Businesses today are laser-focused on cybersecurity: whether it’s protecting customer data, IP, maintaining the availability of systems, or simply keeping themselves out of the headlines. This is why what Shape Security does is so important - they help mitigate attacks on websites to identify whether traffic is human or bot, and whether it can be harmful. Their customers include Wells Fargo, jetBlue, Loblaws, and Starbucks — companies that rely on a website or mobile app for their lifeblood.
Shape Security provides security solutions through one of two options: 1) a physical appliance that can live on premises in their customer’s data center or 2) can be managed by Shape Security. All the telemetry information from these appliances is captured and processed in Amazon Web Services (AWS).
Andy Mayhew, Senior Director of Infrastructure Engineering, plays a critical role at Shape Security. He is tasked with making sure the infrastructure — and, by extension, the business itself — operates effectively. This includes ensuring their cloud environment is efficient and optimized, so the team can focus resources on what’s most important: defending their customers against attacks.
Shape Security's use cases for Google Cloud Platform:
- Google Kubernetes Engine
Shape Security's challenges with cloud
From its inception, Shape Security has had a hybrid data center and public cloud infrastructure leveraging the benefits that AWS had to offer. After four years on AWS, Shape Security decided to evolve its cloud strategy and take a multicloud approach. The company had been experiencing strong growth globally and was beginning to take on some unique customer use cases that required expansion beyond AWS. Their internal analysis concluded Google Cloud Platform (GCP) provided a solution that met Shape Security’s needs around big data and data analytics, while improving efficiencies on an operational level and maximizing resources.
Finding a solution
Andy chose to use GCP for use cases like Kubernetes management, Google Kubernetes Engine, Dataflow, PubSub, Dataproc, and BigQuery. He says that re-architecting data services drove them toward using Dataflow, Dataproc, and BigQuery from GCP.
Shape Security leverages BigQuery in atypical ways by using both the known quotas in GCP and the behind-the-scene quotas. During data processing, Shape Security also does anomaly detection, which requires time and a lot of processing power. Doing this at the desired scale (2000+ queries per second) led to throughput issues and Andy had to work closely with the GCP team to meet their computing needs.
Shape Security’s need to re-architect their appliance for containers and microservices led them to use Kubernetes and Google Kubernetes Engine. Additionally, because GCP has points of presence globally, it was an easy choice for Shape Security’s global support needs. GCP’s maturity around analytics and big data helped round out the deal.
Finally, Shape Security leveraged CloudHealth to gain visibility and multicloud management capabilities across their environment. Known for enabling companies to easily manage costs, improve governance, automate actions and ensure security compliance, CloudHealth was already a proven and effective platform. Shape Security had been using CloudHealth for its AWS environment. Andy required granular, reliable information to help make him make the right decisions, justify growing costs, and drive transparent team communication — all made possible with CloudHealth.
One of the key benefits of GCP was simplified user management and billing. Because Shape Security was already using G-suite, giving developers and other users access to GCP was very simple and secure. Andy was also impressed with how easy it was to reconcile bills in GCP. Being able to segment bills by folder or project streamlined the process, enabling Shape Security to be more efficient with customers. “Now we can be more fine-grained to an individual project or team member,” mentioned Andy.
Further, CloudHealth has given Shape Security the visibility needed to optimize its multicloud environment on several different levels. “CloudHealth has been instrumental for us in supporting use cases for moving a workload from AWS to GCP and vice-versa,” said Andy . “We can make apple-to-apple comparisons between AWS and GCP in the same platform and that helps us understand which way we should go and avoid zombie infrastructure,” Andy added.
With CloudHealth, Shape Security can extend reporting access to developers and project managers who want to see resource consumption. Previously, public cloud report access was only given to small teams to be more secure and in control. Through the CloudHealth Cost Summary Report, Andy has gained visibility into resource usage and patterns. It helps him report back to the Google team and decide if they should be paying lump sums or opt for the pay-as-you-go model, resulting in lower Total Cost of Ownership in general.
With the CloudHealth Cost History Report, Andy has been able to convince and influence the executives and showcase the actual GCP benefits. Further, the cost history report helps Andy capture the trending data for resource spend and identify that spend across product categories, users, and projects.
Lessons learned during Shape Security's hybrid cloud journey
Not every cloud is made the same. Since Shape Security has used data centers for a long time, that infrastructure has been well defined and is easy to manage and maintain. However, with AWS, Shape Security needed to build robust toolsets and processes to gain the maximum benefits from the platform and had to spend a lot of time learning about networking and architecture among many other things. When Andy started with GCP, he had to relearn all of those things again because not all public clouds are created the same. Everything from networking to security and user account management is different and mapping one to the other wasn’t easy. Andy suggests that companies start cautiously on their cloud journey and test the waters before jumping in.
Decide where workloads should live should be based on technology and use cases. The maturity of the toolset for automation, the security control, and audit logs should help decide where your workloads should reside. For example, Andy leveraged AWS S3 for all his object storage because of the audit trails robustness in AWS compared to GCP. Make decisions based on individual use cases instead of opting to use one cloud by default.