and not accurately tracking project costs is another common problem we identify during a WAR. If unresolved, it can lead to unused resources being left running, which wastes money for no reason, when it can be easily addressed.

Deep dive to understand where your costs are coming from

Having looked at the issue of governance, understanding what resources you are using and paying for, we’ll now look at the remediation steps you can take to ensure you only pay for what you use, when you use it, without impacting the performance of your AWS Cloud.

And of course, you can do all this yourself. Or you can work with a trusted AWS partner, such as CirrusHQ, whose certified engineers have many years experience of the AWS Well-Architected Framework, delivering reviews and helping obtain AWS credits to support related remediation work.

Unique policies – if you haven’t already, you will need to develop policies that define how resources are managed by your organisation, covering the cost aspects of resources and workloads, including creation, modification and decommission over the resource lifetime.

Goals and targets – it is important to implement both cost and usage goals for your workload, which will provide direction to your organisation, whilst setting targets will provide measurable outcomes for your workloads.

Account structure – introduce a structure of accounts that maps to your way of working, to assist with managing and allocating costs to the right groups or departments. Consider developing a tagging strategy to allow for accurate cost allocation and to prevent users from creating cost-intensive resources.

Control access – by assigning groups and roles that reflect your policies, you can control who is able to create, modify, or decommission instances and resources across your organisation. Making people accountable through development, test and production groups for example, will help you maintain stricter control throughout.

Project lifecycle – introducing methods to track, measure and audit the lifecycle of projects, teams and environments, you will avoid using and paying for unnecessary resources. Monitoring everything on a daily basis will stop runaway costs based on new usage and tracking resources that are no longer in use will stop the waste.

Cost controls – controls that reflect your organisational policies and defined groups or roles, will ensure that costs are only incurred in line with the defined needs of your organisation; removing random access gives you cost control through allocations to different teams. 

Are you ready for WAR?  

By now you should know why a WAR makes sense, given the likely remediations we will undoubtedly suggest to help you optimise and control your monthly spend. But here are a few specific benefits when you take steps to answer the question; ‘How do I govern usage?’ 

The typical benefits delivered following successful remediation include:

  • Keeping costs under control and optimising spend on AWS
  • Tracking who is using resources and determine if the resources are really needed
  • Allocating costs to specific departments and groups by need
  • Preventing waste paying for resources you no longer need
  • Identify areas for cost improvements across your organisation

Having read this blog, you should now understand that AWS, through the WAR best practice, can ensure your Cloud is not only fully optimised, but that it costs you as little as possible whilst delivering the required outcomes.

Working with an AWS Advanced Consulting and Solution Provider partner, such as CirrusHQ, you can govern your usage more effectively, optimise your AWS Cloud and reduce your monthly spend. As an AWS Well-Architected Framework Certified Partner, we have identified over 2,000+ Well-Architected Review High Risk Issues and conducted over 2,400 hours of Reviews. This makes us ideally experienced and qualified to carry out the Well-Architected Review.

And remember, following a review, we will develop an action plan with you, to carry out the recommended remediations. Once this plan is agreed, we will also assist you in applying for $5000 of service credits from AWS to offset against the costs of CirrusHQ carrying out the improvement or remediation work. When you’re ready, we’re ready.

 

Optimise your Cloud with an in-depth review of your infrastructure to accelerate your Cloud journey – Contact us.

 

Improved security for your data

CirrusHQ is an Amazon Web Services (AWS) Advanced Consulting and Solution Provider partner, which means we work with AWS clients to ensure their investment in AWS, the world’s most comprehensive and broadly adopted cloud platform, is optimised and delivers all it should.

AWS currently offers hundreds of fully featured services from a host of global data centres, allowing clients to leverage AWS to lower their costs, become more agile and innovate faster.

But these Cloud environments need monitoring to ensure they remain optimised, which is where well-architected reviews (WAR) come in. We have explained a WAR and what is included and the main benefit accrued, cost optimisation .

When undertaking a WAR, the benefits are achieved through remediation actions that are highlighted when ensuring architectural best practices are followed, across five key areas or pillars, which are:

  • Operational excellence  
  • Security  
  • Reliability  
  • Performance efficiency  
  • Cost optimisation   

These pillars include unique design principles which give rise to important benefits when we have remediated the issues found during the WAR process. From our research of reviews undertaken by CirrusHQ, the second most important benefit delivered to our clients, is the answer to the question; ‘How do you protect your data at rest?’.

 

Security in the AWS Cloud

The Security pillar is critical to address the challenging environment all organisations find themselves working within and includes the ability to protect data, systems and assets to leverage cloud technologies to improve security.

There are seven design principles for security in the AWS cloud:

#1 Implement a strong identity foundation: The principle of least privilege should be used and duties separated, with appropriate authorisation for interactions with your AWS resources.

#2 Enable traceability: Monitor, alert and audit actions and changes to your environment in real time, whilst integrating log and metric collection to automate investigations and take actions.

#3 Apply security at all layers: Utilise defence in depth, with multiple security controls and apply to all layers, such as edge of network, VPC, load balancing, every instance and compute service, etc. 

#4 Automate security best practices: Automated software-based security will improve your ability to scale securely, quickly and cost-effectively, whilst creating secure architectures.

#5 Protect data in transit and at rest: Classify your data into sensitivity levels and use mechanisms, such as encryption, tokenisation and access control where appropriate.

#6 Keep people away from data: Reduce or eliminate the need for direct access or manual processing of sensitive data to reduce the risk of mishandling or modification and human error.

#7 Prepare for security events: Be prepared with incident management and investigation policies and processes that match your needs, then run incident response simulations.

 

Data risks uncovered through well architected reviews (WAR)

The security best practice looks at the security of your data while it is stored in AWS, in areas such as databases, operating system drives and S3 (Amazon Simple Storage Service), a service offered by AWS that provides object storage through a web service interface.

There are a number of risks our WARs have highlighted, starting with the fact that unencrypted data is at risk of access from external malicious actors. Secondly, if not stored securely, leaked encryption keys can allow unauthorised access to this data. Finally, users with too wide permissions may have unauthorised access to data and encryption or allow keys or data to be leaked accidentally.

 

Security best practice

Best practice specifies that this data should be encrypted to stop malicious users from accessing it without permission, and this protection should be enabled by default and automated where possible to avoid any missed areas. 

Also, keys used for encryption should be securely stored and only users who need access for their role, should be allowed to access the encryption keys and data.

It is worth covering a few of the most common security remediations CirrusHQ has carried out, following a WAR:

  • Enabling Encryption on all data at rest within AWS. Covering these areas and more:
    • S3
    • RDS Databases
    • EBS Storage
    • EFS Storage
  • Securing encryption keys in KMS, both amazon managed and customer-managed
  • CloudHSM Hardware Security for keys
  • Enforce Least Privilege Access
  • Automation of encryption of data
  • Enabling users to get the results they need without direct access to data using dashboards and other mechanisms to keep people away from the raw data

It is also worth remembering that AWS recommend you conduct a WAR every 12-18 months, to evaluate your AWS architectures and identify any issues.

Our AWS Certified Solutions Architects and Well-Architected Ambassadors leverage their expertise to undertake a deep-dive review into the performance of your existing AWS workloads. We then recommend how these workloads can be re-architected so that they adhere to best practices and meet your business goals.

From a review this we develop an action plan with you, to carry out recommended remediations.  Once a plan is agreed we will also assist you in applying for $5000 of AWS service credits from AWS (T&Cs apply)  to offset against the costs of CirrusHQ carrying out the improvement or remediation work.

 

Are you ready for WAR?  

We have looked at the reason for a WAR, the likely remediations under the security pillar and now we’ll cover the likely benefits, most of which would come under the heading ‘keeping your data safe, keeping your organisation secure’. 

The benefits delivered following remediation actions include:

  • Secure data in transit and while at rest in AWS 
  • Decreasing the likelihood of data leakage
  • Secure Keys for encryption to reduce risk of unauthorised access of your data
  • Providing users with the tools they need to do their job while still securing your data

In the current climate, when the news carries stories of hacking, ransomware and data theft on an almost daily basis, security has to be in your top three priorities. As an AWS client, you can work with CirrusHQ to minimise the risks to your data, with AWS helping pay towards keeping you safe – what’s not to like? 

Check back regularly to read valuable insights that will help you get more from your AWS Cloud environment, some of which will be technical in approach and some such as this one, with a focus on the likely business benefits of getting a WAR started.

 

REQUEST A WELL-ARCHITECTED REVIEW

CirrusHQ have identified and remediated thousands of high risks for organisations, to improve cost, application performance, and reduce security risks in their AWS environment. From a review we develop an action plan with you, to carry out recommended remediations.  Once a plan is agreed we will also assist you in applying for $5000 of AWS service credits from AWS (T&Cs apply)  to offset against the costs of CirrusHQ carrying out the improvement or remediation work..

Optimise your Cloud with an in-depth review of your infrastructure to accelerate your Cloud journey – Contact us.

 

Well Architected Reviews deliver three major benefits

AWS Well-Architected Reviews deliver three major benefits

As an Amazon Web Services (AWS) Advanced Consulting and Solution Provider Partner, we are introduced to a growing number of organisations that are looking to get more from their commitment to the AWS Cloud.

For more than a decade, CirrusHQ has been trusted by AWS to undertake well-architected reviews (WAR) to deliver a range of benefits to clients, ensuring they are more efficient and effective with their applications. We have a particular specialism in helping education establishments, as one of the few AWS Partners certified to do so.

Having conducted more than a 100 well-architected reviews, we have assessed what top three issues our clients have used these reviews to address and will detail them for you.

Before we look at the top three benefits you are likely to achieve following a WAR, we’ll look at why you might consider now is the right time to get started.

Firstly, AWS recommends you conduct a WAR every 12-18 months, to evaluate your AWS architectures and quickly identify potential issues with your environment.

Our AWS Certified Solutions Architects and Well-Architected Ambassadors leverage their expertise to undertake a deep-dive review into the performance of your existing AWS workloads. We then recommend how these workloads can be re-architected so that they adhere to best practices and meet your business goals.

From this we develop an action plan with you, to carry out recommended remediations.  Once a plan is agreed we will also assist you in applying for $5000 of AWS service credits from AWS (T&Cs apply)  to offset against the costs of CirrusHQ carrying out the improvement or remediation work.

  • Operational excellence
  • Security
  • Reliability
  • Performance efficiency
  • Cost optimisation

Each of these five key areas or pillars include a number of unique design principles and as you might imagine, give rise to the top three benefits when we have remediated the issues found during the WAR process. Now we’ll look at those benefits in more detail and in their order of importance, according to client feedback, starting with cost optimisation.

Cost optimisation or is it spend reduction?

We understand that many organisations adopt an AWS cloud-based infrastructure to achieve flexibility and efficiency, whilst cutting costs, with the ability to scale up or down rapidly. But few, if any of these outcomes will be achieved without effective cloud cost optimisation.

The issue for many organisations is that once they rely on AWS to deliver what they need, their focus will typically shift back to innovation, growth and performance. Costs are not often apparent throughout an organisation, so one team may start using an AWS service, without appreciating the full cost of that decision.

The team might miss part of the cost, with data transfer a common element forgotten about and often the only way customers become aware of what can be a significant cost increase, is when the monthly bill arrives.

Cost optimisation, or spend reduction as we prefer to refer to it, is a continual process of refinement and improvement over a workload’s lifecycle. It’s important to build and operate cost-aware workloads that achieve the business outcomes you need, whilst minimising your monthly AWS spend.
It sounds counterintuitive, but AWS want relationships that deliver long term mutually beneficial outcomes that allow you to maximize your return on investment, not for you to be surprised by a few unexpectedly high monthly bills that ruin your experience.

To ensure you are paying the minimum monthly bill, whilst achieving the performance you need, there are five design principles to consider, when trying to achieve the optimal cost for the AWS Cloud you need.

The importance of Cloud Financial Management

Cost optimisation is not all about cutting costs. What AWS is aiming for is a balance between technology and finance, so one does not take precedence at the expense of the other. Spending has to be tied to effective outcomes that drive performance across the organisation, with decision makers aware of the costs involved.

According to AWS, this balancing of the equation is best addressed through Cloud Financial Management (CFM), which is an important part of the cost optimisation pillar and the best way of becoming a more cost-efficient organisation.

Once an organisation is more efficient and balancing technology against finance, the benefits will be widely recognised internally and undoubtedly drive innovation and growth thanks to the ability to build faster and scale more easily.

There are a number of services to help organisations manage Cloud costs, but often it is easier to turn to a trusted AWS partner, such as CirrusHQ, that has years of experience using Cost Explorer, AWS Budgets, AWS Cost and Usage Report (CUR), Reserved Instances Recommendation and Reporting and EC2 Rightsizing Recommendations.

Whether we evaluate and implement your cloud financial management practices for you, or you choose to undertake the work yourself, cost savings are within reach and you will realise increased business value through better resilience, improved productivity and greater agility.

Adopting a consumption model

It sounds obvious, but paying only for the computing resources you consume, whilst increasing or decreasing usage as your business needs change, is guaranteed to optimise your monthly spend. If your development or test environments are only being used infrequently throughout the week, halt these resources when not being utilised for a significant potential cost saving.

Measuring overall efficiency

You have to measure the business output of your workloads and accurately record the costs associated with their delivery. It is this information that will highlight the gains realised by increasing output, increasing functionality and reducing costs.

Make your Cloud simple

To achieve continued success, you must focus on improving your business and delivering a better service to your customers, rather than expending any more valuable time and effort on further developing your own IT infrastructure.
You can let AWS handle all the necessary data centre operations and choose a managed service provider, such as CirrusHQ, to look after your operating systems and applications. This approach ensures you achieve the simplified Cloud you need to support your activities and allows you to concentrate on your core activities, whether it’s providing legal advice, distance learning or manufacturing automotive components.

Understanding and owning costs

A well-architected Cloud makes it easier for you to understand your costs associated with different usage of workloads. Once you know which areas of your business own which costs, you can measure more accurately your return on investment for each one. You also have the numbers to ensure your workload owners work hard to optimise both their resources and their costs.
Tracking resources over their lifecycle will allow you to identify those that are no longer being used, or no longer have an owner, which ensures you can safely decommission workload resources that are no longer required, such as resources used for testing.

A trusted AWS partner

In this article we have looked at the number one benefit derived from a well-architected review (WAR), a reduction in spend. In the coming days we’ll look at the second and third most common benefits, an increase in application performance and a reduction in security risks.

And finally, consider just how good it would be to reduce your monthly AWS spend with a Well-Architected Review from an Amazon Web Services (AWS) Advanced Consulting and Solution Provider partner, such as CirrusHQ, that has delivered more than a hundred such reviews for clients just like you. Ready to talk?