Decisely Controls Costs, Manages Growth
with Cloud Managed Services

Business Challenge

Decisely is a benefits brokerage and HR services firm specializing in integrated technology solutions for small business. The company provides turnkey solutions from recruitment to retirement for brokers, franchises, and associations.

Decisely operates multiple workloads supporting these business function in AWS cloud infrastructure. The company originally contacted Lightstream to discuss financial optimization to keep costs in check as the company’s AWS environment grows.

Although Decisely had a relatively low monthly spend (<$10,000/month), its IT staff was concerned about potential future overspending in the RDS and EC2 environments.


 Lightstream proposed Cloud Managed Services (CMS) for AWS, a flexible pay-as-you-grow service that offers tools, training, expert advice, and support for both AWS and Microsoft Azure infrastructure.  CMS encompasses optimization across security, financial, technology, and operations management functions of the cloud environment. CMS customer can choose from three service tiers to address their specific needs:

      • Platinum: Build – Adds a certified Lightstream cloud engineer to a client’s workforce.
      • Gold: Advise – Lightstream reviews the client’s environment and advises its staff on an ongoing basis.
      • Silver: Enable – Lightstream equips clients with state-of-the-art tools, training and periodic reviews.

Decisely opted for the Gold tier to address its cost concerns. CMS’s Lightstream Connect provides visibility on how AWS resources are allocated and offers a consolidated view on orders, service inventory, and usage and provides comprehensive analytics across all aspects of the environment.

Lightstream compiled analytics from Lightstream Connect to assess Decisely’s Reserved Instance (RI) contracting to determine the most optimized RI contracting decisions.  The results were immediate:  Decisley benefitted from a 38% cost reduction for EC2 and a 32% cost reduction for RDS.

Based on this success, the company began working with Lightstream’s certified cloud engineer on an ongoing basis for monitoring, analysis, and targeted advice on AWS security, finance, technology and operations management.  Using advanced tools from CloudCheckr, the Lightstream engineer identifies gaps in security, compliance, and configuration, then analyzes and presents the data into prioritized actions plans based on best practices to optimize the environment using industry leading technologies.

Summary of Results:

      • Compliance
        • Improved compliance by 26% across 35 standards, including PCI, DDS, HIPAA, NIST 800-53, NIST SP 800-171, SOC2 and more
      • Cloud log intelligence
        • Created procedures to review VPC flow logs with SNS notification
      • Configuration and changes
        • Implemented and aligned AWS accounts to best practices
        • Implemented AWS Config to assess, audit, and evaluate AWS resource configuration
        • Implemented AWS CloudTrail to track user activity and API usage
      • User permissions
        • Eliminated root account use in favor of least-privilege security model
        • Implemented multi-factor authentication
        • Eliminated direct user permissions in favor of role-based access control model
      • Cloud perimeter
        • Verified and mitigated S3 bucket public-access management
        • Audited and remediated structure of security groups containing potentially dangerous ports or rules
        • Eliminated waste VPCs, ACLs and Security Groups 

Business Outcomes

Thanks to Lightstream’s Managed Services, Decisely has accelerated the security and optimization of its cloud infrastructure in only a couple of months. The company now has access to a team of highly trained and certified cloud and security experts, has eliminated the need to hire additional staff, and benefits from the OPEX advantage that managed services provides.

Working with Lightstream, Decisely has identified and remediated several key security vulnerabilities, technically optimized applications, improved compliance, and cut more than one-third of cloud infrastructure costs. More important, Lightstream has helped Decisely align its cloud infrastructure to support its aggressive growth plans into the future.

What the Customer Had to Say

“In only a few months, Lightstream helped us identify and remediate several security vulnerabilities, improve compliance by 26%, technically rightsize applications and cut our cloud spend by 35%.”

– Richard Mann, chief product officer, Decisley


Regional Energy Company Improves Business Agility Through Cloud-Based Technology

Business Challenge

A regional energy company that provides electric and natural gas service to homes and businesses sought to increase business agility through migration to cloud-based technology. This required moving the public-facing website and deploying SAP HANA on the back-end all within the cloud environment.


With security of utmost concern for its cloud and database environments, the customer purchased Palo Alto VM-Series Firewalls and Palo Alto Panorama Management Console. Because the customer did not have the internal expertise required to integrate AWS, Palo Alto Network’s Security Operating Platform, and an advanced network topology, the company engaged Lightstream to architect the cloud network, deploy the security controls in AWS, and integrate the entire solution.

Lightstream designed a secure ingress transit VPC (Virtual Private Cloud) architecture to support the deployment. The transit VPC connects multiple geographically dispersed VPCs and remote networks effectively to create a global-network transit routing gateway. This helps simplify and automate network management and minimizes the number of connections required to interconnect all VPCs and remote networks.

Lightstream then used AWS VPC Endpoint Services (PrivateLink) to connect the remote VPCs.  Identity and Access Management (IAM) SSO was used to restrict staff access to AWS based on roles. AWS CloudFormation templates were developed to quickly and reliably provision the services and applications.

Because the customer is regulated by the U.S. energy industry standard NERC (North American Reliability Corporation), Lightstream engineers completed NERC certification to deliver a regulatory-compliant solution to the customer.

Business Outcomes

The move to AWS will provide the customer with a more agile, flexible, and scalable infrastructure to support its business. SAP HANA will have limitless storage and compute power to store and retrieve data for applications, and the public-facing website will require less hands-on time from the customer’s IT staff to host and manage.

Thanks to Lightstream and Palo Alto Networks, the level of security protection maintained by the customer on-premise will now be extended to the cloud.

Why Lightstream

As an AWS Advanced Consulting Partner, Lightstream helps organizations address, design and managing AWS cloud migration and security plans. Our team of experts provide a full portfolio of services ranging from AWS Analytics to AWS Cloud Optimization and Containment Services, AWS Consolidated Billing Services, AWS Chatbot Solutions, AWS Direct Connect, and AWS CloudFront.

North American Entertainment Company Securely Refactors Applications on AWS

Business Challenge

A North American entertainment company is the largest entertainment-budget management and payroll company in the region, operating several locations across the U.S. and Canada. The customer needed to refactor its applications in the cloud to contain costs and improve elasticity.


An internal-IT resource shortage hindered the customer’s application modernization effort. Lightstream had work previously with the customer on cloud optimization and containment services for AWS and had demonstrated strong knowledge of the environment. As a result, the customer engaged Lightstream to assist with the project and provide staff augmentation services.

Lightstream first architected a security methodology and framework for the customer’s DevOp’s environment. This included public-cloud environment isolation, threat detection, identity management, malware protection, encryption, availability, change management, vulnerability, and monitoring.

Lightstream also augmented the customer’s IT team with specialized engineering staff to lead the effort, creating a monitoring strategy for the customer’s AWS applications and writing needed backup and restore scripts to ensure business continuity.

Lightstream implemented AWS Auto Scaling to monitor applications and automatically adjust capacity to maintain consistent performance levels. AWS Elasticache was used to seamlessly add in an in-memory layer to the infrastructure.

AWS CloudWatch and CloudTrail were used to monitor and manage the applications by providing greater visibility across the distributed stack. Lightstream implemented AWS CloudTrail and AWS Config to simplify security analysis, resource change, tracking, and troubleshooting.

The Lightstream engineering staff finally moved the newly refactored applications into production and provided additional software development expertise to complete the project.

Business Outcomes

Lightstream enabled the customer to complete the architecture and deployment of the cloud-based solution in a matter of weeks instead of several months.

The customer’s application modernization effort reduces future systems development cost, integrates workflows more effectively, and enable cross-application code usability — all at lower cost and with increased service availability and quality.

AWS services help automate and provide greater visibility to keep the customer’s applications and data secure.

Why Lightstream

As an APN Advanced Consulting Partner, Lightstream supports organizations in addressing, designing, and managing AWS cloud migration and security plans. Our team of experts provide a full portfolio of services ranging from AWS Analytics to AWS Cloud Optimization and Containment Services, AWS Consolidated Billing Services, AWS Chatbot Solutions, AWS Direct Connect, and AWS CloudFront.

A Global Travel Company Increases Security and Availability of Its E-Commerce Platform on AWS

Business Challenge

A global travel company’s e-commerce platform is supported by one of the industry’s largest AWS IaaS deployments. The customer needed to improve security and availability of the platform in a cost-effective manner.


The customer purchased a Palo Alto Networks Enterprise License Agreement (ELA) to recognize greater cost savings for its security investment. However, the standard design templates would not support the expected throughput.

Palo Alto engaged Lightstream to architect a custom design to achieve the necessary throughput. Lightstream successfully architected, deployed, and demonstrated the Palo Alto VM-300 Firewall solution, providing the customer confidence to move forward with a large-scale VM-Series ELA deployment.

Lightstream also deployed additional security controls into the environment by designing a Palo Alto Networks health check using AWS Lambda. AWS Lambda Is a serverless compute service that runs code in response to events and automatically manages the underlying compute resource.

The goal was to continuously check if the customer’s outbound traffic was egressing the primary Palo Alto firewall, and if not, to update the network routing to ensure that the traffic was sent to the backup firewall.

Lightstream first created two “Lambda functions” to automatically run the code that checked appropriate network routing to the primary and secondary firewalls. Lambda functions are “stateless” with no affinity to the underlying

infrastructure so that they can rapidly launch and scale to the rate of incoming events. The Lambda functions were further secured with AWS Identity and Access Management (IAM) to control user authentication and access by the customer’s IT staff.

Lightstream also configured AWS CloudWatch, a monitoring service for AWS cloud resources and applications running on AWS. CloudWatch is utilized for continuous monitoring of the Lambda functions.

CloudWatch metrics were used to create a user-friendly dashboard for improved visibility and reporting.

Business Outcomes

Because Lightstream was able to resolve the throughput limitations that enabled the customer to proceed with the deployment, the company recognized considerable savings through its ELA.

The fully integrated Palo Alto VM-300 firewalls, AWS Lambda, and AWS CloudWatch solution provide continuous security health-check monitoring and remediation to increase security and availability of the customer’s e-commerce platform

The solution’s dashboard offers easy-to-use metrics, visibility, and reporting that simplifies the customer’s IT security protocol.

Why Lightstream

As an APN Advanced Consulting Partner, Lightstream helps organizations address, design, and managing AWS cloud migration and security plans. Our team of experts provide a full portfolio of services ranging from AWS Analytics to AWS Cloud Optimization and Containment Services, AWS Consolidated Billing Services, AWS Chatbot Solutions, AWS Direct Connect, and AWS CloudFront.