Best Friends Animal Society is a leading national animal welfare organization. The nonprofit runs the largest no-kill sanctuary for companion animals in the United States as well as life-saving partnerships with nearly 3,000 animal welfare groups and shelters across North America.
With regional centers around the country and a vast network of animal welfare partnerships, Best Friends uses Amazon Web Services (AWS) to store, access, analyze, and report on data for hundreds of thousands of homeless pets and the organization’s internal applications. The Information Technology teams manage their public cloud environment with help from CloudCheckr, which enables them to identify cost savings, mitigate security vulnerabilities, and troubleshoot complex, cross-cloud account policy issues.
Finding Thousands of Dollars in AWS Cost Savings
When Lead Cloud Architect Brent Bain joined Best Friends Animal Society in 2015, the organization was new to the cloud. They had chosen to host their website on AWS and ran a single veterinarian application on the public cloud platform as well. Bain’s role, alongside two direct reports in the systems team and the organization’s security engineer, was to examine the overall information architecture and prepare to migrate to the cloud.
What started out as two AWS accounts quickly turned into 18 total. For Best Friends, AWS powers everything from internal applications to data lakes, which give the organization visualization, reporting, and analytics capabilities. The information is vital in their mission to support animal welfare. Through AWS, the nonprofit is innovating with machine learning to find lost pets, transport animals to safety after natural disasters, and help more animals find their forever homes.
In the spring of 2020, Best Friends Animal Society had to find ways to save money—a problem organizations across industries faced amid a global pandemic. Bain and his colleagues were tasked with reducing IT expenditures by 10%. They started by looking at cloud costs. “We dove into CloudCheckr to understand where our cloud spend was and what we could adjust to impact that spend,” Bain says.
“Not only did I cut 10% off our budget but I ended up hitting closer to a 30% cut on our AWS spend, and that was directly related to being able to go into CloudCheckr and drilling into the different reports in the billing area.”
Bain says that CloudCheckr CMx showed Elastic Compute Cloud (EC2) instances for one account were overprovisioned. Features like CloudCheckr “Glacier Summary” and “Glacier Total Possible Cost Savings” Best Practice Check led to the discovery that a single S3 Glacier bucket cost around $4,000 to $5,000 per month and was storing backups dating back to 2016. With this insight from CloudCheckr, Bain changed storage types and brought the account’s monthly costs down to around $800.
The nonprofit’s overall cloud computing costs dropped by nearly $20,000 per month on average. The majority of monthly savings can be credited to CloudCheckr’s cost management tools, though Bain says some projects were also postponed due to shifting priorities for the organization. In addition to cutting costs around storage, CloudCheckr helped Bain and his colleagues right-size instance sizes, evaluate which compute resources could be powered off overnight or on the weekends, and make changes to the cloud network layers.
Bain notes that the tagging features in CloudCheckr CMx are especially useful for generating accurate cost reports. “Without the granular view CloudCheckr provided us, we would not have understood where the expenses were coming from,” he says.
Following Security Best Practices
Security is an important part of any organization’s cloud IT strategy. But for Best Friends, with their AWS accounts serving so many distinct purposes, teams handling cloud security need up-to-the-minute alerts to mitigate security vulnerabilities.
In one situation, Bain says, a developer had accidentally made a storage bucket for website images public which was not caught for several days. Fortunately, no critical data breaches occurred, and just one image was overwritten in error. But Bain knew that, if left unresolved, the issue could lead to an incident with greater consequences. To troubleshoot the problem, he looked at the security features in CloudCheckr and set an alert to notify his team when public resources are changed. Since then, the alert has triggered a couple of times when a developer didn’t realize they put a public resource policy on those assets, notifying Bain and team to make an immediate fix.
The alerts provide a “huge relief from a security perspective,” says Bain, giving him and his colleagues more confidence in their day-to-day work. For developers, the easy-to-manage security settings in CloudCheckr CMx give them more freedom and confidence to create public resources themselves rather than having to rely on systems personnel to do that work for them.