About Corporate Governance Risk
Corporate Governance Risk Pty Ltd (CGR) is a business and technical process risk service that markets a web-based application to manage risk for all levels of business. Based in Perth, Australia, CGR has been in operation for more than two years and has domestic and international clients in the oil and gas, mining, health, and retail sectors.
To use the CGR service, clients consider their business goals and enter information about their risk factors and organizational processes into a web application. The application first evaluates the risk and compliance profiles and identifies mitigation strategies. The application then provides reports that senior executives can use to make immediate, medium and long-term forecasts and decisions.
CGR is an emerging business with clients in 12 countries and the company wanted a high-quality service provider with infrastructure close to their clients in England, France, Switzerland and other European countries. CGR uses a third-party vendor to host its application in Australia and it was concerned that European clients would face unacceptable time lags. “The application communicates and manages a considerable amount of data,” explains Callum Jones, Software Engineer at CGR. “To efficiently serve our clients, we need to ensure that they receive a very quick response when entering information or requesting reports. We are effectively competing with risk management systems that use Excel spreadsheets running on local servers or desktops. So, at worst, we have to deliver similar levels of performance and availability.”
CGR also needed to scale quickly to meet demand for its application during peak compliance reporting periods, when the load on CPU resources could increase by 200% and demand for memory resources by 300%. The organization also wanted to be able to meet typical business demands: to add resources during the day and scale down when clients shut down for the evening. Furthermore, CGR wanted a partner that would grow with the business as it became more successful. “As we take on new clients and get word from our existing clients that they want to bring more users on board, we need the ability to easily add capacity,” says Jones.
Why Amazon Web Services
The organization was originally working with another hosting provider for its web application, but soon found that its services, particularly billing and redundancy for back-end services, were relatively inflexible. CGR then engaged Amazon Web Services (AWS) because of the strong AWS brand reputation and the knowledge that AWS infrastructure could support clients and distributors in Europe.
At that time, AWS was already well known with the CGR development team. Most of them used AWS before and they were familiar with the application programming interfaces (APIs) that act as the interface to services. The CGR developers knew that AWS would easily allow them to add capacity for a set number of hours to support increases in demand from clients, and then remove that capacity during quieter periods.
CGR began by using Amazon Elastic Compute Cloud (Amazon EC2) with Amazon Elastic Block Store (Amazon EBS) for a scalable infrastructure and Amazon Virtual Private Cloud (Amazon VPC) to run the CGR application on an isolated section of the AWS Cloud. Later, the development team added Amazon Route 53 to act as a primary domain name server and keep track of internal servers, and Amazon Simple Storage Service (Amazon S3) to back up database information. The figure below provides a diagram of CGR’s site architecture.
Figure 1. Corporate Governance Risk Site Architecture
Using AWS, CGR is able to service its European clientele with an average three-second reduction in response time. CGR regularly backs up its databases every six hours, ensuring that client data is available for retrieval on request or in the event of a system issue.
CGR has taken advantage of the bandwidth between datacenters operating in the same Region to locate its databases across two Availability Zones. This means that if one Availability Zone is unavailable, the CGR application and database servers in the other Availability Zone can take up the load. “AWS has been fantastic in letting us plan for the worst and minimize the prospect of disruption to our clients,” Jones says.
Furthermore, CGR has been able to update its application without compromising its ability to service clients. Jones maintains that the application has so far had zero downtime while running on the AWS Cloud. In addition, the company benefits considerably from the ability to add and remove capacity to meet peaks in demand at regular intervals. “Most clients use our products during business hours only, so after hours we can scale back our number of active machines and not pay for the unused CPU time,” Jones says. “We just pay for the EBS storage costs until we bring the machines back up later.”
Prior to using AWS, CGR had to send a request to its host provider for additional CPU and memory resources. It would take three to four hours just to receive acknowledgement of the request. With AWS, the company can provision additional resources in minutes. This ability to make new resources available rapidly also means AWS is an ideal long-term partner for CGR, as it can easily scale up the infrastructure to accommodate new clients. The speed of provisioning delivers a substantial productivity dividend to CGR. Jones estimates that, “the AWS Cloud frees up half a day of development time per staff member a month.”
CGR also uses Amazon S3 and Amazon CloudFront to run its corporate website, reducing costs because the company only pays for the services it uses instead of paying a fixed, regular hosting fee. “With AWS, we avoided investing in dedicated systems administrators, which would be necessary if we ran a dedicated in-house infrastructure, says Jones. “Instead, we can focus our hiring efforts on developers who can improve the company’s applications and system designs.”