Case Studies
How Ridgeline Enhanced (And Saved Money) on Their Cloud Security with CloudQuery
Ridgeline is the industry cloud platform for investment management. They are building an AI-enabled platform in the public cloud specifically designed for the investment management industry. However, as Ridgeline expanded, they faced challenges with infrastructure management, cost control, and cloud resource visibility. CloudQuery provided the solution, offering point-in-time snapshots, cost savings, and enhanced control over their cloud environment.
The Solution #
Ridgeline built a solution using CloudQuery to streamline and automate their multi-account cloud compliance checks, and improve visibility into its cloud environment. They integrated CloudQuery into their existing CI/CD workflow with GitHub Actions, enabling them to verify their cloud data’s compliance every time they update their codebase. This ensures that their cloud infrastructure remains compliant with internal policies and external regulations with each deployment or update, helping them maintain security and operational efficiency without manual intervention.
Key benefits included:
- Automated data collection from multiple accounts through CloudQuery.
- Efficient data processing via Glue Crawlers, automating data transformation.
- Scalability across large infrastructures, enabling easier management of cloud environments with CloudQuery deployed using ECS to sync any size workload.
- Cost management and resource optimization by reducing overhead and improving efficiency.
- Simplified cloud asset management, improving operational workflows and supporting infrastructure planning.
Technical Implementation #
Let’s get into the details of Ridgelines’s automated multi-account cloud inventory solution. Ridgeline uses GitHub Actions and Terraform for infrastructure management, leveraging AWS Step Functions to list all accounts and launch containers per account. CloudQuery runs in ECS, reducing management overhead and providing a robust infrastructure monitoring and compliance framework.
Their solution starts by generating a scan ID and retrieving cloud accounts with CloudQuery, and then it checks for additional accounts. CloudQuery plays a central role in listing and orchestrating Elastic Container Service (ECS) tasks that collect cloud asset data from each AWS account. After tasks are complete, CloudQuery integrates with AWS Glue Crawlers to process and transform the collected data. The workflow monitors task and crawler statuses, ensuring efficient, automated asset inventory management across multiple cloud accounts, with built-in error handling and retries for resilience.
CloudQuery’s plugin based architecture is designed to easily integrate with existing data stacks, making it simple for teams like Ridgeline to build custom cloud syncing solutions without overhauling their existing workflows. CloudQuery is run as a single binary executable, which allowed Ridgeline to incorporate CloudQuery directly into their GitHub Actions and Terraform pipelines, enabling cloud data synchronization and analysis across their entire cloud environment with their existing DevOps workflows.
Account Management and Scanning #
Ridgeline employs AWS Step Functions to enumerate all their AWS accounts. A container is launched for each account, which performs a detailed scan and writes the scan ID to the latest and ledger databases. This ensures that every part of the AWS dataset is noticed, providing comprehensive and reliable data for all their use cases.
Data Processing and Storage #
CloudQuery writes the collected data to Amazon Athena, allowing Ridgeline to perform complex queries and generate insights as needed. This integration gives them a powerful tool to analyze trends, detect misconfigurations, and maintain an accurate view of their infrastructure.
The Result #
CloudQuery transformed Ridgeline’s infrastructure management, providing unparalleled visibility and control.
Cost Savings
In these two charts below, you can see a clear comparison between the cost trends of Ridgeline’s cloud asset inventory operations before and after switching to CloudQuery. The first chart represents the daily expenses while using a competitive cloud asset management tool, where costs fluctuated significantly, with spikes exceeding $270, and an average daily operating cost of $193.29.
In contrast, the second image shows how Ridgeline drastically reduced their daily expenses by adopting CloudQuery. The average daily cost dropped to just $133.08, with much lower volatility and significantly more stable pricing. CloudQuery’s efficient asset management capabilities provided consistent savings, with fewer unexpected spikes, helping Ridgeline manage their cloud assets more affordably and predictably.
Before CloudQuery | After CloudQuery |
---|---|
Enhanced Visibility #
Beyond the cost savings, Ridgeline significantly expanded its monitoring capabilities, increasing coverage from 150 to 329 resource types and growing from 103 to 252 cloud accounts. This expansion greatly improved Ridgeline’s visibility into its cloud infrastructure while also reducing operational costs.
CloudQuery’s point-in-time snapshots played a key role in these improvements by providing Ridgeline with a comprehensive view of its cloud environment. Additionally, CloudQuery powers a custom-built solution that ensures Ridgeline’s cloud inventories are compliant every time they deploy. These capabilities allowed Ridgeline to:
- Quickly identify and address misconfigurations, enhancing overall system stability.
- Detect and mitigate potential security risks early, ensuring a more secure infrastructure.
- Ensure compliance with internal and external policies by verifying configurations with each deployment.
With these enhanced monitoring and compliance features, Ridgeline strengthened its operational posture and ensured that its cloud inventories were consistently compliant, leading to a more stable, secure, and cost-effective cloud infrastructure.
Compliance Automation #
Ridgeline uses CloudQuery to automatically check each release for compliance and identify misconfigured infrastructure. This approach helps ensure every deployment meets industry standards and reduces the manual effort to maintain compliance. Automating SOC2 compliance reporting with CloudQuery further streamlined Ridgeline’s operations, reducing manual effort and ensuring consistent compliance with industry standards.
Summary #
Ridgeline leveraged CloudQuery to automate its multi-account cloud compliance checks and improve visibility into its infrastructure, achieving significant cost savings and enhanced operational control. By integrating CloudQuery with their DevOps workflow through GitHub Actions, Ridgeline ensures their cloud infrastructure configurations are in line with security best practices. This solution allowed them to expand their monitoring capabilities, covering more resource types and accounts while reducing costs and increasing efficiency.
Looking ahead, Ridgeline plans to improve their infrastructure management by building more dashboards in Grafana for better visibility and automating compliance evidence gathering to make it a fully self-service process. With over 300 AWS accounts and growing, they will continue to rely on CloudQuery to scale their operations efficiently.
Want to improve your infrastructure management like Ridgeline? Try CloudQuery for free to gain better visibility and control over your cloud environment. Or contact us to learn more.
Written by Joe Karlsson
Joe Karlsson (He/They) is an Engineer turned Developer Advocate (and massive nerd). Joe empowers developers to think creatively when building applications, through demos, blogs, videos, or whatever else developers need.