The Challenge
Cornell is among the premier private universities in the U.S. Since its founding in 1865 the university has offered students a diverse educational experience. In recent years, as a forward-thinking institution, Cornell has been embracing the benefits of shifting from on-premises data centers into the cloud.
However, the various initiatives and accounts soon became hard to manage. Cornell decided to get help consolidating all of its 65 individual Amazon Web Services (AWS) accounts under one university account to improve governance and manage costs. The university’s top priorities were to manage its AWS services as efficiently as possible, support cost allocation and invoicing, and ensure compliance with regulations such as the Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA) and others.
“Although we could see each sub-account’s usage, those views weren’t available to sub-accounts themselves, so they were limited in their ability to manage and optimize their own usage of AWS services,” says Sarah Christen, assistant director of community platforms and cloudification services at Cornell University. “We also needed a way to bill each sub-account for the services it consumed.”
The Solution
After reviewing solutions from several companies, the Cornell team selected CloudCheckr to manage its usage of the AWS Cloud. CloudCheckr, now from Spot by NetApp, is fine-tuned to help customers maximize the value of their AWS investment, mitigate security risks, and maintain regulatory compliance. CloudCheckr specializes in transforming public cloud data into actionable intelligence, tracking billing, resource inventory, services, configurations, logs, permissions and change data.
CloudCheckr was uniquely prepared to help Cornell solve its challenges and reach a higher level of effectiveness, as a member of the AWS Partner Network (APN), AWS Public Sector Partner Program, and an APN Advanced Technology Partner, AWS Government Competency Partner and AWS Security Competency Partner.
“The reality is that the cloud is new, and relatively few users have had time to develop expertise in the cloud,” says Steve Hall, vice president of marketing at CloudCheckr. “Our goal is to provide the software to help customers use the cloud like experts, even if they aren’t yet.”
CloudCheckr’s customers include about 40 percent of all APN Premier Consulting Partners and more than 175 AWS authorized resellers. The platform uses a cross-account role in AWS Identity and Access Management (IAM) to collect data across AWS services and make optimization and security recommendations. Users can rely on preset alerts and actions, or set their own rules to clean up security groups, fix buckets, or other actions.
“We started out focused on helping public cloud users meet compliance requirements, but we discovered there was a lot of demand for cost management capabilities for the cloud,” says Aaron Klein, co-founder and chief operating officer at CloudCheckr. “We’ve built deep functionality in both areas so we can enable our customers to automate the parts of the cloud that can be automated, optimize their usage and security, and harness the agility of the cloud.”
Users can access the CloudCheckr Cost and Security Management platform through the AWS Marketplace, as a subscription web service, or as a self-hosted version.
The Benefits
With the help of CloudCheckr, Cornell is better able to understand and contain its cloud-related costs.
“Before, we didn’t have a good way to allocate costs for specific cloud services to the colleges, departments, or other users who were benefitting from them,” says Christen. “Now, with CloudCheckr, we can easily see who is using which resource and invoice them appropriately.”
Through the CloudCheckr platform’s intuitive web portal, the Cornell IT department has comprehensive visibility into its cloud environment around the world, including billing details, resource inventory, services, configurations, logs, permissions, and changes – and can control how this information is exposed to sub-account users.
The CloudCheckr platform automatically analyzes the university’s inventory and usage of AWS services, performs more than 450 compliance checks, and produces recommendations that Cornell can use to optimize expenditures, security and performance.
Cornell is also planning to deepen and extend its use of CloudCheckr’s security features.
“At first we were mainly interested in the platform’s cost-management features, but we became really excited about how much CloudCheckr can help with security, too,” says Christen. She points out that CloudCheckr was able to help Cornell identify vulnerabilities during a malware attack that targeted a specific operating system. “Through the CloudCheckr dashboard, we were easily able to see anyone who was running an affected server in the cloud and remind them to apply the patch.”
Christen considers the CloudCheckr platform to be key to the university’s cloudification strategy.
“We want everyone to benefit from the agility, flexibility and lower cost of AWS services, but of course some people are reluctant to leave their familiar on-premises data centers,” she explains. “By offering total visibility and valuable recommendations, CloudCheckr helps people feel even more comfortable stepping into the AWS Cloud.”
Cornell is among the premier private universities in the U.S. Since its founding in 1865 the university has offered students a diverse educational experience. In recent years, as a forward-thinking institution, Cornell has been embracing the benefits of shifting from on-premises data centers into the cloud.