Case Studies

About PayEm PayEm is a global finance and procurement solution combining budget control, invoice management, customizable intake forms, and approval workflows. This empowers organizations with financial insights and integrations for efficient operations. The platform facilitates smooth collaboration among employees, approvers, finance, and procurement teams. It simplifies processes like fund requests, purchase orders, and financial transactions, promoting transparency and communication. This efficiency drives operational speed and productivity, resulting in notable time and resource savings. The Challenge PayEm had to overcome challenges when expanding into new regions and industries. Among the challenges they faced were global reach, brand awareness, visibility, and business growth. They needed to meet various customer and partner requirements, as well as strict data security and compliance standards.  "Listing our SaaS solution on the AWS Marketplace has been pivotal in expanding our market reach. Thanks to CloudZone’s expert guidance, we reduced costs, maintained a high level of security, and now have the flexibility to cater to our diverse customer and partner needs." - The PayEm Team The Solution CloudZone assisted PayEm in optimizing its SaaS solution and listing it on the AWS Marketplace, allowing it to reach new markets and grow the business in a scalable manner. This transition also helped PayEm reduce its marketing and sales expenditures and move to an operating expense model that offers flexible pricing and enhanced security and compliance. By listing its offerings on the AWS Marketplace, PayEm was able to streamline the procurement process by providing a centralized location where customers and vendors can discover and purchase its services and solutions.  The results As a result of listing PayEm's spend management solution on the AWS Marketplace, the company expanded its reach into new markets and lowered upfront costs for its customers. Moreover, customers can now access PayEm's solution on demand and scale as their businesses grow with a private and customized offer. Simplifying the procurement process using the AWS Marketplace allowed customers to find and purchase PayEm's solution easily.

About Fairtility Fairtility™ is advancing reproductive care through the power of transparent AI to help clinicians and their patients on the reproductive care journey. Fairtility believes that transparency is critical when AI intersects with human life. Its flagship software, CHLOE™, is a transparent AI-based decision support tool providing clinicians complete visibility into clinical and laboratory parameters crucial to improving reproductive care outcomes in IVF, fertility preservation, and egg donation. Fairtility aims to expand CHLOE™'s application across the entire reproductive care journey, from assessing infertility causes to optimizing embryo transfer. Challenge In Fairtility's field, leveraging the cloud's capabilities is not only beneficial but also essential. Like many rapidly growing startups, Fairtility has prioritized its focus on product development and business expansion. To optimize costs and effectively manage their cloud infrastructure, they turned to CloudZone for professional advice and assistance. Solution FinOps experts from CloudZone reviewed the customer's Google Cloud environment, examined the resources of their main services, and built a report with recommendations. The collaboration primarily involved working on the Google Cloud Billing Console and constructing customized dashboards within Anodot (a Cost Cloud Management platform) to enhance cloud resource consumption visibility. A key aspect of Fairtility's services is Compute Engine. Based on their machines' low and inconsistent CPU utilization, it became evident that Fairtility cloud costs could be greatly optimized by increasing the number of Spot Preemptible instances. As a result, Fairtility transitioned from E2 On-Demand Instances to Spot Preemptible instances of both E2 and N2D AMD categories. In addition, CloudZone's FinOps team created custom-made reports to monitor better the customer compute engine environment and set alerts to ensure that the Fairtility team remains well-informed and in control of their cloud spend. “CloudZone played a crucial role in addressing a significant cost issue for us. First, they precisely identified the problem and prioritized the most urgent resolutions. Then, they demonstrated the ROI, and finally, they assisted us in monitoring the impact of the implemented changes”. Amichahi Herman, VP R&D, Fairtility Results With CloudZone’s support, Fairtility reduced its cloud costs by a significant 26%. As a result of CloudZone’s FinOps experts' efforts, the company’s Compute Engine coverage stood at 80% for Spot Preemptible instances and 20% for On-Demand instances. As a result of the strategic shift in instance distribution, Fairtility was able to optimize cloud resources while increasing its cost-effectiveness.

About Volcani Institute The Volcani Institute is Israel's national agricultural research and development (R&D) center and is officially an arm of the Ministry of Agriculture. With about 200 researchers, the Institute accounts for more than 75% of Israel's agricultural research and innovation. It has been the driving force behind Israel's renowned agricultural expertise and has contributed significantly to the development of advanced innovations and sustainable agricultural practices. The Volcani Institute, established in 1921, operates state-of-the-art research facilities and allows researchers to collaborate on research and solutions. The Challenge The Volcani Institute contacted CloudZone to build and implement a research platform on Google Cloud. The Volcani Institute has many researchers who require resources to execute some workloads for their research. Each researcher has a strictly defined budget for computing resources, which they cannot surpass. Before the GCP research platform implementation, each researcher chose and managed their computing resources. Researchers were free to choose any Cloud or on-prem resources for their research projects and were responsible for operating their environments' networking and security.   Additionally, the Volcani Institute researchers and IT staff faced multiple issues due to a lack of operation and decentralized budget control. Each researcher had their own budget, which led to overspending due to a lack of visibility and non-automated resource termination. The absence of centralized traffic control and basic hardening of resources in use increased the risk of Cloud accounts being hijacked and data loss, posing significant information security concerns and putting both the researchers and Volcani Institute's IT team at risk.   The researchers needed a ready-to-go isolated and secure private network with compute and storage resources. They also needed to be notified when they were about to reach their budget limit and be locked out once they reached it. It was also important that budgets be assigned per research project per hour rather than on a monthly or annual basis to prevent overspending. Volcani required a centralized management system to achieve increased transparency among researchers, greater security, and more efficient management of research budgets. "We are thrilled with the results of our collaboration with CloudZone. Implementing a centralized budget management system and utilizing their cutting-edge Landing Zone (CZLZ) solution have been transformative for the Volcani Institute. We now have 100% visibility and control over our research budgets, ensuring efficient allocation and preventing overspending. The security of our data and infrastructure has significantly improved, providing a safe and protected environment for our researchers." - The IT Management Department, Volcani Institue The Solution Based on our CloudZone Landing Zone (CZLZ) solution, we developed a cutting-edge research platform that supports easy onboarding and offboarding of researchers and new research projects. The platform uses Google Cloud infrastructure by utilizing IaC-based, easy-to-maintain, and extended templates. The GCP research platform on CZLZ includes hardened GCP Cloud organization, a central network operation platform with firewall, traffic inspection, and URL filtering, a hybrid network, central infra monitoring, budget management capabilities, as well as advanced automation features for the ongoing management of researchers budgets. Creating a research environment using CZLZ strengthens the Volcani Institute's information security since all environments will have predefined security guardrails that adhere to organizational standards, minimizing gaps and human error. The results The new Cloud system, now owned and operated by the Volcani Institute, has been a resounding success, with over 150 researchers now utilizing the system. Before implementing this system, while researchers were familiar with using Cloud technology, there were significant security risks associated with the decentralized and unsecured approach, and there was little to no control of ingress and egress traffic. With the new research platform, CloudZone has successfully mitigated those risks and achieved complete control over the researchers’ infrastructure. This has significantly improved efficiency, cost-effectiveness, and overall security for the whole Volcani Institute organization.

About Orca Security Orca Security, an industry-leading Cloud-Native Application Protection Platform (CNAPP), has revolutionized the identification, prioritization, and remediation of security and compliance risks across the entire cloud spectrum. Operating seamlessly from development to production, Orca achieves this without requiring the use of an agent. The Challenge As a rapidly growing security platform committed to real-time global analysis, Orca faced the challenge of seamlessly integrating new customers from their Google accounts to the Orca platform. The goal was to facilitate a fast integration of their cloud infrastructure, leverage the capabilities of the Orca security platform, and avoid manual operations. To establish and showcase a reliable solution, Orca required a robust platform with advanced technology to meet the demands of rapid growth. The platform needed flexibility and redundancy of resources, ensuring uncompromised services for their customers. “We partnered with CloudZone to build a high-performing security platform on Google Cloud Platform's advanced SaaS environment. Together, we managed our Cloud account comprehensively, optimized our infrastructure, and promptly alerted customers to any detected threats." - Zeev Hoffman, VP of sales, Orca Security The Solution In response to Orca’s challenge, CloudZone consulted and designed an automated onboarding process within the Google Cloud platform environment. Leveraging cloud automation tools alongside advanced native Google Cloud services, CloudZone created a solution facilitating rapid permission grants and environment deployment. This automated onboarding process ensures a secure and reliable platform, assuring Orca Security can deliver an advanced real-time security platform. The platform not only manages the compute resources but also maintains utility optimization and cost-effectiveness. The results Orca’s production account now features a SaaS Cloud-Native Application Protection Platform (CNAPP) solution. The automated onboarding process has significantly reduced manual onboarding efforts by 90%, resulting in a reduced time to market and an improved onboarding experience for customers worldwide. The managed cloud platforms are highly optimized, fully modernized and leveraging Google Cloud’s advanced services, ensuring a state-of-the-art cloud security platform. The newly implemented automated onboarding process maintains Orca’s positioning as the leading cloud security company.

About Matrix-IFS Matrix International Financial Services (Matrix-IFS) is a leading provider of financial crime and compliance solutions and services for the financial sector, trusted by top-tier institutions worldwide. They advise and implement anti-money laundering (AML), risk management, fraud prevention, and trade surveillance solutions. This enables clients to plan, build, and maintain highly efficient and effective financial crime prevention systems and processes while adhering to strict regulatory and compliance standards. Matrix-IFS offers a Fraud Prevention Solution powered by the IBM Safer Payments platform on the AWS cloud. The offering combines advisory tools and methodologies to enable enterprise-level financial services for mid-sized customers at a competitive price. It helps them address their business challenges by leveraging the scale and flexibility of the AWS Cloud. Matrix-IFS is a one-stop-shop for Anti-Fraud services hosted on the AWS cloud and powered by IBM. The fast integration process saves on implementation costs and the total cost of ownership The Challenge Matrix-IFS needed to modernize its solution and offer it as a Software-as-a-Service (SaaS) in order to unlock co-selling opportunities with AWS. Their goal was to optimize IT costs and reduce the sale cycle length. Furthermore, they sought to transition from a project-based business approach to a recurring revenue model. The Solution As part of the Fraud Prevention Solution transition to a Software-as-a-Service (SaaS) model, CloudZone provided guidance and support to the Matrix-IFS team and conducted various technical sessions to ensure seamless integration. Collaboratively, the teams designed a fraud detection SaaS solution following the AWS SaaS framework. Matrix's Fraud Detection solution leveraged AWS Native services to achieve its objectives. This includes utilizing VPC for infrastructure networking, EC2 for application management, Load Balancer to handle traffic, S3 and RDS (Oracle/PostgreSQL) for data storage, AWS Lambda for logic and application handling, API Gateway to manage API calls, and AWS Directory Service for user management with enhanced security. Additionally, we integrated the IBM Safer Payments platform as a third-party service. CloudZone took full ownership of the end-to-end modernization process, transitioning the solution from on-premises to a SaaS model and facilitating its listing in the marketplace. The project encompassed architectural solution design and hands-on professional services delivered by CloudZone's DevOps engineering team. The results The CloudZone team successfully completed Matrix-IFS  Fraud Prevention Solution onboarding to AWS, from the initial discovery workshop to the establishment of a fully integrated development environment, all within a remarkable timeline of three weeks. This accelerated process significantly and reduced the time to market by no less than 50%. Once the project was completed, CloudZonewe continued to provide end-to-end management for Matrix IFS’ Cloud environment through our Cloud Master MSP offering, handling ongoing support, maintenance, and cost optimization and ensuring best-in-class performance and security. Tzvika Eliyaho, Matrix IFS CTO said, "CloudZone reduced our time to market by approximately 50% compared to our internal DevOps capabilities. Leveraging our solution to the AWS Marketplace has allowed us to significantly expedite our go-to-market process."

About Matrix FinTech & Digital Matrix Open Banking Hub (by Matrix FinTech & Digital) is a comprehensive and secure solution designed to empower banks and FinTech companies in the rapidly evolving open banking landscape. With seamless integration capabilities, advanced security measures, and compliance with regulatory standards such as PSD2 Berlin, their Open Banking Hub connects FinTech companies to real-time customers’ financial data, enabling personalized financial services, unlocking exponential growth, simplifying connectivity, and enabling clients to focus on their core business assets. The Challenge Initially, the open banking system was operating on-premises. Under this setup, Matrix Open Hub lacked the capability to seamlessly incorporate external entities such as banks and insurance companies. The primary objective was to transform the open banking solution into a Software as a Service (SaaS) model. This transition aimed to enhance security and scalability, enabling the provision of reliable and expandable services. Upon achieving the SaaS model, the organization would be empowered to effectively offer its services to external customers. The Solution Leveraging our expertise in AWS cloud technologies, CloudZone provided the necessary support and guidance to help Matrix Open Hub quickly develop and launch new FinTech products or services. By leveraging real-time customer data, CloudZone enabled Matrix Open Hub to stay ahead of the competition. We worked closely with Matrix Open Hub to deliver personalized experiences that catered to each customer's financial needs. Our team of experts collaborated to eliminate manual data entry and reconciliation processes, reducing operational costs for Matrix Open Hub. The streamlining of processes and implementation of efficient decision-making, made possible by AWS, significantly contributed to overall cost optimization. CloudZone assisted Matrix FinTech & Digital in optimizing its SaaS solution and listing it on the AWS Marketplace, allowing it to reach new markets and grow the business in a scalable manner. The results Through our collaboration with Matrix Open Hub, CloudZone empowered them to leverage the full potential of AWS cloud technologies, enabling them to drive innovation, enhance customer experiences, and optimize cost. AWS services used included Route53, AWS Amplify, AWS WAF, S3, API Gateway, Lambdas, Event Bridge, DynamoDB, Aurora, System Manager, Security Hub, Certificate Manager, and AWS Config. With our expertise and AWS cloud services, Matrix Open Hub simplified connectivity, unlocked exponential growth, and focused on its core business assets in the open banking landscape. The seamless integration capabilities, advanced security measures, and compliance with regulatory standards such as PSD2 Berlin ensured FinTech companies' secure and efficient connection to real-time customer financial data. As a result of listing Matrix FinTech & Digital Open Banking Hub solution on the AWS Marketplace, the company expanded its reach into new markets and lowered upfront costs for its customers. ״CloudZone reduced our time to market by 50%. Their highly professional AWS Certified Solution Architect allowed our Developer to design a state-of-the-art serverless architecture that serves excellent value to our customers “  Ravit Danieli - Integration Solution Wing Manager

About Enso Enso is a cutting-edge platform designed by application security professionals for application security professionals. Its ASPM (application security posture management) solution enables  AppSec teams to manage, scale and govern a mature AppSec program without interfering with development. Enso recognizes the immense potential of eliminating tactical work and simplifying visibility. To achieve this, the platform consolidates data, eliminating barriers in searching and tracking, and integrates seamlessly with native collaboration tools, reducing and optimizing manual work. Challenge Enso faced the challenge of scaling rapidly and seamlessly while minimizing time-to-market. Their existing traditional software required significant infrastructure investments and manual installations. Staying in a traditional structure would demand a larger team to allow on-site installation. This would require building a robust sales and support team in every region where the company has operations. This approach would make it impossible to have any flexibility regarding IT resources, meaning the company would need to purchase IT resources ahead of time in order to have them available during the highest peak of demand. These resources would then be unutilized in lower demand times. Recognizing the limitations of this approach, the Enso team understood that a SaaS model could better handle increased user demand across regions without worrying about hardware limitations.Additionally, Enso needed to address security and data privacy concerns associated with transitioning to a SaaS model, ensuring compliance with regulations like GDPR. Solution CloudZone swiftly identified the solution for Enso's needs. Since Enso’s platform offers Cloud security, it was a great fit and the natural step to list their product in the AWS Marketplace. This would provide them exposure exactly to the type of potential customers that already work in the Cloud and are looking for AppSec solutions – across regions. Leveraging our team's expertise, we worked closely with Enso to understand their requirements and offered them the option to list their product through our CloudZone Seller Account. During the assessment phase, we asked relevant questions to address SaaS, infrastructure, and business aspects. CloudZone listed Enso's Security SaaS in the AWS Marketplace and provided ongoing support, including 24/7 monitoring of their cloud infrastructure. Our proactive approach ensured the smooth operation of Enso's platform, resolving any issues or bottlenecks that arose. Here is a detailed overview of the process we undertook: SaaS Readiness Assessment: We conducted comprehensive meetings to assess Enso's readiness for SaaS adoption and charted a clear path forward. This phase evaluated the feasibility of listing Enso's product, created a roadmap based on best practices, and assessed their readiness to leverage SaaS technology effectively. SaaSification: Based on the assessment phase and the work plan derived from it, we facilitated the SaaSification process. We collaborated with Enso to develop their SaaS solution, ensuring adherence to AWS best practices. Enso's existing SaaS solution underwent fine-tuning to optimize its performance within the AWS environment. Product Listing: Following the assessment and fine-tuning, we listed Enso's product on the AWS Marketplace. We took care of the entire listing process, including creating the listing, configuring pricing and licensing, testing, submitting it for review, and ultimately publishing the listing. Our team of experts utilized CloudFormation stack to seamlessly integrate with the AWS Metering tool, enabling efficient tracking and reporting of Enso's product usage. Results By harnessing CloudZone's extensive knowledge of AWS services and our commitment to delivering efficient solutions, Enso successfully transformed their software into a scalable SaaS platform. Thanks to the highly skilled AWS Solutions Architects and certified DevOps engineers assigned by CloudZone to oversee the end-to-end modernization process, this was accomplished within 50% of the usual timeframe, saving Enso no less than 150 hours.    Enso’s security platform is now fully operational within the secure AWS environment. This modernization enables Enso to scale their platform effortlessly based on demand while maintaining minimal costs. The utilization of native AWS services ensures robust security measures and provides a solid foundation for Enso's secure environment. Additionally, CloudZone facilitated the seamless onboarding of Enso's SaaS solution to the AWS Marketplace, significantly expediting the sales cycle. This integration allows Enso to reach a wider customer base - potentially reaching 1 million people worldwide using AWS Marketplace. Their sales cycle has also been reduced by 30% and their infrastructure costs have decreased by 50%, thanks to transitioning to a SaaS model.  "We have reduced our sales cycle by 30% by leveraging the AWS platform, and our infrastructure costs have decreased by 50% considering we have been selling our platform as software (SW) rather than as SaaS," stated Roy Erlich, Enso Co-Founder, and CEO.

About Smartme Smartme Analytics’s Big Data technology gathers real behavioral data from users and provides accurate audience information and competitive intelligence to international businesses, agencies and marketing leaders. The company’s software monitors thousands of users through their smartphones in order to better understand their behavior, analyzing what they really do instead of just looking at what they say or what they remember. The millions of data points generated are then processed and categorized with Smartme’s own data mining methodology, obtaining useful in-depth insights to directly apply to your business. This is supplemented with declarative data in order to provide more veracity to clients’ analysis and optimizes the research process. Smartme Analytics turns the information into a key factor in the creation and implementation of competitive analysis, audience discovery, and business strategies, increasing drastically their efficiency. Challenge Smartme operates in a vertical where smart use of the Cloud is imperative. As with many high-growth startups, Smartme was focused on building their product while also developing their business. With limited personnel, Cloud expertise and a lack of visibility into costs and analytics, Smartme turned to CloudZone for guidance and support on how to efficiently manage their Cloud & its costs Solution Having  registered CloudZone as Smartme’s official partner on record with AWS enabled CloudZone to provide them with a range of services, at no extra cost. This included a dedicated team that consisted of a Customer Success Manager, a Solutions Architect, and a FinOps Analyst, as well as access to a Cloud management platform (CloudHealth). To boost Cloud operations and reduce costs, CloudZonet provided consulting and training in several areas: Business advice on various topics including fund requests, focal points, billing issues, and more. A Well Architected Review according to AWS and Security best practices to ensure their Cloud usage is optimal on all accounts CloudHealth training on how to customize reports & alerts, right-sizing, cost-saving and saving plans After analyzing Smartme’s costs, CloudZone’s FinOps experts worked with Smartme’s team to reduce their Cloud costs. Thier recommendations inclueded: Right-sizing -  to ensure they are using the most suitable and up-to-date instances. Delete unattached instance memory, which wasted resources A 1-year commitment savings plan that would cover 68% of their total EC2, Fargate and Lambda environment. Implementing RDS IOPS In addition, CloudZone’s FinOps team set up reports and alerts to make sure the Smartme team can stay on top of their Cloud spend. Results Working with CloudZone was a game changer for Smartme in terms of savings. The company was able to cut their Cloud costs by no less than 20%. Thanks to the new savings plan recomended by CloudZone, Smartme reached $7.3k of savings per year. Following CloudZone’s suggestion to modify Smartme’s io1 volumes into gp3, the company was able to receive 3,000 free IOPS. The reports, analytics and alerts set by CloudZone’s FinOps experts meant that Smartme’s internal team now has full visibility into their Cloud spend and efficiency, opening the door to even greater savings and optimization in the future. As Smartme gained deeper knowledge, training, and systems through their work with CloudZone, they now have a set methodology they can leverage and scale, rather than working "on the fly" as before. Smartme’s CTO, Ignacio Minarro said: “CloudZone helped us to go from handling our cloud infrastructure on the go to experiencing more confidence and understanding and leveraging Cloud technology for our business and products. As a Big Data company,  finally having clarity and visibility into our analytics is priceless. CloudZone’s FinOps experts have helped us achieve 20% in savings.

About Swogo Swogo is revolutionizing the cross-sell platform for leading retailers worldwide – creating the perfect match by combining an understanding of their product range alongside customer behavior whilst considering the customer’s availability.  Using a unique approach that focuses on understanding a retailer’s product assortment, Swogo Product Graph ™ combines machine learning and AI algorithms and surpassed 1.5 billion bundle recommendations in the first half of 2019. However, with growth comes new challenges. Challenges Prior to working with CloudZone, Swogo ran their solution on bare VMs using OpsWorks but wanted to adopt containerized workloads for better scalability and resource sharing later on, using either ECS or EKS. Swogo approached CloudZone for a Well-Architected Review to help them overcome these obstacles. The review was conducted in two parts and identified several areas where Swogo's system could be improved. After the review, CloudZone's team of experts found a few dozens of security risks – both high and medium-risk – that needed to be addressed 24 high-risk items and 13 medium-risk items that needed to be addressed. Solution With the help of CloudZone's expertise, Swogo was able to address the challenges identified during the review and implement the proposed security solutions. CloudZone helped Swogo by: Setting up AWS Config with basic rules, AWS GuardDuty, and AWS Security Hub. Planning AWS SSM implementation for patch management and secured IAM, including blocking unused regions and reviewing roles/users. Defining and setting up AWS resource tags and reviewing CloudWatch workload metrics. Reviewing CloudHealth reports providing further recommendations and setting CloudHealth budgets per resource type. Assisting them to achieve greater security and efficiency, continue their growth trajectory, and provide even better service to their clients. Additionally, the CloudZone team helped Swogo build an MVP and continuously improved its solution - a multi-tenant stack at its core but with customer separation at the data layer. Swogo uses CloudFront, WAF, Load Balancers, and EC2 based stack for their production API layer. Scaling is now automated, correlated to customer engagement. Additionally, Swogo now uses Lambda for background processes as well as Mongo (a self-managed replica set) and DynamoDB for their data layer. Their CI/CD workflow is automated with CodePipeline, for testing and deployment. Results Swogo now enjoys average savings of 28% by using CloudFront Private Pricing Agreement rather than on-demand AWS Pricing. Moreover, thanks to CloudZone, Swogo has achieved 90% coverage (and 10% on demand) of EC2. This means that 90% of Swogo’s EC2 environment is covered via saving plan commitments, saving them approximately 25% compared to on-demand pricing. The savings per month are about 10% of Swogo’s total spend. Swogo’s account is managed via CloudZone’s unique reselling model. Swogo CTO José Silva said, "Having CloudZone's team expertise at our service at no additional costs while optionally being able to use their value-added services to accelerate us proved to be a no-brainer for our business." With CloudZone's help, Swogo overcame its challenges and continued providing automated cross-sell bundles that generate incremental margins for leading retailers worldwide.

Executive Summary: The Israeli Fair Trade Authority wanted to find a way to fight telemarketing calls. Following the 61st amendment to the Consumer Protection Law, they contacted CloudZone to create a “Don’t Call Me” service - which would allow consumers to opt out unwanted calls and messages, making any company that continues to contact them liable. Our team created the Cloud infrastructure using Cloudzone’s Landing Zone, utilizing the AWS platform (as part of the Nimbus Project).   About the Customer The Israeli Consumer Protection and Fair Trade Authority is an independent, governmental authority, established by the Consumer Protection Law, 1981. The authority is responsible for monitoring the implementation of the Law’s provisions. investigating violations and bringing offenders to justice, initiating procedures of administrative enforcement, handling complaints, conducting surveys and research, and handling other consumer protection issues that are not the responsibility of other authorities.   The Challenge The Israeli Consumer Protection and Fair Trade Authority is a fairly small organization with no prior experience in the Cloud, and they had a very limited window to get the system up and running before the law went into effect. The same system needed to serve the general public and there was no wiggle room. The team was concerned about working on the Cloud for the first time, facing public scrutiny regarding any technical issues that might arise and working with external vendors.   The Solution  Thanks to Project Nimbus, it was clear that the system will be built on the AWS platform. CloudZone took care of the entire infrastructure process, building the Cloud infrastructure using CloudZone’s Landing Zone solution on AWS. The team also synchronized with Zigit (which built the app), AudioCodes, and the FTA.  Eliav Tal, VP Delivery at Cloudzone, stated: “We are excited to be involved in a project that will help millions of Israeli citizens. As part of this project we had to understand the requirements, both from a security standpoint and from a regulation standpoint and ensure to allow for potential growth while we incorporated the required components for a successful integration with the AWS Cloud infrastructure”.   Why AWS Project Nimbus made building this project on the Cloud, and specifically with AWS, an easy decision. The FTA cited two reasons for AWS being the best fit for the project: their unique security capabilities, and AWS Marketplace, which allows quick utilization and integration of new technologies.    Why the FTA Chose CloudZone This was the FTA’s first ever project on the Cloud and they were looking for experts who can confidently guide them and take care of a smooth delivery. Having worked with Matrix.I.T, CloudZone parent company, in the past on other successful government projects made the decision that much easier.   Results 150,000 consumers signed up within the first 24 hours 1,000 companies registered to the service within mere weeks Millions of NIS saved compared to an on-premise project   Benefits Peleg Shafir, CIO at The Israeli Consumer Protection and Fair Trade Authority said that the move to Cloud delivered above all expectations. “While with on-premise projects we were limited to my team’s know-how, On the Cloud, we had a specialized expert for each single topic.”  Opposed to the FTA’s assumptions, the project ended up costing 3 million ILS less thanks to it being built on Cloud, and it took only 1 month to build the infrastructure. Shafir continued on to say, “due to the unique capabilities of the Cloud, this was one of the most important IT decisions of my career. Thanks to the expertise of the vendors, we are now able to utilize services such as AI, Big Data and others, in a cost-effective manner. In the long term, moving to the Cloud translates into less operational costs, a significant reduction in overhead and more opportunities to innovate.”

About Super-Pharm. Super-Pharm is the largest pharmacy chain store in Israel, which is operated by franchisees. Since opening its first store in 1978, the company has grown to include 280 stores nationwide, with overseas branches in Poland. Super-Pharm is building a new integration layer between drugstores and medical institutions. The project aims to provide the endpoint for securely and productively pushing highly sensitive data to Super-Pharm facilities. Challenges Super-Pharm had several forms and images that should be sent to and processed. The maximum amount of data to be sent was limited to 5MB, due to their document system being on-premises. With 250 locations and an immense amount of documents, this posed a big challenge. “Working with CloudZone enabled us to launch a serverless solution architecture that meets our unique needs while still meeting this project’s KPIs. Since this launch, we’ve seen our TCO drop by 65%! Thanks to CloudZone, we’re confident that our customers' highly sensitive data is received and processed securely.” Nir Ben-Zion, IT & Cloud Director @Super-Pharm: The Solution To overcome the challenge, CloudZone provided Super-Pharm with a serverless solution architecture, allowing staff members across all 250 locations to upload documents and increase efficiency quickly. CloudZone implemented an API gateway that provided an AWS environment with an SSL certificate installed. The Lambda functions process the received JSON documents and place the files into a specified S3 bucket, which will be taken by Super-Pharm on-premise server via SQS queue. The Results Our designed solution enabled Super-Pharm to launch the system while meeting the project’s KPIs. Since we designed the solution as a serverless application, the TCO was reduced by 65% compared to equivalent server-based solutions.  

YES is a leading provider of satellite TV broadcast services in Israel. Their constant innovation of services and quality has put YES on the front line of broadcast technology. YES offers a variety of packages to over 500,000 customers. The Challenge YES needed to add the Netflix application to their customers home receivers. This would make it easy for their customers to access Netflix directly from their receiver. YES’s main goal was to deploy a cost-effective, high-preforming cloud infrastructure to host the app. In order for YES to meet the Netflix API specifications, they needed to design a secure and highly available solution. They had a short time to market target and needed expert help to bridge the learning curve and deliver a turn-key solution. Another request from YES was for CloudZone to manage the environment for them after the launch so they can focus on their on-perm environment. The Solution CloudZone provided YES with a serverless solution architecture to address their needs. Using native AWS services made the solution work seamlessly. Our team at CloudZone setup a dev and prod environments to enable the application developers to test and deploy their code in a CI\CD pipeline using CodeCommit. We used API Gateway to create, manage, and secure the API. Our team relied on AWS lambda functions to handle authorization and API calls, and AWS Fargate to deploy the application in a secure and scalable way. We used SSM and CloudFormation to manage the environments infrastructure. We configured CloudWatch and CloudTrail alerts that allow us to respond to security and operational events using CloudZone's MSP teams. The Results Our designed solution enabled YES to expand service offerings for their customers. Since we designed the solution as a serverless application, the TCO was reduced by 70% when compared to equivalent server-based solutions.

LSports is a world-leading sports data company that provides an innovative sports betting data API for the sports betting industry. They are a leading provider of high-quality live sports data feeds, serving clients worldwide. The Challenge Lsports had a large data repository in their data warehouse and wanted to create machine-learning (ML) models from this data. They were looking for a platform that could pre-process, train, and deploy machine learning models quickly, and scalably, and streamline their ML development process. The Solution CloudZone had developed a full machine learning pipeline which was designed and built on top of the AWS SageMaker platform. The solution delivered a training pipeline that controls data preparation, model training, and model deployment. All stages were implemented on AWS SageMaker Pipeline, and the pipeline was wrapped in AWS native tools to control triggers and manual approvals. The data science team also integrated SageMaker Studio as an IDE to leverage purpose-built tools for ML development, like managing experiments, explainability capabilities, data visualization, and more. The goal of this solution was to streamline to MLOps in order to scale the solution and save costs. This included design, development, testing, deployment to production, training and post launch support. The Results The customer has now gone through an enablement process that lets them step up their machine learning (ML) lifecycle and move to a higher level of automation with added capabilities for rapid innovation through robust machine learning lifecycle management. Some of the automations include: Create reproducible workflow and models. Easy deployment of high-precision models in any location. Effective management of the entire machine learning lifecycle. Machine learning resource management system and control. The implementation of these advancements has yielded significant accomplishments in enhancing the customer's machine learning initiatives: Improved efficiency: The project has led to a significant reduction in model training time, indicating that the new solution has made the machine learning process more efficient. Streamlined ML development process: The solution has also reduced the model deployment time, demonstrating that the new pipeline has streamlined the ML development process and made it faster. Enhanced scalability: The increase in the number of models trained and deployed after implementing the solution showcases the scalability of the new pipeline, allowing for more models to be developed and utilized. Better model performance: Working with a managed platform allowed us to create an environment that facilitates the development of improved models. This is achieved through the ability to test and experiment, which results in better models in terms of quality. As a result of these advancements, Lsports has realized significant improvements, including: A remarkable 75% reduction in model deployment time. An impressive 50% reduction in the model development cycle time. Daniel Netzer, Senior SA @Lsports: “The Data team at CloudZone has been a pleasure to work with. They are quick and responsive, and always follow through on commitments. The development process for our machine learning pipeline was seamless and now we have a working ML platform with Sagemaker. It’s amazing how much we’ve progressed in just a few weeks!”

NoName Founded in 2020, NoName Security is a platform that allows enterprises to view and secure managed and unmanaged APIs. Users can protect their APIs from data leakage, authorization issues, abuse, misuse, and data corruption without agents or network modifications.   The Challenge Noname was facing skyrocketing costs while underutilizing resources. When VP of R&D Aner Morag took over Noname’s CloudOps, he realized that low environments like development and automations were rapidly growing out of proportion. He wanted to take immediate action  and cut down costs. In turn, their Noname’s biggest challenge was to find ways to control costs and eliminate the waste of resource wastages in their environments. Some of his staff members had a very good experience with Cloudzone’s FinOps team in the past, so he reached out to Cloudzone to walk him through the process of applying the FinOps framework.   Our Solution One of our FinOps experts partnered with Noname stakeholders and engaged in a series of staged mini-projects that spanned over 3 weeks to deliver an automated solution for scheduling EC2 instances, tag-based EBS cleanup, and Elastic IP cleanup. Next, the team tackled the business aspect and found that a 1-year savings plan commitment for computing could cover 50% of optimized resources and add another 10% to its total savings!   The Result CloudZone helped Noname reach their target of 50% savings per month by eliminating unnecessary costs and recovering underutilized resources. We assisted in identifying areas where Noname could save money and defined 4 main waste sources: On-demand EC2 instances used by the development team were running 24/7 There were unattached EBS volumes that required cleanup  There were unused elastic IPs that required cleanup All EC2 instances were in On-Demand pricing  Aner Morag, VP of R&D Noname Security shared this positive feedback, “CloudZone helped me gain the trust of internal stakeholders by defining clear KPIs and a clear ROI for the projects. Their FinOps team is top-notch. We have seen our monthly EC2 expense drop by over 50%! They are always there to help you out and never let you down.”

About Masterlink Masterlink is a consulting and development company for highly complex information systems. With more than 20 years of experience, Masterlink stands out in the market for its specialized team as well as the constant development and innovation of its technology, the Masterlink Platform. The platform provides custom-made solutions to match each business need. The Challenge Masterlink has pivoted their focus to public sector customers. They reached out to CloudZone because they were seeking the right partner to take over cloud operations and incident management while helping to design a secure, scalable and highly available architecture. Masterlink’s current architecture was already using AWS tools for CI\CD such as CopePipeling, CopeDeploy, CodeCommit and CodeBuild, as well as ECS to run the application. The Solution CloudZone’s solution was to migrate workloads from ECS to EKS using Terraform as Infrastructure Code for EKS deployment. We used AWS managed services such as AWS WAF, Secrets Manager, AWS VPN in order to follow security best practices. We used EKS Fargate and API Gateway to serve the customers in a secure and high performing private logical resource environment. We also setup tagging, CloudWatch alerts and metrics, as well as DataDog for next-generation MSP services. We onboarded Masterlink to our MSP service. Now, our team fully manages the infrastructre for them so they can focus on the development of their platform. The Results We delivered to Masterlink a Terraform code to manage and deploy their platform. In addition, CloudZone’s MSP team took over responsibilities including managing their environment, incident response to operational and security events and ongoing maintenance of their platform infrastructure.

OrboGraph has provided technology solutions to automate paper processing, detect fraudulent transactions, and mitigate risk for more than 25 years. OrboGraph assists over 4,000 financial institutions and corporations in automating the process of depositing paper-originated negotiable items (checks, money orders, preauthorized drafts, etc.) and increasing check fraud detection capabilities for deposit and on-us fraud.   The Challenge Orbograph’s workload in AWS contains several AWS services. Among them are an operational MSSQL RDS database used by Orbograph’s application, and a Redshift instance used as DWH for BI purposes. Orbograph wished to develop a robust and seamless mechanism solution based on AWS services to offload historical data from the operational RDS to Redshift and enable data modeling on top of it for future consumption (in-house application dashboard).   The solution Step-Functions used as an orchestration service for the whole process, providing visibility, steps-dependencies, and control mechanism. AWS Glue job used as the data processing engine to support incremental approach. Dynamodb used as the control table to support the metadata’s data pipeline processes (tables, watermarks bookmarks). To model the new data, Redshift Stored procedures were used. Recurring daily task triggered by EventBridge to kick the whole process.   The result An automation platform for ingestion of historical data from RDS to RedShift powered by Step-functions. Result in a dataset in Redshift to consume by in-house application dashboards (modeled data)

Iguazio The Challenge Looking for speed, low cost, a breadth of features, and the ability to quickly reach global customers and provide a worldwide SaaS Service, Iguazio’s technical leadership chose to develop and launch their platform in the Cloud. As the company began its Cloud journey working directly with AWS, its focus was on fast development of an advanced platform, rather than cost management or optimization. Its Cloud spend increased dramatically, up 300% by the third month of operations, mostly due to the use of EC2. Something had to be done to introduce best practice and optimize costs. The Solution Audit - using a third-party tool to review AWS usage against known cost-optimization best practice. Redeploying main platform – moving infrastructure from Frankfurt, Germany to North Virginia and Ohio, saving the company 7% of its monthly EC2 costs. Optimizing strategies based on instance type. Purchasing AWS Savings Plan – leveraging the flexibility of the Compute Savings Plan to reduce EC2 costs. Ongoing monitoring of on-demand EC2 costs by Iguazio’s finance team - keeping a check on on-demand EC2 costs and tracking the development team’s need for additional EC2 resources to assess the need for additional savings plans. The Results By implementing the recommendations of the CloudZone review, purchasing AWS compute plans and performing cost optimization best practices, Iguazio’s estimated yearly saving is 15% (based on a full year usage pattern), which is equal to 2 months of AWS charges before using CloudZone services. The EC2 reservation / Saving coverage jumped from 0% to 70% within 4 months. “Thanks to the process we went through with CloudZone, we now have better visibility into our consumption on the cloud,” says Ilan Gayda, Director of QA, DevOps and Dev Support at Iguazio. “Being able to control and monitor our monthly Cloud spend has improved our business efficiency.”      

Having carried out many acquisitions and mergers, Sapiens — a global provider of software solutions for the insurance industry — experienced challenges in merging physical infrastructures. The merging of the local data center of each acquired company into the main data center in Israel took a long time and was an expensive, complex and difficult process. Moreover, Sapiens had to investment significant resources in managing and maintaining its data center.  Sapiens recently completed a project that migrated 11 on-premise data centers in the U.S. and in India to the cloud infrastructure of VMware Cloud on AWS. As a result, Sapiens is enjoying a double-digit improvement in economic metrics and in the flexibility of its development environments, increasing the company’s competitiveness. About Sapiens Sapiens serves the global insurance industry with customized software solutions in the domains of elementary insurance, life insurance, pensions, reinsurance, and more. The company’s solutions enable insurance companies to improve business processes, to quickly adjust to changes in the industry, and to provide their customers with innovative services.  Sapiens was established in 1982 and has extensive experience in collaborating with international insurance companies. Over the years, its customer base has grown to include 600 insurance companies in 27 states in the U.S., Europe, Asia and Israel, among them a number of Fortune 100 companies. In 2020, the company’s revenues reached $385 million. Today, the Sapiens workforce numbers approximately 4,000, both in Israel and in 14 offices and R&D centers in the U.S., Canada, England, Poland, Latvia and India.   The Technology VMware Cloud on AWS   The Challenge   With each of its many mergers and acquisitions, Sapiens faced the challenge of merging physical infrastructures. Merging the local data center of each acquired company into the main data center in Israel was time-consuming, costly, complicated, and difficult. Furthermore, Sapiens had to invest heavily over the years in the management and maintenance of 11 on-premise data centers, including all their operational load, their ongoing maintenance, and the financial costs involved. This challenge was intensified by the fast growth that continues to characterize Sapiens. Accordingly, the company searched for a solution that would reduce the operational load and allow it to focus on its core businesses. In addition, during the coronavirus period there was a need to upgrade the servers in the branches at short notice, which caused many problems and delays. This experience taught the company that extreme, unpredictable load is another factor making cloud migration to truly essential.   The Solution   Focusing on about 2,000 servers, across 10 U.S. data centers and one Indian data center, supporting the development activities of over 1,000 developers in both countries. Migrating many databases and programs from the physical infrastructure to the cloud, with complete transparency and without any change to the developers’ ongoing work. The cloud infrastructure also supported the employees’ transition to work-from-home during 2020 while the offices were closed because of the coronavirus pandemic. Building a uniform infrastructure for a significant part of Sapiens’ global development activity, answering all needs for processing, storage, and backup of the development environments, by means of thousands of virtual servers.  The project, carried out by Matrix CloudZone, continued even as Sapiens acquired new companies and moved those companies’ servers to VMware Cloud on AWS. Recently, Sapiens acquired Delphi, an American company, and all Delphi’s servers are now being migrated to VMware Cloud on AWS.   The Results With VMware Cloud on AWS, the development environments enjoy unprecedented flexibility and can scale resources, integrate competitive technologies, launch new products more speedily, and improve business performance. The new infrastructure, deployed with the help of Matrix CloudZone, supports Sapiens’ accelerated growth — both organic and through mergers and acquisitions. “We found that the virtual data center is financially the most cost-effective solution, since payment is based on use of the physical server and not per virtual machine,” says Almog Nissim, global system manager at Sapiens. “Today, Sapiens is enjoying comprehensive savings of 20–30% on IT expenses, because we have less need than before for the hardware maintenance activities, electricity, communications, office space, and human resources that data center maintenance involves. A huge challenge that we faced until now whenever we merged the data center of an acquired company with the Sapiens infrastructure, is now gone - as though it never existed. And in the future, Sapiens can quickly integrate the information systems and development environments of additional acquisitions into a uniform infrastructure.”

About Gamoshi Gamoshi began in 2016 as a startup with the aim of unifying and simplifying online advertising for companies of all sizes. Advertising has become a complex industry in the digital age, with a vast range of media and message types competing for audiences and brand awareness in a vast global marketplace. Gamoshi’s vision was to become a leading technological provider with a flexible, customizable infrastructure-as-a-service platform that solves challenges and saves customers time and money— letting them keep pace with the constant changes in the AdTech industry. By removing technological barriers, Gamoshi’s integrated cloud-based platform gives brands, organizations, and companies the tools they need to participate successfully in the digital advertising world.     [embed]https://www.youtube.com/watch?v=dGGyiedQR20[/embed] The AWS Factor Gamoshi originally selected Google Cloud Platform as their cloud provider. Yet as Gamoshi’s customer base grew, they started feeling growing pains. AWS seemed to offer greater capabilities and promise for future scalability along with a more attractive pricing model for their business. They chose to partner with CloudZone to make it a reality. Since 2013, CloudZone has guided organizations from startup size to multinational enterprises through cloud transitions of all types, from DevOps to big data, from cybersecurity to hybrid solutions that harness the best of legacy along with cutting-edge cloud capabilities. CloudZone handled Gamoshi’s AWS Cloud Data Warehouse migration from GCP Data Warehouse BigQuery to AWS with zero downtime in a project that included intense Kubernetes workloads and stream analytics applications.   Result  Gamoshi achieved a significant cost savings of around 25% per year, along with zero downtime and performance improvements on their customers’ side.   Project Challenges Any migration project, whether from on-premises to cloud or from one cloud provider to another, brings with it a range of challenges. In this case, major potential obstacles included: Zero down-time: Customer real-time bidding (RTB) platform could not tolerate downtime as this could result in major losses to customers. Performance and data preservation: Migration from Google’s BigQuery to AWS had to be accomplished while preserving performance and data integrity. Capability and scalability: The AWS-based solutions selected had to be able to handle Gamoshi’s intensive Kubernetes workloads serving over 500,000 requests per second (RPS). Cost savings: Since cost savings were one of the primary drivers for the migration, CloudZone needed to build the most cost-effective solution possible based on Kubernetes and Analytical AWS services. Clear, Measurable Results More than $20K in cost reductions Open Lake House engine, real-time analytics and data lake stream processing capabilities powered by AWS Redshift and  Upsolver Better performance at customer end through AWS Optimizing business model to fit the use-case (EDW from pay-per-query to fixed) Customer Quote "When we started thinking about migration to AWS, we were looking for real partnership and guidance. CloudZone helped design a robust, sustainable and cost-efficient infrastructure in a very demanding ecosystem.” -- Moshe Mozes, co-founder & CEO, Gamoshi   Why did Gamoshi choose AWS? CloudZone helped Gamoshi clarify their rationale for switching providers. Overall, they determined that AWS had an edge due to its greater experience in this area along with a range of services designed to save IT resources and provide more flexible, scalable solutions. Wealth of services/platform maturity: Gamoshi sells infrastructure as a service and requires a variety of solutions to solve real life problems efficiently and quickly. AWS provides the necessary wealth and depth of solutions and templates to easily move, mix, and match to create the most efficient solution for each customer’s specific needs. Cost efficiency: Higher utilization drives high value. Gamoshi’s platform is based on 90% spot instances, working in real time, so every uptime second counts. AWS’s higher quality of service lets Gamoshi’s customers maximize their investment and derive more value from the platform. Widespread mature networking: Many Gamoshi customers are already running on AWS, enabling better performance. Big data capabilities: Gamoshi provides customers with an analytics dashboard that depends heavily on big data capabilities. Gamoshi’s data platform now uses AWS services like Kinesis and Redshift, along with third-party solutions like Upsolver. How did partnering with CloudZone help you throughout the migration? According to Moshe Mozes, Gamoshi co-founder & CEO, “We were looking for real partnership and guidance—moving to AWS is a complex challenge.” “Becoming familiar with the wealth of services was not an easy task, and we wanted a partner that could steer, guide, and hold our hands throughout the entire journey. CloudZone dramatically shortened the research time, helped narrow down the wealth of alternatives and lock in on the right services and tools to use. CloudZone’s support enabled us to stay up and running 24/7 throughout this migration project. CloudZone’s architects helped us design a robust, sustainable and cost efficient  infrastructure in a very demanding eco system.” “CloudZone’s deep experience in infrastructure, architecture, Kubernetes and Big Data was key to the success of this project.” CloudZone Benefits: AWS Partnership & Funding: “CloudZone exposed us to the AWS support and funding programs and led the entire process with the AWS team resulting in great ROI and smoother migration to AWS.” Failure-Proof Delivery:           “We had to find a trusted partner to push things forward through the migration. Since our system works 24/7, we couldn’t have done it without CloudZone.” Ongoing Support:            “Our setup is almost ready—now we need less attention, but still have daily interactions with CloudZone—for practical support and brainstorming.” Overall Quality of Service:            “CloudZone has become our DevOps team. We plan to continue this relationship going forward—with weekly or even daily help sustaining, extending, and introducing new Amazon features.”  

Personetics  Personetics enables banks to offer daily data-driven personalized insights, financial advice, and automated financial wellness programs to their customers. Initially, the company’s “Engage” business solution was running on-premise within each bank’s data center, using both VMs and Dockers. Recognizing that there had been a shift in many of the apps used by several of its financial clients to Kubernetes or Software as a Service (SaaS), Personetics decided to migrate Engage to become a SaaS solution. Many organizations were using Microsoft - a strong Cloud vendor with extensive global coverage. Seeing the potential to bring the solution to a wider customer base, Personetics engaged CloudZone to help to deploy Engage in Azure.   Microsoft technology used    Azure Kubernetes Service (AKS) Azure Log Analytics Azure Database for SQL Azure Virtual Network (VNet)   About Personetics     Serving over 95 million bank customers worldwide, Personetics is the leading global provider of data-driven personalization and customer engagement solutions for the financial services industry. The company’s AI models help banks turn financial data into proactive, personalized real-time insights and advice for their retail, small business and wealth management customers. Putting customer needs first, its banking solution, Engage, keeps customers informed, using predictive analytics to empower them to stay on top of their financial affairs.   The Challenge     Personetics was clear that it needed to get “Engage” onto Azure to make it more accessible for its bank clients using this platform. Implementing the solution in Azure Kubernetes Service (AKS) would also decrease the time-to-market and enable a faster reaction to client demands. The company’s in-house expertise was in AWS, so it turned to CloudZone for help with an initial project - moving the product into the Azure Marketplace so that banks could run a demo proof of concept in their Azure environment. Now, in a second project, Personetics went back to CloudZone to further develop its new SaaS solution, automating the landing zone and application infrastructure deployment to Azure, using Infrastructure as Code (IaC). Because of the company’s wide global reach, “Engage” also needed to be deployable in the different geographic regions where Personetics’ clients operate - including the US, Europe and other regions - to minimize latency, ensure a smooth user experience, and take into account relevant local regulations.   The Azure MSP Solution     The main goal of the project was to provide IaC that would enable Personetics to automatically deploy ״Engage״ as a SaaS product, along with all its dependencies -  AKS, monitoring, log analytics, security, network etc. - into Azure, in all the relevant regions. CloudZone used its expertise in a wide range of Azure tools and technologies to complete the project. Automated creation of infrastructure - using Terraform to write the code, CloudZone automated creation of the infrastructure of Azure Kubernetes Service (AKS) with all the common services needed, and implemented security and logging. Prometheus was used for monitoring, including Prometheus Federation which enables consolidation of all time-series metrics, from all environments, into a single Prometheus database. FluentD was implemented to ship all logs from inside Kubernetes to Azure Log Analytics. Managed Kubernetes service - by using AKS for fully-managed Kubernetes container orchestration, Personetics can focus on fast, agile deployment, without worrying about autoscaling, high availability or OS management. Networking - using hub-and-spoke network methodology, CloudZone created a central management location to give Personetics a single pain of glass into its SaaS deployments. Managed database service - instead of deploying Personetics’ Engage databases on self-provisioned servers, CloudZone took advantage of the Azure Database for SQL to decrease the overhead costs of database administration. Secured data accessibility - leveraging Azure Virtual Network service endpoints and SQL PaaS, CloudZone was able to connect AKS, hosting the Engage application to the databases using Azure backbones, instead of sending it over the internet. With the Azure-managed SQL Firewall feature, CloudZone was able to increase the safety of data transfer abilities.     The Results      Since going live with Azure in July 2020, Personetics has seen a lot of interest in the market. Multiple deals have already been closed and many more are at various stages of the sales cycle. “Banks are looking for ways to build long-term relationships with their customers, and thanks to CloudZone’s expert support, we are now able to offer them a secure, scalable service to meet their business needs on Azure platform” says Sharon Atlas-BenDavid, Director of cloud services at personetics .

Yad Sarah's Move to Azure For years, Yad Sarah had been using a single on-premise server to power the digital records for its equipment lending service across all branches, and the car fleet application used for scheduling its patient transportation service. When the servers became unstable, with no redundancy and frequent equipment failures, the organization decided to migrate to Microsoft Azure. Azure makes it very easy to create a redundant system in the Cloud, without worrying about any costly hardware upgrades or issues with future development. What’s more, Microsoft offers benefits for non-profit organizations. About Yad Sarah Founded in 1976, Yad Sarah, a non-profit organization, offers a wide range of services, including mobile clinics, an emergency alarm service, lending of an extensive range of medical equipment, and transportations for patients with functional disabilities in its fleets of wheelchair-accessible vehicles. Its 7,000 volunteers work at over 100 branches throughout Israel, serving 750,000 people each year. List of Technologies usedAzure IaaS Windows VMs Azure load balancer Azure VPN Azure Backup Azure Storage Azure NAT Gateway The Azure Factor Founded in 1976, Yad Sarah, a non-profit organization, offers a wide range of services, including mobile clinics, an emergency alarm service, loan of an extensive range of medical equipment, and transportation for patients with functional disabilities in its fleets of wheelchair-accessible vehicles. Its 7,000 volunteers work at over 100 branches throughout Israel, serving 750,000 people each year. The Challenge Literally hundreds of thousands of people around the country rely on the smooth running of Yad Sarah’s fleet of 40 vehicles, which carry 500 patients a day, and the management of 386,765 loans of equipment, from wheelchairs to oxygen pumps, baby cots to hospital beds. With a single point of failure, when the Yad Sarah server would go down, the system would become unavailable to all its 100+ branches, paralyzing operations. The company that originally developed the equipment-lending application was long out of the picture, leaving Yad Sarah to maintain it themselves and handle any technical challenges that may come up. Yad Sarah urgently required a stable system with improved redundancy, that could be easily operated. The Azure MSP Solution CloudZone carried out a thorough system review of Yad Sarah’s on-premise set up, taking into consideration the organization’s needs in drawing up a diagram for a robust, redundant system and plans for deploying it and migrating the live data to Azure. The solution that was implemented gave Yad Sarah the following benefits:   Improved redundancy – The new VM-based system has multiple VMs for the website, the tablet connection for the car fleet, and the SQL databases enabling full redundancy in case of a failure on one of the servers. Enhanced security and monitoring – The only access to Azure is via VPN from Yad Sarah - the branches connect to Yad Sarah’s terminal servers and from there can connect to the system. Azure monitoring enables Yad Sarah to see details of server status and usage. CloudZone also configured alerts to send a notification via email in the event of server overload or availability issues, so that the technical team can take the necessary remedial action to prevent a crash. Backups and improved scalability - Instead of running backups to hard drives connected at its IT office, Yad Sarah now runs and manages backups more easily and reliably in the Cloud. If necessary, restoring of the SQL data or of the VMs themselves is also faster and easier on the Cloud than on-prem. Hybrid networking – Yad Sarah’s on-premises environment is connected to the Azure network over VPN, allowing full connectivity between the on-prem systems and the application running on Azure. OS Update – CloudZone took the opportunity of the migration to upgrade the operating systems of the VM running the applications to newer versions in the new Azure environment. OS version was also upgraded as part of the rehost of Windows and SQL servers.   The Results Since going live with Azure in mid-June 2020, Yad Sarah has seen the benefits of its new robust redundant Cloud environment. "We needed a system that would be simple to maintain and use – and that’s what we got!” says Ari Grinbaum, System Manager at Yad Sarah. “CloudZone solved many issues that we had been unable to solve by ourselves. Thanks to the complete, efficient and fast response they gave us, we are now able to manage the Cloud environment ourselves, knowing that CloudZone is there to help us if we need them.”

Playtech BI  The Challenge Playtech BI provides a substantial volume of services to the Playtech Group, and its AWS monthly spend reflected massive cloud consumption. 80% was related to EC2 costs, with the rest associated with other AWS services (S3, RDS, EBS etc.). The BI division embarked on a journey to identify advanced methods of reducing its EC2 cost, including educating its team to use the different, more cost-effective types of EC2 instance audited its AWS EC2 available. The Solution Audit - using AWS Technology Partner to audit usage and utilization patterns against established cost-optimization best practices. Upgrading EC2 instances - upgrading old generations of EC2 (m3, c3 and r3) to more advanced EC2 types, like c4 or m5, which are cheaper and offer better performance. Optimizing instance type according to utilization - moving applications requiring greater memory from C type instances to M type, or from M type to R type. Downsizing/ terminating instances - weekly checks of EC2 utilization to identify underutilized EC2; downsizing those with maximum CPU lower than 20% and average CPU lower than 5%; terminating those with maximum CPU lower than 10% and average CPU lower than 3%. The Results After a full year of implementing the recommended cost-optimization best practice, Playtech BI had reduced its monthly EC2 costs by 53%, while use of new generation and more suitable instance types helped reduce total EC2 compute hours by 28%, without decreasing the provision of services to the Playtech Group. “CloudZone’s audit helped us identify a range of EC2 savings options,” says a Playtech BI representative. “Having implemented the recommended AWS cost optimization best practices, we succeeded in achieving a huge reduction in our Cloud spend while improving the efficacy of our services.”

Continuity Software The Challenge When Continuity Software embarked on development of AvailabilityGuard NXG, a next-generation SaaS solution deployed on AWS, it faced a significant challenge of identifying common misconfigurations and critical reliability risks in AWS environments. A secondary concern was how to refactor its current monolithic applications and create a Cloud-native microservice architecture and a cost-effective SaaS. Finally, the company hoped to leverage CloudZone’s experience and customer engagements to enlarge its own knowledge base. The Solution AWS best practices - helping client R&D team grow their knowledge-base of misconfigurations related to a variety of AWS services across the multi-Cloud and hybrid environments. Application modernization - consulting on application deployment architecture using AWS well-architected framework. DevOps services - providing dedicated DevOps resources to support the building of Continuity Software’s environment on AWS, including CI/CD pipeline and Infrastructure as Code (IaC) artifacts. Security compliance - consulting on selection of 3rd party tools that met Continuity Software’s security requirements, including API audit logs, application central log management, application audit logs, Kubernetes Security, infrastructure perimeter security, and evidence provided as IaC. The Results “In CloudZone, we had a partner that was committed to our success, enabling us to focus on our core business while they supported the development of our new solution,” says Avi Aharon, Vice President, Head of Cloud Business at Continuity Software. “We are now positioned as the only company that is able to address resilience assurance needs in a hybrid, modern IT environment, giving our customers peace of mind knowing that as they make changes and upgrades to their IT systems, they can rely on our technology to ensure that there is no downtime, data loss or cyber resilience risks.”   

PowToon  The Challenge   Powtoon began its AWS activity in around 2014, and has been growing with AWS since then. But, with this growth came a need to re-examine the environments and technology being used, and Powtoon’s ability to efficiently control costs.   The Solution   Cutting-edge technologies – consulting on and delivering a variety of workloads, taking into account Kubernetes and Istio to improve security and cost effectiveness. Cost-effective environment and cost control – making proactive recommendations for reserved instance (RI) and savings plans (SI), and use of spot instances; using third-party tools to run cost-optimization reviews, analyze EC2 utilizations and EBS volumes; and implementing cost-optimization best practices. Security compliance – consulting on selection of third-party tools to support Powtoon’s ISO requirements, including endpoint protection, central log management, application audit logs, data protection algoritms, Kubernetes security, infrastructure perimeter security, and evidence provided as Infrastructure as Code (IaC).   The Result   “We’ve been collaborating with CloudZone for several years, and are happy to continue doing so,” says Simon Weil, Director of DevOps at Powtoon. “CloudZone is a great partner for starting, embracing, and implementing new, innovative technologies. They are our provider for consulting and support in everything relating to the Cloud, enabling us to focus more on our business.    

Pearl Cohen   The Challenge Pearl Cohen’s attorneys work remotely from offices and homes around the world. These employees access sensitive case-related legal documents, through a remote desktop. The firm needed to strengthen its security tools and services, improve its latency, flexibility, availability and SLA, and provide better services, including new document management tools, to employees.   The Solution Assessment of virtual machine sizing - running the Azure Migrate Server Assessment tool on Pearl Cohen’s Israel and US servers, to measure server CPU, memory, and disk utilization. Seamless migration - using Azure Site Recovery (ASR) Disaster Recovery as a Service (DRaaS) to seamlessly migrate servers to Azure with almost zero downtime. Reducing costs, improving latency - purchasing reserved instances to reduce costs; connecting to an ExpressRoute to Azure to improve latency. Security and durability - blocking communications from known malicious IP address ranges and locations using Multi-Factor Authentication (MFA) and the conditional access tool built into Azure Active Directory; implementing Azure Backup Vault to back up all servers.   The Results “CloudZone showed us the great value of using Microsoft Azure and Office 365 and we became the first international law firm in Israel to be based on a public Cloud,” says Inbal Berqowitz, CFO of Pearl Cohen. “We even managed to migrate some legacy systems with great success and with almost zero downtime.”  

Rabbi Interactive The Challenge Digital agency, Rabbi Interactive, was required to develop an easily-deployed, elastic solution that would connect to the current SAP warehouse-management infrastructure and provide a highly-secure API endpoint for mobile warehouse management devices. All the operations related to infrastructure deployment and application updates were to be automated. The Solution Run the app on AWS hybrid application architecture to gain scalability, performance, and elasticity. Comprehensive IT services - a dedicated IT resource was allocated, including consulting and planning, configuration, application development and migration. Introduce AWS Security Best Practices – including: AWS Inspector - to scan and report possible vulnerabilities, analyze and remediate AWS GuardDuty - to detect possible threats. GitHub - to host private code repositories. AWS CodePipeline - to automate deployment procedures. AWS CodeBuild and CloudFormation - to build and deploy the application in the ECS cluster. ECR - for storing docker images. AWS SSM - for patch management on non-ECS machines, like MongoDB. The Results The deployment automation enabled a reduction in human-led operations, helping Rabbi Interactive’s developers to concentrate on their tasks, while reducing the time required for application deployment. Use of CloudFormation enabled management of production infrastructure and the creation of QA/DEV ephemeral environments, in minutes.  

TradeTech Group The Challenge For many years, the technical leadership at TradeTech Group has pioneered the use of AWS, believing since the company was established that the Cloud was the best option to launch its platform, in terms of speed, low cost, breadth of features, and security. Within a few years, TradeTech Group’s monthly spend on AWS services had skyrocketed; 75% of it relating to EC2 costs, and the rest to the other AWS services (S3, RDS, EBS etc.). Keen to reduce costs, the company set itself a goal to cut its monthly Cloud spend by 20% to 30% within three to six months. The Solution Audit – using AWS Technology Partner to audit the company’s EC2 usage and EBS volumes against established cost-optimization best practices. Optimizing instance type according to utilization – rectifying over-provisioned instance sizes running at a very low rate of utilization by optimizing according to instance type. Using larger EBS GP2 type volumes - AWS CloudWatch revealed that using larger EBS GP2 type volumes would enable TradeTech to free up 3 IOPS per GB of disk space, removing the need for iO1 EBS and purchase of expensive PIOPS. Terminating unnecessary EBS volumes – terminating a number of unused, underutilized and infrequently-accessed EBS volumes. The Results TradeTech’s monthly Cloud spend was reduced by 20% overall, including: 17% reduction in EC2 compute costs; the purchase of RI (Reserved Instances) at a significantly cheaper price than purchasing EC2 on an on-demand basis; reduction of 90% in EBS Provisioned IOPS. “Having realized the savings from the initial audit, we plan to continue working with CloudZone to implement AWS cost optimization best practice recommendations for hardening, extending fault tolerance, and improving performance of its environment,” says a TradeTech representative  

Yad2   About Yad2   Founded in 2005, Yad2 and is one of the largest online advertising board brands in Israel. More than 10,000 new ads for second-hand products, cars, apartments and other goods and services are uploaded every day, generating massive traffic to the site.   The AWS Factor   For years, Yad2’s applications were deployed on hundreds of servers in a local, self-managed data center. In 2019, the company decided to migrate to AWS to reduce maintenance costs, utilize managed solutions like Amazon Relational Database Service (RDS), and reduce infrastructure costs through Auto Scaling and Spot Instances. Yad2 also uses Amazon Elastic Compute Cloud (Amazon EC2), LAMBDA, CloudFront and several other AWS tools.   The Challenge   Yad2 had been expanding its data center for nearly 14 years, adding servers to the infrastructure to keep up with growth requirements. Given the scale of the company’s operations, managing its data center was not an easy task; it was clear that a reevaluation of its environments, technology and ability to control costs was required.     The Solution   Data center migration to the Cloud - using refactoring migration methodology for most applications - Cloud-native architecture on AWS-managed Kubernetes and database solutions, such as MySQL on RDS, DynamoDB and managed ElasticSearch. DevOps services - providing dedicated DevOps resources, including building and managing a CI/CD pipeline and other requirements Cost-effective environment and cost control – making recommendations for reserved instances (RI), savings plans (SI), and the use of Spot Instances as part of Yad2’s new Cloud-native architecture. Security compliance - consulting on selection of third-party tools, including API audit logs, application centralized log management, application audit logs, Kubernetes security, infrastructure perimeter security and Infrastructure as Code (IaC).   The Results   “CloudZone’s approach delivered great value,” says Shlomi Otmazgin, CTO of Yad2. “Collaborating with them on all aspects of the project allowed us to focus on our core business, knowing that we had a partner to support us throughout the transformation process.” The project went live in April 2020.

About Hunters - SOC platform Hunters SOC platform is a purpose-built, turn-key security data and analytics platform. It’s a modern solution that provides cloud-scale access to telemetry data across the entire attack surface coupled with an intelligent automated event correlation, investigation and prioritization. Hunters׳ is a group of cyber and tech experts looking to revolutionize security operations by combining data engineering. The solution combines security expertise, data engineering and layers of automation to accelerate decision making. The Challenge One of Hunters’ core backnes is a component based on a large scale number of Apache Flink applications running simultaneously while new jobs keep coming. Hunters were out to look for an alternative and perhaps better way of deploying and running flink applications. In that time, Hunters’ team incharge was under a lot of work preparing for a major flink version upgrade and needed a hand offloading the benchmarking and analysis of an alternative. The requirements were mainly benchmarking reasonably similar workloads in terms of data volume, velocity and stateful stream processing characteristics such as windowing and watermarks.  The Solution CloudZone’s team is heavily invested in open source as a mantra. Aside from cloud vendor services and 3rd party solutions which we deliver, we also work with many open source tools, especially in the area of data processing & analytics. The Data team has flink programmers within and could immediately understand the customer needs. Upon agreeing on the best alternatives to benchmark and defining clear KPIs for the benchmark, CloudZone developed a MVP Java Flink application to imitate the workload in a sufficient way. Since the focus of the benchmark were the deployment & orchestration, imitating data volume and velocity and stateful aggregations was sufficient enough for the tests. The results During the tests which were according to customer scenarios defined in the design phase, all relevant metrics were recorded with proper monitoring we setup and were wrapped in a well organized benchmark summary document delivered to the customer.              

Salefreaks Salefreaks helps corporations, business owners, and individual marketplace sellers to source millions of new goods into their online stores, and access new potential buyers, driving eCommerce sales and protecting margins. Working closely with Amazon and eBay, the company develops and uses advanced automation software solutions that rapidly analyze, source, test, and deploy smart listing, pricing, inventory, and drop shipping strategies, at scale. Salefreaks currently manages over 2500 eBay stores, with over 8 million items listed and over 450,000 items sold monthly.     The Challenge Salesfreaks’ architecture comprises several database clusters with tens of databases and hundreds of application servers, all exposed to the public internet due to the limitations of the company’s existing provider. With a massive compute requirement, both for serving its customers and to power its internal task processing, Salefreaks' Cloud hosting cost became extremely high.  The decision was made to migrate to AWS, which offered the required capacity on spot instances, scalability, cost-effective pricing plans, a secured network and a simple-to-use managed database service.   The Solution Working with CloudZone, Salesfreaks embarked on migration of its servers to AWS, some of them using “lift and shift” approach and some with minor application modernization. Cost-effective environment – the 700-800 worker servers that Salefreaks was using for its application processes were migrated to spot instances, giving the company better pricing while still providing the required capacity. Scalability – in order to achieve the scalability required to serve its growing customer base, Salefreaks migrated its servers to AWS’s Elastic Compute Cloud (EC2) service, which offers security, autoscaling and resizable compute capacity in the cloud. Securing the network – following CloudZone’s recommendation, a secure VPC was built for the environment according to best practices, with proper network segmentation into public and private subnets. This has enabled the company to securely enclose its network, according to specific subnets and security groups, such that, other than servers that should be public, all core systems were protected. Optimizing storage – implementing Amazon’s Simple Storage Service (Amazon S3) for storage, archiving and retrieval has given Salesfreaks a range of benefits, including scalability, data availability, security and performance. Reduce administrator overheads – using Amazon’s Relational Database Service (RDS), Salesfreaks is now enjoying the benefits of a fully-managed service that provides out of the box backups, high availability and other benefits, with less administrative input by its own staff.   The Results  Now with 700 to 1300 servers operating every day, Salesfreaks is able to run its Cloud environment in a scalable and flexible way, thanks to AWS.  Autoscaling immediately facilitates server availability when required, enabling the company to provide a faster response to client demand while paying only for the exact amount of time the server is uses the Cloud, rather than a fixed daily or monthly cost regardless of usage. This is saving Salesfreaks in the region of $20,000 per month. “With AWS, not only is it easier for us to manage our Cloud environment, but we have the scalability we need to respond to client demand, and a level of security - both networking and administrative - that accords with AWS best practices,” says Nitsan Goren, co-founder, and CTO of Salesfreaks. “We are now able to deliver a highly-available application, whereby an outage even of several components will not result in the whole system crashing. Downtime is down to almost zero and incident response time has decreased, meaning that our clients enjoy continuous, uninterrupted service.” The project went live in June 2019. About Our Cloud Services CloudZone helps you leverage the power of the Cloud, so that you can focus on your core business strategies. As a multi-cloud service provider, we help customers to take advantage of the broad set of global compute, storage, data, analytics, application, and deployment services. Our goal is to help organizations move faster, lower their IT costs, and scale their applications.

About D-ID D-ID’s Creative AI enables the automagical transformation of any picture or video into extraordinary experiences. The technology is used by leading marketing agencies, production companies, and social media platforms globally. D-ID is on a mission to enable full video production, using just AI. D-ID, the pioneers in Creative Reality™ The Challenge D-ID began its activity  in Jan 2017 and has been growing since then, they worked in hard to manage multi-cloud architecture and used AWS for some workloads. As the production environment grows larger and more complex, it becomes increasingly onerous to maintain an up-to-date staging and dev environments. In the current state D-ID is missing the tools and the processes for easy deployment of infrastructure for Dev environments and network management. Cost of the current Dev environments is high and not optimized. The Solution D-ID choose AWS to be a single cloud platform and  ECS for running microservices in production and Dev, for monitoring and visibility was chosen Prometheus - Cloud-Native monitoring for Kubernetes & VMs with exporters for all kinds of backends, AlertManager for alerts routing and deduplication of  Prometheus alerts. In order to reduce maintenance and improve security RDS was used as a MySQL on VM replacement. Terraform will be used to maintain infrastructure as a code and help customers to keep the tracking of the systems and improve the time to market and create similar environments for development, staging and productions. Using Transit Gateway, terraform will provide a networking management solution to interconnect VPC and provide secure access to manage all resources. To support D-ID’s Security requirements,  AWS native security tools like AWS Tower, GuardDuty, Config will be implemented to improve security, to get visibility and fast Incident response. In order to reduce the cost of dev environments, instances should be stopped and started according to a schedule, implemented using AWS LAMBDA. The results AWS Organization with security baseline, guardrails and preventive rules using Config. Modern, secure, and elastic infrastructure on AWS with efficient cost and low operational cost. Visibility on environment status using Prometheus and Grafana dashboards. Full IaaC to create disposable Dev/Staging environments and easy to manage production infrastructure and networking. Established baseline standard for how D-ID works and common language and the tooling to meet the needs of infrastructure deployment and maintenance.  

 About INTEZER Intezer has created the largest genetic cyber threat database. Intezer detects mutations of any malware or cyber threat seen in history by recognizing even the slightest amount of malicious code reuse. This technology is helping companies evolve with the threats they face by analyzing, detecting, and tracking the latest variants and threat actors. Get connected for free at analyze.intezer.com The Challenge Currently The customer is facing operational issues with an unstable environment and hard maintenance. Also, the cost is higher than expected. Intezer is looking for a scalable and cost-optimized solution. The challenge is to migrate the current Elasticsearch clusters from cluster managed on Ec2 to AWS OpenSearch following scalability and security best practices with good cost-performance. The Solution CloudZone’s team is heavily invested in open source as a mantra. Aside from cloud vendor services and 3rd party solutions which we deliver, we also work with many open source tools, especially in the area of data processing & analytics, among them Elasticsearch. The Data team has dedicated Certified Elasticsearch engineers which are thoroughly familiar with all kinds of Elasticsearch offerings, now including the new OpenSearch by AWS. The Intezer ElasticSearch cluster will be deployed in a scalable, secure and cost-optimized architecture. The data migration plan is based on the Data Migration requirement per cluster and Business Impact. The results Clusters were migrated successfully without down time. The migration was aligned with the business requirements and the new deployed clusters follow the AWS reference architecture and best practices    

About Imubit Imubit provides an AI process optimization platform for refiners and chemical operators, which executes plants’ money-making operational strategies continuously and consistently. The platform interconnects various processing units while aligning planning and economics, process engineering, process control, and operations for closed-loop optimization. The Challenge Imubit began its activity around 2016 and has been growing since then, they choose GCP for their application from the beginning. Trying to be cloud-agnostic they did not use Cloud native solutions and built all on IaaS. But, with this growth came a need to re-examine the environments,  tools and technology being used, and Imubit’s ability to efficiently control costs, maintain environments and create new Dev applications. Current application stack will be modernized to cloud-native technologies and tools like Docker, Kubernetes, Terraform, CloudSQL. The Solution Imubit choose GKE for running microservices in production and Dev (implemented with Namespaces), for monitoring and visibility was chosen Prometheus - Cloud-Native monitoring for Kubernetes & VMs with exporters for all kinds of backends used e.g., CoudSQL and  AlertManager for alerts routing and deduplication of  Prometheus alerts. In order to reduce maintenance and improve security CloudSQL was used as a MySQL on VM replacement. Kubeflow was used to implement machine learning workflows and improve ML CI/CD processes. Cutting-edge technologies – consulting on and delivering a variety of workloads, taking into account Kubernetes and Istio to improve security and cost-effectiveness. Security compliance – consulting on selection of third-party tools to support Imubit's Security requirements, including endpoint protection, central log management, application audit logs, data protection algorithms, Kubernetes security, infrastructure perimeter security, and evidence provided as Infrastructure as Code (IaaC). The results Modern, secure, and elastic infrastructure on GCP with efficient cost and low operational cost. Visibility on traffic using GCP LB  and monitoring using Prometheus and Grafana dashboards.  IaaC and CI/CD pipelines used to onboard new workloads an easy thing.