Modernization of your AWS based SaaS platform

Modernization of
your AWS based
SaaS platform
AWS New York | Official Meetup
New York, New York, US
July 25th, 2024
Patrick Hannah
CTO
CloudHesive

The future, my friend, is products

Where you may have started
Small team
Building an app
To get customers
Now you have customers
And those customers have unstated, but expected, expectations
Customers are not always the ones paying for the service

What are those expectations?
It’s easier to build SaaS on AWS than it was 5 or even 10 years ago, and while many reference
architectures are based on net-new development, how can you retrofit these capabilities into your
existing platform?
In addition to that, how do you balance development of new feature/functionality with addressing risk and
technical debt, while also presenting a viable product for further investment and the diligence that comes
with it.
A big part of that is the evolution of security frameworks within an organization, typically working
backwards from customer demand, growing to a sprawl of policies, procedures, and technical controls.
In this presentation, we will review some of the low hanging fruit that many platforms can take advantage
of on AWS, through the lens of Well Architected, using real-life customer examples.
We will also explore some of the SaaS friendly AWS programs such as the Marketplace, Vendor Insights,
Foundational Technical Review and APN.
We will round out the discussion with an overview of FinOps practices, including cost allocation and unit
economics, as well as some of the recent trends observed in the SaaS space.

You’re going through transformation
Bimodal is the practice of managing two separate but coherent styles of
work: one focused on predictability; the other on exploration.
Mode 1 is optimized for areas that are more predictable and well-understood. It
focuses on exploiting what is known, while renovating the legacy environment into a
state that is fit for a digital world.
Mode 2 is exploratory, experimenting to solve new problems and optimized for areas
of uncertainty. These initiatives often begin with a hypothesis that is tested and
adapted during a process involving short iterations, potentially adopting a minimum
viable product (MVP) approach.
Both modes are essential to create substantial value and drive significant
organizational change, and neither is static. Marrying a more predictable
evolution of products and technologies (Mode 1) with the new and
innovative (Mode 2) is the essence of an enterprise bimodal capability. Both
play an essential role in the digital transformation.

CloudHesive’s SaaS Evolution
2014
Company Founded
AWS Partnership -
Consulting/Resale
2015
Contract Development
CloudPoxee - Orchestrator
2016
SOC 2 Type 2 - Schellman
AWS Program - MSP
2017
CloudPoxee - Workspaces
2018
In-House Development
Centricity - Connect
Connect - Mediabox
2019
AWS Tier - Premier
AWS Competency - DevOps
AWS Program - ATO
AWS Program - Well
Architected
SOC 2 Type 2 ConnectPath

CloudHesive’s SaaS Evolution
2020
FTR - Centricity
Marketplace -
ConnectPath
AWS Competency - SaaS
Consulting
AWS Program -
Immersion Days
2021
Series A - Strattam
PCI – A-LIGN
AWS SCA
AWS Competency -
MSSP
AWS Competency -
Migration
2022
Acquisition - Dextr
Marketplace Insights
FTR - ConnectPath
2023
Dextr Rebrand to
ConnectPath
Acquisition – Eplexity
AWS Program – Service
Ready
SOC 2 Type 2 for
ConnectPath

Value Optimization – Building a Cloud and Product Business
Approaches
Cost Optimization
Portfolio Management
Cloud Workload Lifecycle Management
Governance, Risk, Compliance (or the cost of lacking it)
Next Generation Managed Services Philosophy of Continuous Improvement
People (Skilling), Processes, Technology and Measures – CCOE
Sustainability
Outcomes
Organizational Value Creation
Customer Value Creation
Partner Value Creation
Investor Value Creation

Considerations
Product/Development
Responsiveness
Accuracy
Allocation
Security and Compliance
Libraries
Infrastructure
Code
Intellectual Property
Events
Vendors, Licenses, SaaS, Software, NF Systems (DevOps), People Backgrounds, Training, Phishing – Corporate and App
Infrastructure
Availability
Performance – Sync
Performance – Async
Customer
Trials
Conversions
Attrition
Growth
NPS
Financial
Budget to Plan
Margin
Vendors, Licenses, SaaS, Software, NF Systems (DevOps), People Backgrounds, Training, Phishing People – Corporate and App

Measures
KPIs
Tiering
Portfolio Health
Customer Specific
Resource Specific
Corhorting
Geo Customers and Teams
Line of Business Customers and Teams
Vendor Management
Customer Margin
Non Customer Margin/Utilization
Actions
ROI Proving
Churn Detection
Continuous Improvement/Optimization Pipeline

Perspectives
How you operate as a corporate entity
How you enable your portfolio for success
How you operate your portfolio
How you approach diligence of prospect additions to your
portfolio

Sets of Challenges
Infosec
Sprawl (Contracts, Software, Licenses, Services, Hardware), Auth, Unique
Risks/Threats
Data
Generative AI
Machine to Machine
Platforming
Compute is a commodity
Containerization as a default
Serverless as a way forward
Stack consolidation (Stackolidation)

Broad Impact
Financial – Waste
Security/Compliance – Breaches
Operational – Employee, User and Customer Sentiment
Vendors – Integration
Vendor Relationship Management
Vendor Administration
User Integration

Generalized Approach
Policy
Adoption of Policy
Vendor Management Platform Integration
SSO Integration
Non-Privileged
Privileged
Service Management Integration
Audit (ongoing)
Cost Allocation

Hardware Specific Approach
Service Management
Requests
CMDB
RMM
Team
Deploys
Returns
Finance Integration
Depreciation
Vendor Management
Inventory
Support
Renewals

Security Frameworks
SOC ½ Type ½
PCI DSS
FedRAMP / CMMC
HIPAA / HITRUST

Information Security
Information
Risks
Policies
Procedures
Controls
Assessment/Audit/Testing
People
Onboarding, Offboarding, Change
Permissions: Privileged Access, Business Need
Credentials: Strength and Factors
Training
Background
Phishing
Vendors
Software/Services

What’s do customers often miss?
Ingress Security Group
Egress Security Group (Internet)
Security Groups to/from other Services (AWS and On Premises)
Security of the Environment
Security of supporting servers (Active Directory)
Security of other network-accessible resources (Web Servers)
User Permissions (Non-Local Admin, Local Admin, Global Admin)
Access of the environment (PKI Cert, PKI PIV, Network, MFA)
The rest of the AWS Account? The rest of the AWS Account! (Services,
APIs)

What could go wrong?
Ingress Security Group
Egress Security Group (Internet)
Security Groups to/from other Services (AWS and On Premises)
Security of the Environment
Security of supporting servers (Active Directory)
Security of other network-accessible resources (Web Servers)
User Permissions (Non-Local Admin, Local Admin, Global Admin)
Access of the environment (PKI Cert, PKI PIV, Network, MFA)
The rest of the AWS Account? The rest of the AWS Account! (Services,
APIs)

Revenue to Usage to Cost Attribution
Revenue
Hierarchy of Needs
Usage
Typically tied to revenue if you are offering a SaaS based product
Cost Attribution
Labor
Capitalized
Software
Opex vs. Capex
Services
Third Party
Okayish
AWS
With serverless (or well managed servers) margin should be linear, or better with scale of usage
Optimization at Scale
Savings Plans

Common Opportunities
Unused Resources (All the time/some of the time)
Oversized Resources (Undersized Resources)
Inappropriate Resources (EC2 versus Fargate)
Discounting Schemes

Priority Funnel
Inappropriate Resources (EC2 versus Fargate)
Rightsizing (Compute Optimizer/CloudWatch Memory) – EC2 Unused/Underused
EC2-Other (EBS Unused, Underused)
Trusted Advisor (EBS Unused)
Egress
Well Architected Pillars
Savings Plans (Compute)
Reserved Instances (RDS, ElastiCache)
Discount/Other Commitment Schemes

Available Discounting Schemes
Enterprise Agreement – Customer
Customer
Enterprise Agreement – Service
Org - CloudFront
Service Tiering
Org
Savings Plans
EC2, Lambda, Fargate
Reserved Instances
EC2, RDS, Elasticache

Sustainability in Technology
Industry Goals
AWS Goals – Water Positive 2030, 100% Renewable Energy 2025
Partner Impact – 1 of 13 domains in MSP Audit focus on sustainability
Industry Impact – 1 of 6 pillars in Well Architected Framework focus on sustainability
Customer Impact – Proactive (planning) and reactive (actual consumption) visibility into a workload’s Carbon Footprint
Organizational Goals
Our Goals – Influence and impact our customers through leadership
Our Unique Position
Cross section of customers
Influenced Impact
Direct Impact
Sustainability in technology starts with optimization (cost, performance, etc.) – it doesn’t end there
Defining operational parameters – how “fast” does ”it” need to be?
Service selection (which can be influenced by/influences cost optimization objectives) – running 24 hours a day
servicing work-day application

Marketing, Sales, Finance Driven
Customer Onboarding Process
Partner Onboarding Process
Partner Customer Onboarding Process
Flag End Customer as Partner Customer
Tiering
Consider Entitlements, Features, Quotas, Quota Behavior, Metering,
Billing

Transacting
Measures
Agents: Total Defined, Peak Logged In, Average Logged In per Role, per Minute x Bundle Rate
Minutes/Conversations/Messages: Total, Peak, Average per Channel, per Minute x Bundle Rate
Support: Hours/Fixed/Package
Consulting: Hours/Fixed/Package
Tiers of the Above
Terms
On Demand
Committed Usage
Committed Length
Payments
Up Front
Pre-Paid
Post-Paid
Drawdown
Billing
Invoice
ACH Autopay
Credit Card Autopay

Transacting
Discounting/Markup
Commitment to Term
Commitment to Usage
Bundled Services (multiple Measures, Tiers, Roles)
Direct/Partner
Agreement Type
Click Through
Marketplace
General
Collections/Non Payment/Termination
Overages? Quotas? Quota Enforcement?
Integration
Reporting
Integration

Transacting
Partner
Custom URL
Static Content Bundles (e.g. Logo, Branding)
Feature Suppression (e.g. Support)
Custom Support Portal
Integrated Billing
Cost, Usage, NPS Analytics
Agreement Content
We will create resources in your AWS Account
These resources will provide us systemic access
These resources will also provide us interactive access for support
These resources have these permissions
These resources will cost you
The user you signed up with is considered a fully permissioned user
Your sign up implies you are authorized in your organization
You may add additional users

Marketplace
Listing
Subscription
Metering

The many ways to run software
Bare Metal
Not AWS
EC2
Virtual
EC2
Container
EC2
ECS
EKS
Fargate
Serverless
Lambda

Service Categories
Analytics
Application Integration
AR & VR
AWS Cost Management
Blockchain
Business Applications
Compute
Customer Engagement
Database
Developer Tools
End User Computing
Game Tech
Internet of Things
Machine Learning
Management & Governance
Media Services
Migration & Transfer
Mobile
Networking & Content Delivery
Quantum Technologies
Robotics
Satellite
Security, Identity, & Compliance
Storage

Cloud Workload Lifecycle Management
Workload
Architecture
Monitoring
Automation
Processes
Integration

Workload + Architecture Drives Service Selection
Containers
Container File
Versioning
Multi-threaded/Single-task
Minutes to Days
Per VM/Per Hour
Virtual Machines
AMI
Patching
Multi-threaded/Multi-task
Hours to Months
Per VM/Per Hour
Functions/Services
Code
Versioning
Single-threaded/Single-task
Microseconds to Seconds
Per Memory/Second/Per Request

Automation + Processes Drives Lifecycle Management Selection
Organizations
Cross-Account Asset Management + Governance
Control Tower
Account vending/default standardization
Service Catalog
Workload platform vending/default standardization
CloudFormation
IaC
Ephemeral Compute + API Managed Data/Control Plane for
Persistence Tiers
Hands off/Lights out

Processes
Patching
Backup/Restore Testing
Failover Testing (AZ)
Credential Rotation/Credential Audit
Event Response Testing
Incident Response Testing
Performance Testing
Performance/Cost Review
Vulnerability/Penetration Testing

Customer Example - Architecture
Notable percentage of Managed Services incidents could have been
avoided through up-front architecture
~9 EC2 instances (NGINX, Front End, Back End, Database) = 4
hours/instance/month in caring for/feeding is 108,000.00 USD/Year @ 250.00
USD/Hour
That’s customer cost, what about opportunity cost?
Opportunity for tremendous customer value (customer saves 108,00.00
USD/Year) and provides us an opportunity to be more strategic with our partner
(moving up the stack)
What can we do? None of the above systems need to be servers
Increases the customers we can touch without a direct correlation to headcount

Customer Example - Monitoring
Previous Example entails hundreds of monitorable events and
metrics, with a composite required to understand state
Interesting events feed into event driven automation
Eliminate the instances and changes focus monitoring on
customer outcomes
Increasing the scope of automated data collection eliminates manual
checking but introduces complex correlation engines (people), which
Outcome based monitoring minimizes the need for/increases positive
customer sentiment

Customer Example - Automation
Previous example also has numerous automation touch points
(AWS Services, Operating System, Services, etc.)
A move to serverless drops this number to practically none
Automation skills shifted to development automation
Provides a consistent experience intra and inter customer, and again
increases the value of our impact to our customers without a direct tie to
headcount

Well Architected Framework
Pillars
Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization
Sustainability
Lenses
SaaS

It wouldn’t be a presentation in 2024 if I didn’t mention Generative AI
Small PoC/PoT/Pilot of Q for Developers in 6 weeks
Expanded PoC/PoT/Pilot of Q for Developers in 12 weeks
Small PoC/PoT/Pilot of Q for Business in 6 weeks
Expanded PoC/PoT/Pilot of Q for Business in 12 weeks
Launching Q for Connect for our internal Contact Center in 6
weeks

Conclusion
AWS continues to increase the breadth and depth of their service
offerings
I wish it did that
I didn’t know I needed that
It’s easier to get started today than it was yesterday
Simplicity
Support
Cost
Conclusion
Consider sustainability when choosing an approach – Maslow’s Hammer
Don’t forget about team enablement
Limited by your imagination and ability to execute

Modernization of your AWS based SaaS platform

More Related Content

Similar to Modernization of your AWS based SaaS platform

More from CloudHesive

Recently uploaded

Modernization of your AWS based SaaS platform