Resource
EstateSpace Partners With Mission To Secure And Enhance AWS Infrastructure For Customer Demand
Executive Summary
To prepare for a large, expected spike in online client activity, EstateSpace needed to enhance the security and performance of its Amazon Web Services (AWS) environment while streamlining DevOps processes and enhancing monitoring and observability. For a comprehensive solution to this challenge, EstateSpace turned to Mission, which designed a multi-cluster kubernetes architecture, managed through infrastructure-as-code (IaC), under Mission’s Cloud Elevate service. These enhancements not only reduced deployment times, but added significant cost savings as well. Mission also provides its Mission Cloud One service to monitor the performance and availability of the AWS environment and Mission Cloud Foundation to enable ongoing cost optimization of compute resources. With Mission serving as an ongoing cloud partner, EstateSpace now has a team of AWS experts they can turn to in order to adhere to cloud best practices. The company has established a foundation for its estate management platform to support thousands of clients and members. In addition, Mission implemented the necessary processes to streamline platform improvements, so EstateSpace developers can now focus on feature functionality rather than deployment and operational toil. During the Mission engagement, EstateSpace lowered monthly AWS spend by 60% and achieved 98% compliance with the Center for Internet Security(CIS) AWS benchmarks. This adds a level of security to the AWS environment that helps market the company’s ability to protect sensitive client information while also helping meet the criteria for compliance with SOC 2 and ISO 27001 requirements.
“By partnering with Mission, we now have access to the AWS knowledge base that's required for us to keep up with cloud best practices. We also have a foundation for our platform to support thousands of clients and the building blocks to facilitate platform improvements. We know what we want, and Mission helps engineer how to get there from a DevOps and infrastructure perspective."
Jonathan Fishbeck
Founder and CEO
The Challenge
As EstateSpace planned to evolve its estate management platform into an online full-service platform for thousands of clients, the senior leadership team knew this was also time to expand the company’s cloud capabilities. This included gaining a deeper understanding of all the rapidly-moving parts of the company’s Amazon Web Services (AWS) cloud infrastructure platform. EstateSpace needed to ensure the infrastructure supporting the platform could scale to handle the anticipated workload spike.
“It would be cost-prohibitive for us as a start-up to hire enough resources with the necessary expertise to solve this challenge,” says Jonathan Fishbeck, Founder and CEO of EstateSpace. “We would quickly be looking at a seven-figure payroll.”
A specific capability EstateSpace needed to acquire was a streamlined DevOps process. Fishbeck wants the company’s software developers to focus on platform features—not the deployment of code and managing the secure cloud infrastructure.
“Ensuring the security of the sensitive client data we store is top priority,” Fishbeck adds. “Clients must trust that we keep their information protected and make it accessible only to those they authorize.”
At the time, EstateSpace was working with an IT partner to assist with the management of the AWS environment. While this partner provided expertise in application containerization, which is key to streamlining application deployments, Fishbeck wanted more.
“We needed a partner who could handle all of our cloud needs and advise on the AWS best practices to implement,” says Fishbeck. “With a partner who could design an optimal and secure infrastructure, implement a DevOps process, and then manage and monitor the environment, we could turn our entire focus to enhancing our platform.”
Why AWS?
EstateSpace had chosen to deploy its estate management platform in the cloud after determining that implementing and managing an on-site data center would not be practical from a cost and resource perspective. After narrowing the cloud platform choice down to AWS and the Google Cloud Platform, EstateSpace chose AWS.
“AWS offers more detailed documentation and information on how to use their environment,” says Chris Weicht, Senior Systems Architect and Head of Engineering for EstateSpace. “The AWS environment is also best for ensuring the performance of our platform based on studies we analyzed.”
Adds Fishbeck, “From the business perspective, AWS has the most to offer for security and other services. They are the leader in cloud innovation, which enables us to advance faster and further with our business, and ultimately support our long-term corporate goals.”
Why Mission?
When it became apparent that EstateSpace needed a partner who could enhance and manage their AWS environment, Fishbeck and Weicht turned to their software development partner, Cantina, who highly recommended Mission. “We have had great success with our software development partner, and they knew us well enough to know what we are looking for,” Fishbeck says. “Choosing Mission was an easy decision.”
Mission provides the entire range of expertise that EstateSpace requires—from security to cloud infrastructure design and management, DevOps, and incident response. “Another key was the Mission culture,” Fishbeck points out. “Their approach to solving client challenges is similar to ours, and Mission is the type of company we can build a long-term relationship with.”
“Our relationship with Mission during this project was great from day one. They conducted weekly calls where we could talk directly with engineers about the progress of their work. They also gave us access through Slack so that in between meetings, we could get our questions answered right away.”
Jonathan Fishbeck
Founder and CEO
Strategy and Solution
In December 2020, Mission migrated the EstateSpace platform from Kubernetes clusters running on Amazon Elastic Compute Cloud (EC2) VMs to Amazon’s managed Elastic Kubernetes Service (EKS) clusters, to reduce management overhead. Mission changed the way the application handles sensitive configuration items, seamlessly integrating with AWS Secrets Manager to automate configuration updates. Mission also redesigned and enhanced much of the Kubernetes environment, including the issuing and management of SSL certificates, tuning cluster resource allocation and autoscaling, and tightening cluster security.
“One of our major requirements was closing the gap between developing code in our GitHub repositories and then deploying in AWS,” Weicht says. “Mission stepped up big time with their managed DevOps process and deployment pipeline, which they implemented as part of this solution.”
To increase the security posture of the cloud environment, Mission updated user password policies and implemented AWS Identity and Access Management (IAM) best practices as well as AWS Security Hub and Guard Duty. From there, Mission re-architected several infrastructure components—including Amazon Virtual Private Cloud (VPC) and networking layers, Simple Storage Service (S3), AWS Config, and AWS CloudTrail, among others. Mission also used AWS Lambda to automate user login tracking and to handle DNS record failovers for the Redis database clusters that EstateSpace uses.
Other key attributes of the AWS enhancements include adopting Terraform infrastructure as code and redesigning the Amazon ElastiCache clusters. Additionally, with the Mission Cloud One offering, EstateSpace benefits from performance monitoring and operational support. This includes an integration with New Relic, which provides visibility into the Kubernetes clusters and workloads so Mission can quickly troubleshoot any container issues.
Results and Benefits
In addition to rearchitecting and managing the AWS environment, Mission provides cost-optimization insights through the Mission Cloud Foundation service. This includes analyzing development, feature, demo, and production environments to see which compute resources could be optimized, and to shut down resources when not in use. Mission also implemented automation to automatically spin up idle compute resources when needed.
“With Mission’s input, we reduced our monthly spend by 60%,” Weicht says. “And with the savings, we can consider adding on new AWS features to further enhance the performance of our platform across multiple environments.”
The infrastructure as code and containerization attributes of the AWS environment within the DevOps process Mission implemented are also key benefits for EstateSpace. “Our development process is based on GitHub triggers and code commits,” Weicht explains. “We now have a process where developers can focus on code changes rather than worrying about the deployment and operational aspects. Development progresses more easily since we don't have to create manual scripts and processes, and we don't have much downtime as the updates are deployed.”
With EstateSpace serving ultra-high net worth clients whose estate information is sensitive, the containerized application infrastructure adds a level of security that helps market the company’s value proposition. “The way we built our platform on an AWS environment designed by Mission helps us market our services,” says Fishbeck. “It's easier to articulate to clients just how secure the environment is, and in our marketplace, security is everything.”
The enhanced security measures Mission built into the AWS environment also enabled EstateSpace to achieve 98% compliance with security benchmarks established by the Center for Internet Security. This in turn helped meet the criteria for SOC 2 Type One, and with the heavy lifting for that process now complete, EstateSpace can streamline the process for compliance with SOC 2 Type 2, HIPAA, ISO 27001 and PCI DSS.
Next Steps
Looking ahead, EstateSpace plans to continue collaborating with Mission given how well the skillsets of the two teams complement each other. “With Mission on board, we are free to work on feature development instead of spending time on DevOps,” says Weicht. “We trust that Mission understands our architecture, and when issues arise, they know what to check and always notify us immediately.”
“We pushed to get the AWS infrastructure under Mission’s control so we could have a single source for monitoring our environment. We can sleep better knowing that Mission is keeping close tabs on things that are happening. They provide us with a higher level of security and monitoring of our environment 24/7 so we can focus on our front-end and back-end applications.”
Jonathan Fishbeck
Founder and CEO
AWS Services
- Amazon Elastic Kubernetes Service (EKS)
- AWS Secrets Manager
- AWS Identity and Access Management (IAM)
- AWS Security Hub
- Amazon Elastic Compute Cloud (EC2)
- Amazon Simple Storage Service (S3)
- AWS Config
- AWS CloudTrail
- AWS Lambda
- Amazon ElastiCache
- Amazon Elastic Block Store (Amazon EBS)
- Amazon Virtual Private Cloud
- AWS Network Address Translation Gateway
- AWS Internet Gateway
- Amazon Lightsail
- Amazon GuardDuty
- AWS Key Management Service (KMS)
- Amazon Elastic Container Registry
Third-Party Integrations
- Kubernetes
- Helm
- MongoDB Atlas
- New Relic
- Terraform
- Firebase Authentication
- Firebase Cloud Messaging
- GetStream