4 Nov
Online Document SaaS Service
30+ Employees
Delaware, USA
BoloSign offers a range of business tools designed to enhance productivity and streamline online document-related processes for small businesses. Their primary offering is their eSignature tool. Bolosign runs its web, android, and iOS apps with a backend hosted on AWS to serve its customers.
Every day,1000’s businesses use Bolosign tools to manage their eSignature needs. Founded in 2023, Bolosign serves customers across 180 countries.
Services Used
Cygnius Optimize – Boost Your Bottom Line
Cygnius Shield – Your Peace of Mind Security
Key Results
- Elimination of 100+ critical & high-severity security risks across their AWS infrastructure.
- 51% reduction in AWS Cloud Bills.
"“ Cygnius team delivered outstanding results for BoloSign. We achieved a significant 51% reduction in our monthly AWS Bill and brought our infra in compliance with AWS Well-Architected Security pillar, AWS FTR, and SOC 2 compliance. With their guidance, our security incident response time dramatically dropped from over 3 hours to just 30 minutes.”"
Chirag Gupta
Chief Technical Officer, Bolosign
Challenges
Bolosign’s cloud infrastructure cost was increasing non-linearly with the growth in customer base, especially with certain new features planned to be released in 2024. They were convinced that their workload should not cost this much, and their in-house team was busy with other business-critical tasks focussed on revenue generation. As a technology startup, non-linear growth in AWS infrastructure costs would eat into their bottom line leading to a cash crunch down the line.
Like all enterprises that deal with customer data, Bolosign focuses heavily on cybersecurity for online services. The company wanted to adopt a proactive and preventive cybersecurity strategy to maintain customer trust. “Responsible & Secure operations are one of our top priorities, and we place the utmost importance on security throughout our business processes,” says Paresh Deshmukh, co-founder & CEO at Bolosign. As their AWS infrastructure grew across AWS accounts and developers spun up new resources, Bolosign found it challenging to effectively deploy and maintain security agents. They sought to enhance their security capabilities to effectively defend their platform and customer data from external & internal threats. For example, the company wanted to automate the detection of insecure endpoints such as open API gateways or insecure S3 bucket configurations.
They contacted Cygnius Consulting seeking help to reduce their AWS Cost to the maximum extent and secure their AWS infrastructure against all kinds of internal and external cyber-attacks.
Analysis
To reduce their AWS costs, Cygnius AWS experts carried out the following analysis before we came up with cost-cutting recommendations for them:
We analyzed the AWS Cost and Usage Reports (CUR) for the past 3 months and have created a spreadsheet of charges for each of the AWS services used in their account.- We analyzed their utilization, usage pattern & configuration of provisioned AWS Open Search Indexing & Search Compute Units.
- We analyzed the CPU usage, Memory utilization, instance type, and usage pattern of all the AWS EC2 instances across multiple AWS regions.
- We analyzed their already purchased Reserved instances & Savings Plans.
To deploy a proactive & preventive approach to security for Bolosign and automate the detection & prevention of security risks, we deployed our “InfoSec Team as a Service” cloud security product – LogGuardia in Bolosign’s multiple AWS accounts. LogGuardia scans all the AWS resources (EC2 machine, EBS drives, VPC Security groups, S3 buckets, CloudWatch Log groups, etc.) across their multiple AWS accounts and centrally publishes all the security risks (along with related information) in their master AWS account’s Security Hub.
Solution
To reduce the recurring AWS monthly bill, we generated a list of recommendations on the following themes:
- Moving their EC2 workloads to correctly sized instances in the latest t4g instance family (best suited according to CPU & Memory patterns) with a significantly higher cost-to-performance ratio.
- Correcting the Saving Plan configuration to ensure discounts on > 90% of their EC2 usage.
- Correcting the configuration and capacity of provisioned AWS Open Search Indexing & Search Compute Units.
- We automated the start & stop lifecycle events of EC2 machines used by their employees during the daytime so that the EC2 machine can be turned off for more than 12 hours in a day.
Our LogGuardia product follows a 3-step approach toward complete AWS Security:
(Imagine Bolosign’s multi-account AWS infrastructure as their house and we need to defend it)
- In this step, Cygnius’ team of AWS experts helped Bolosign’s team resolve all the issues identified & published by LogGuardia in the master AWS account’s Security Hub. You can imagine we built a really tall wall around the house to defend against any outsider attack. We also implement all the best security practices, e.g.:
a. CloudTrail setup with the correct set of data events.
b. Individual IAM user for each dev/user with the principle of least privilege.
c. Setting up secure S3 bucket policies.
d. Setting up secure VPC network configurations and much more. - The second step is about maintaining this newly achieved compliance. As the dev team continues to make changes and release new features, it has to be done in a secure & compliant fashion (basically do not open up security holes in the really tall wall). This continued compliance is achieved by a 24×7 infrastructure scanning agent (external watchdog) which scans their AWS infrastructure and reports any new security risk in their master AWS account’s security hub, email, and Slack.
- LogGuardia also contains an Intruder detection agent which continuously scans all the AWS API calls in Bolosign’s AWS account and raises alerts over email/Slack if there is any suspicious activity detected in any of the AWS accounts like opening a new SSH port to the public in VPC Security group, changes in S3 bucket policies, etc.
All of these security measures automatically cover any new systems/services/resources that Bolosign deploys in any of their AWS accounts as their architecture evolves and traffic grows to give them absolute peace of mind from the reinforced, always-on InfoSec Team on their side.
Final Outcome
Bolosign came to Cygnius Consulting in Oct 2024 and their AWS charge for Oct 2024 billing cycle was $1486. With our recommendations implemented by early Nov ’24, their Nov 2024’s AWS Bill amount was brought down to $720 which is approximately ~51.5% reduction.
LogGuardia provides Bolosign with the required deeper insight into its security posture across a multi-account environment. With the agentless solution, the Bolosign team saves time manually maintaining agents and can instead focus on new projects.
With LogGuardia in place, Bolosign tech leadership achieved its goal of giving developers more autonomy to innovate & build in the cloud and ensure it stayed secure with the single pane of glass across all cloud environments monitoring the changes as they’re made.
LogGuardia’s Intruder Detection system gives their team peace of mind, ensuring they are alerted whenever sensitive operations are executed in their AWS account.
LogGuardia integration into AWS Security Hub gives its CTO a complete overview of its entire IT infrastructure, so it can easily review vulnerabilities and address them quickly as it grows. “I can double-click on a vulnerability to see how critical the exposure is, where is the problem, when did it start, and how to fix it. Then, when I give it to the owners, they already have the complete required context to hit the ground running,” says Chirag Gupta, CTO at Bolosign.
Business Impact
With these cost savings measures implemented, Bolosign was able to unlock cash flows of approx. USD 45,000 over the course of the next 3 years which they will be investing into growth activities like hiring, marketing, and sales activities.
Bolosign team has a single pane of glass view of security risks of all severity levels across all their AWS accounts. This helps them prioritize risks for resolution and ensure the remediation steps are shared with the proper owners so they can take action to secure their infrastructure.
We at Cygnius Consulting have more than 12 years of experience in architecting & maintaining complex AWS infrastructures. Our founding team consists of AWS & Amazon veterans who have built some of the AWS services that you use today, numerous BigData platforms, and 3000+ TPS high scale web-services in various Amazon teams. We are also an AWS partner and we have the required qualifications to manage the AWS environment for our clients efficiently as per AWS’s standard operating procedure. If you need to save your AWS cost or secure your AWS infrastructure for compliance & peace of mind, you can contact us.
"“With Cygnius team on our side, I feel confident about our cloud security. They also unlocked a lot of cash flow for us to invest in growth activities.”"
Paresh Deshmukh
Founder & Ceo, Bolosign
