OVERVIEW

Consulting solutions firm Burns & McDonnell may be well over a century old, but its adoption of cloud infrastructure for both customer and internal use cases shows that it is focused on the future. The firm has been using Amazon Web Services (AWS) since the early 2010s. But by 2019, it wanted better visibility into its cloud practices to tighten security and identify cost savings through more efficient use of AWS services.

Burns & McDonnell turned to the AWS Well-Architected Framework, which helps organizations review the state of their workloads and compare them to the latest AWS architectural best practices. To better use this framework, Burns & McDonnell worked alongside AWS Advanced Technology Partner Trend Micro, which provides security services for organizations that are building in the cloud. By using Trend Micro Cloud One – Conformity (Conformity), Burns & McDonnell obtained a full report containing cloud security recommendations and opportunities for cost efficiency in just 20 minutes. Conformity is an AWS Well-Architected Partner Solution that uses AWS Well-Architected APIs to automate much of the risk discovery process when a company runs an infrastructure review. By using Conformity and adopting the AWS Well-Architected Framework, Burns & McDonnell has seen significant benefits, including a 50 percent reduction in mean time to resolution using the database to remediate cloud service misconfigurations. It has also reduced costs by 30 percent year over year.

THE SOLUTION

Flipping the Old-School Information Technology Mentality on Its Head

Founded in 1898 and 100 percent owned by employees, Burns & McDonnell is an engineering, architecture, construction, environmental, and consulting solutions firm based in Kansas City, Missouri. Its 1898 & Co. subdivision builds and implements digital solutions for customers, often using AWS. In 2019, the newly formed 1898 & Co. recruited Jason Cradit as principal cloud architect to enhance its cloud architecture following his AWS re:Invent 2019 presentation on how older businesses can use the cloud to differentiate and build products.

Cradit’s job was to maximize the agility and performance benefits that Burns & McDonnell could gain from using cloud services. “We were already using the cloud, but we wanted to improve our governance framework around it,” Cradit says. “We were treating cloud and AWS services like on-premises servers and networks, controlling access and using some highly regimented processes. I wanted to flip that on its head.” Cradit believed that using the AWS Well-Architected Framework and Conformity together would enable Burns & McDonnell to gain visibility into security risks and inefficiencies within the cloud environment and perform better by filling those gaps. In addition, he hoped it would free employees to innovate without the fear of committing security breaches or creating cost inefficiencies.

Reducing Costs and Mean Time to Resolution

When Cradit signed Burns & McDonnell up for a Conformity trial, he received a full report with cloud security recommendations and opportunities for cost efficiency in just 20 minutes, rather than waiting days for the results. To generate data-rich reports, Conformity scans an organization’s cloud infrastructure and scores it against approximately 800 best practices, including the design principles outlined in the AWS Well-Architected Framework. This approach enables customers to evaluate their architecture based on the AWS Well-Architected Framework’s pillars of operational excellence, security, reliability, performance efficiency, and cost optimization. Conformity rapidly sorts the results according to the risk level of each misconfiguration.

Every recommendation in the report links to Conformity’s knowledge base, which describes how to remediate it using the AWS Management Console—a web interface where users can manage their AWS accounts—or command line interface. Conformity customers also get frequent updates on new configuration checks within the application and new cloud services best practices.

Burns & McDonnell immediately used the visibility and contextual insights Conformity produced. “We saved about 30 percent of our overall AWS bill in the first week by taking action,” says Cradit. “We drastically reduced waste by identifying whether any instances were overprovisioned.” By using Conformity to better adhere to the AWS Well-Architected Framework, Burns & McDonnell has reduced its AWS bill by 30 percent year over year. In addition, it’s seen a 50 percent reduction in mean time to resolution when using Conformity’s knowledge base and step-by-step guides to implement recommendations.

Using the AWS Well-Architected Framework and Conformity in tandem has given Burns & McDonnell freedom to innovate and gain new customers by saving time and money. “When we save money, we can spend it elsewhere and explore new things. That helped us win a large utility contract because we were able to reuse our funds to help that customer,” says Cradit. “Likewise, by building efficiencies into our practice, we have more time to explore. We don’t have to worry about micromanaging our infrastructure because we’ve delegated that to Conformity.” In addition, Cradit says sharing Burns & McDonnell’s cloud assessment reports with customers provides transparency into its cloud environment, giving customers peace of mind. Using Conformity also helps Burns & McDonnell comply with many regulatory requirements, such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards that energy and utility customers must adhere to.

Developers at Burns & McDonnell have more freedom to innovate because of the guardrails Conformity provides. The application has also been useful for training purposes. “The daily active user count has gone up,” says Cradit. “More people can build without the worry of a data breach or similar fears. For people who don’t have a lot of experience, it provides a great educational mechanism because when you want to resolve an issue, it walks you through the step-by-step procedure to get you there. One team member just passed the AWS Certified Solutions Architect – Associate test, and he attributes a lot of that to using Conformity.”

Achieving More through Enhanced Visibility

Looking toward the future, Burns & McDonnell plans to further embrace cloud computing by architecting a cloud center of excellence. “In the last year, we’ve used AWS to determine how to build data warehouses more efficiently or ingest Internet of Things data and the like,” says Cradit. Burns & McDonnell also wants to help its energy and utility customers achieve more sustainable solutions by using AWS services for efficient, agile performance.

After experiencing the cost-saving and security-enhancing results of using the AWS Well-Architected Framework and Conformity together, Cradit recommends the solution to any business seeking better visibility into its cloud infrastructure. “By using the design principles of the AWS Well-Architected Framework that Conformity automates, you’re going to save money,” he says. “No matter how good you are, this solution will show you that you can do more.”