Resource   |   Compliance

Leaf Group Manages AWS Resources Across Brands with CloudCheckr

How an Information Security team uses CloudCheckr to drive operational efficiency and greater security


Download PDF
A 25% decrease in monthly S3 costs using cost management features within CloudCheckr CMx
Better security monitoring to enforce stricter access policies across departments
Easily manage AWS Secure Sockets Layer (SSL) Certificates and compliance checks


With a set of diverse online brands, such as Society6, Well+Good, and, Leaf Group must balance cloud computing costs with the need for greater security and compliance monitoring. CloudCheckr enables Leaf Group to aggregate data across Amazon Web Services (AWS) accounts, gaining a single-pane view of essential cloud usage information.

As part of a complex organization spread out across the globe, the Information Security team at Leaf Group needed a tool that would help them reduce costs, perform security and compliance checks, and provide useful insights into their AWS accounts. Leaf Group’s Information Security team uses CloudCheckr to zero in on puzzling cost issues, monitor compliance and security controls, and experience greater ease of use in managing their AWS environments.


About Leaf Group

Based in Santa Monica, CA, and with offices all over the world, Leaf Group Ltd. is a diversified consumer internet company that builds enduring, creator-driven brands that reach passionate audiences in large and growing lifestyle categories, including fitness and wellness (Well+Good, Livestrong. com and MyPlate App), and home, art and design (Saatchi Art, Society6 and Hunker). By creating platforms that reach passionate audiences, Leaf Group enables advertisers to find innovative ways to engage with customers within various lifestyle segments.


Challenges for a Small Team

Mikhael Felker, Vice President of Information Security at Leaf Group, says that his department is tasked with maintaining regulatory compliance and managing technical risk mitigation across the business. His team operates a hybrid IT infrastructure made up of both on-premise assets and AWS, the latter being vital for marketplace brands like Society6.

The Information Security team is responsible for managing the security of AWS across Leaf Group’s many accounts. They also need visibility into the environment without risking changing any crucial settings.

“When you have to go in and look at one account at a time, it’s this overwhelming task. Whereas with CloudCheckr, it’s a very simple, clear way to get the information that I want.”


Kevin Kang, Information Security Engineer, Leaf Group

Solving a Cost Management Mystery

Leaf Group has been leveraging CloudCheckr’s robust cloud management platform for about five years, predating Felker and team. Yet they began working closely with CloudCheckr about a year ago, when a colleague approached Information Security Engineer Kevin Kang about a cost issue for Society6. Prior to August 2019, the S3 costs for the site were often much higher than expected.

Kang used CloudCheckr to identify problems with the company’s object lifecycle management policy. This helped him find the solution, which was to change storage types. The result: decrease in cost by about 25% year over year.

Those costs have held steady, even with increases in traffic. “One important thing to note is that Society6 has seen a significant increase in traffic compared to last year,” Kang says. “Under the old S3 policy, our costs would likely have increased accordingly. However, the cost has remained remarkably steady throughout 2020.”

When asked why he chose CloudCheckr over the tools in AWS, the decision for Kang was simple. He and his colleagues are specialists in Information Security, but not necessarily in AWS. They needed a single-pane view into the data they needed without having to learn all of the specifics of the vast AWS environment.

“This data is all available in AWS, and you can access it using their native tools, but it’s so complicated and requires you to already know these things when you set it up,” Kang says.


Gaining a Better User Experience

Ease of use is also a factor in the Information Security team’s decision to integrate CloudCheckr in their daily operations. Walter Carbajal, Jr. Security Engineer, handles AWS certificate management and has found that CloudCheckr makes the data simple to access and understand.

“CloudCheckr has been a great asset for me to drill down on certain things. The UI is much easier to use than AWS,” Carbajal says. “Since we have so many accounts, sometimes it’s hard to track down where the certificates are and whether they’re expired or not, so CloudCheckr aggregates these different certificates for all these accounts into one place, to identify any that are expired or misconfigured.”

Having access to the data all in one place helps Carbajal improve time management. Checking back and forth between different accounts and regions takes quite a bit of time and expertise. CloudCheckr saves him from having to check different accounts and regions to find a single piece of information.

“Using CloudCheckr, everything is there in one aggregated account, and even regions,” Carbajal says. “It definitely saves a lot of time when we’re trying to look for something.”


Identifying Security Improvements Across Teams

The ease of use in CloudCheckr has also made it easier for Leaf Group’s Information Security personnel to shore up their cloud security and ensure compliance with standards for selling on AWS Marketplace. According to Felker, CloudCheckr has helped them monitor and address these issues and ensure the right security controls are in place.

For Kang, CloudCheckr’s security features better enable him to log and monitor day-to- day events, such as email alerts.

“We were able to identify some developer teams that had access to a privileged access key that they shouldn’t have had. It was a legacy, hand-me-down thing where it wasn’t tracked properly,” Kang explains. “Because CloudCheckr alerted us to these security events, we were able to launch our own investigation into ‘Where is this coming from? Who is using this?’ and identify the root cause of that issue. We were able to leverage CloudCheckr to start enforcing some stricter policies on the teams.”

By bringing awareness to the organization about these policies, Information Security has been able to get buy-in across departments. Now they can also enforce Multi-Factor Authentication across functions.

These measures serve the overall cloud security strategy on their team and ensure the integrity and security of all of Leaf Group’s brands. Felker says that CloudCheckr will help his team address high-value tactical items in their security strategy, such as reviewing cloud security controls and meeting third-party compliance standards.


Streamline Your Portfolio with CloudCheckr

CloudCheckr CMx is built to support the most complex organizational structures and achieve significant cost savings while ensuring the highest level of public cloud security and compliance.

Through CloudCheckr’s cloud management solutions, Leaf Group has been able to reduce costs, identify security vulnerabilities, and increase efficiency across their diverse portfolio of brands.

Ready to drive greater operational efficiency within your portfolio of brands?

Start your free trial of CloudCheckr CMx today.