Customer Stories / Financial Services / United States
How Clearwater Analytics Can Manage 200% More Resources Using AWS Cloud Governance Services
Learn how Clearwater Analytics in fintech created efficient technology operations using AWS Cloud Governance services.
Gained ability
to manage 200% more resources
3 days saved
of engineering effort
2 hours versus 2 weeks
to spin up AWS accounts
Decentralized permissions
so developers can iterate quickly
Supports self-service
through integrations with workflow systems
Overview
When Clearwater Analytics (Clearwater)—a leading provider of software-as-a-service-based investment accounting, reporting, and analytics solutions—migrated to Amazon Web Services (AWS) to support rapid growth, establishing clear and consistent governance policies was paramount. On AWS, the business sought to scale globally and improve the reliability of its infrastructure with policies that would support developer productivity in a secure cloud environment by using AWS Cloud Governance services, a group of services that companies use to establish cloud governance across their AWS estate.
Clearwater simplified multi-account governance using AWS Organizations, which companies use to create and manage new AWS accounts at no additional charge. Using AWS services, the company can now readily configure security features. With more nimble and efficient technology operations on AWS, Clearwater can handle 200 percent more resources, meaning that it can accelerate innovation for customers and scale to match its global business growth.
Opportunity | Using AWS Cloud Governance Services to Support Security, Innovation, and Growth for Clearwater
Founded in 2004, Clearwater aggregates, reconciles, and reports on more than 6.4 trillion dollars in assets with its software-as-a-service investment accounting solution. The company has seen growth since it started, and in 2021, it went public with an IPO.
Because Clearwater is an investment accounting firm, its peak traffic corresponds to monthly, quarterly, and annual fiscal reporting patterns. As it grew, Clearwater invested in hardware so that its infrastructure—which includes 3 data centers and thousands of virtual servers—could handle those cyclical spikes. However, spinning up resources to deploy a new feature or update required months of planning to procure equipment. This was exacerbated by additional supply chain issues.
By migrating to AWS in 2023, Clearwater achieved the ability to scale up and down as needed and increased reliability. The company takes advantage of AWS Cloud Governance services. These services include AWS Organizations and AWS Control Tower. AWS Control Tower orchestrates multiple AWS services on the company’s behalf while maintaining its security and compliance needs. Clearwater used these AWS Cloud Governance services to establish a strong governance foundation, implement service control policies, and decentralize access permissions to support developer productivity and innovation. “AWS provides controls for autonomy in development,” says Ryan Gewondjan, cloud engineer at Clearwater. “With service control policies, developers can operate independently with minimal supervision.”
The control elements of AWS Cloud Governance services have provided a safety net for our developers to train on this technology, migrate workloads, and develop new ones on AWS.”
Darrel Cherry
Distinguished Engineer, Clearwater Analytics
Solution | Managing up to 200% More Resources Using AWS
Clearwater used several AWS services to put foundational security and governance controls in place. The process took 10 months and was an iterative process with the company adding more features over time. “Our team of engineers was lean,” says Gewondjan. “Using AWS, we could use the built-in features, such as Cloudformation Stacksets and service control policies, which was a huge benefit.”
Clearwater uses AWS CloudFormation to speed up cloud provisioning with infrastructure as code. It uses AWS CloudFormation StackSets to create, update, and delete stacks across multiple accounts and AWS Regions with a single operation. Configurations are automatically provisioned for new accounts without a need to modify existing code. “We can simply add, remove, or update AWS CloudFormation StackSets to extend provisioning of accounts,” says Gewondjan. “We can update baseline infrastructure across our accounts with a single localized configuration change.”
Clearwater built a sandbox architecture on AWS, meaning its developers can experiment freely and quickly. Also, to efficiently spin up new AWS accounts for upcoming applications, the company developed custom automation that runs on AWS Lambda—a serverless, event-driven compute service—and AWS Control Tower. Now, developers can access AWS resources in 5 minutes in a sandbox environment, and it takes 2 hours instead of 2 weeks to spin up an AWS account set for projects.
The company relies heavily on AWS Organizations to segregate accounts in ways that promote flexibility and security. It also uses AWS Resource Access Manager (AWS RAM)—which is built to simply and securely share AWS resources across multiple accounts—to support communication between its production accounts.
The company operates under a model of federated access. Using AWS Identity and Access Management (AWS IAM), Clearwater can specify who or what can access services and resources in AWS, centrally manage fine-grained permissions, and analyze access to refine permissions across AWS. The company uses AWS IAM Identity Center to securely create or connect its workforce identities and manage access centrally across its more than 350 AWS accounts and 450 applications.
Using AWS Organizations, AWS Control Tower, and AWS CloudFormation, Clearwater can manage up to 200 percent more resources than it could on premises. It also supports its multi-account strategy and self-service approach through integrations with workflow systems. “Our AWS architecture allows us to migrate toward a decentralized DevOps model,” says Gewondjan. “Providing the right level of permissions to decentralized teams eliminates unnecessary bottlenecks, and they can make changes rapidly and autonomously.”
Clearwater used the preventive controls on AWS from the start to save 3 days of engineering effort per week, avoiding time loss resulting from tracing and fixing noncompliant resources. “The control elements of AWS Cloud Governance services have provided a safety net for our developers to train on this technology, migrate workloads, and develop new ones on AWS,” says Darrel Cherry, distinguished engineer at Clearwater.
Outcome | Planning for Global Expansion on AWS
Now that Clearwater has gone public, it is looking to scale across geographic regions by focusing on portfolio expansion in Europe. Clearwater is also considering generative artificial intelligence for its products using additional AWS services—all this while keeping security at the forefront of its solutions.
By using AWS for its infrastructure in the United States and beyond, Clearwater can repurpose its engineering from infrastructure to solutions. “We’re in the business of building fintech solutions, not infrastructure,” says Cherry. “Being on AWS removes the undifferentiated heavy lifting so that we can focus on business value and develop new innovative solutions for our customers.”
About Clearwater Analytics LLC
Clearwater Analytics is a leading provider of software-as-a-service-based investment accounting, reporting, and analytics solutions, reporting on more than 6.4 trillion dollars in assets daily.
AWS Services Used
AWS Control Tower
Use AWS Control Tower to set up and operate your multi-account AWS environment with prescriptive controls designed to accelerate your cloud journey.
AWS Organizations
AWS Organizations lets you create new AWS accounts at no additional charge. With accounts in an organization, you can easily allocate resources, group accounts, and apply governance policies to accounts or groups.
AWS IAM
With AWS Identity and Access Management (AWS IAM), you can specify who or what can access services and resources in AWS, centrally manage fine-grained permissions, and analyze access to refine permissions across AWS.
AWS CloudFormation
AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.
More Financial Services Customer Stories
Get Started
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.