The MSSP Portal Cloud Operations case study highlights the design and implementation of a modern, multi-tenant security services platform on AWS, built from the ground up to support global scalability and high availability.
The architecture spans multiple AWS Regions and Availability Zones (AZs), leveraging AWS-managed services across all layers. Application microservices run on an Amazon EKS Kubernetes cluster, with its control plane distributed across AZs for resilience. Data persistence is managed by Amazon RDS in a Multi-AZ configuration, ensuring durability and availability.
The platform is secured within a dedicated VPC, protected at the edge by AWS WAF against web-based threats. Amazon Route 53 delivers highly available DNS services, while Amazon CloudFront accelerates global web traffic, offloads origin servers, and enhances overall system reliability.
All infrastructure and workloads are provisioned and managed as code. Terraform scripts and Kubernetes Helm charts automate the setup and configuration of cloud resources, guaranteeing consistency and repeatability in deployments.
To ensure comprehensive observability, the platform implements logs monitoring with Elasticsearch, Logstash, and Kibana (ELK stack) and metrics monitoring with Prometheus and Grafana, providing real-time insights, anomaly detection, and unified dashboards across all tenants.
The customer, an MSSP, required a multi-tenant cloud platform capable of securely isolating and managing multiple partners’ customers within a single framework. To achieve this, the solution needed a centralized management console (MSSP Manager, “AMM”) along with multiple partner portals (“AMP”), each strictly isolated yet enabling delegated access and unified visibility.
The main challenges included designing a highly available, multi-AZ AWS architecture, enforcing strong tenant isolation, and automating provisioning and updates through DevSecOps pipelines. In practice, the platform had to support scenarios such as defining partners and users, streaming dashboards and reports into partner portals, and enabling partners to provision new customer instances on demand, a key requirement for the AMP. Equally important was ensuring robust monitoring, strong security controls (including network isolation and WAF), and simplified management across all tenants.
Environment Setup
Each AMM and AMP environment resides in its own VPC with public and private subnets.
Subnets are distributed across three Availability Zones for high availability.
Networking
Each VPC includes a NAT Gateway and VPC interface endpoints for AWS services.
This enables private communication with the EKS control plane and AWS APIs.
Internet Gateway + external Application Load Balancer (ALB) provide ingress into private subnets.
Compute Layer (EKS)
Amazon EKS runs AMM/AMP microservices on auto-scaling EC2 node groups in private subnets.
Nodes sit behind:
An internet-facing ALB (for UI/API access).
An internal ALB (for inter-service calls).
This ensures high availability and fault tolerance.
Database Layer
Amazon RDS for PostgreSQL deployed in multi-AZ mode within each VPC.
Provides automatic failover to standby in case of primary AZ failure.
Security & Access Control
AWS WAF protects inbound portal traffic via the CloudFront distribution.
Route 53 manages DNS.
CloudFront caches static assets globally to reduce latency.
Security groups enforce least-privilege access across compute and data components.
AWS Secrets Manager stores deployment credentials and certificates securely.
Infrastructure Automation
Entire infrastructure defined using Infrastructure as Code (IaC).
Terraform scripts and Helm charts (stored in Git) define network, compute, and security resources.
Jenkins pipelines automate deployment of Terraform/Helm stacks on code merges.
Monitoring & Logging
Prometheus and ELK stack provide in-cluster monitoring and logging.
Sends metrics via Prometheus.
Sends logs via Filebeat/Kibana.
Stores both in Elasticsearch within each AMM/AMP cluster.
Centralized Observability
A central Grafana server in a dedicated “Tools” VPC is VPC-peered with all environments.
Provides unified dashboards aggregating metrics from all tenants.
DevSecOps Best Practices
Version-controlled infrastructure code.
Rolling upgrades for services.
Secure secrets management with AWS Secrets Manager
Managed Services for Operational Efficiency: Services such as Amazon EKS, Amazon RDS (Multi-AZ), CloudFront, WAF, and Route 53 allowed the team to offload undifferentiated heavy lifting (patching, scaling, maintenance) while focusing on MSSP-specific business logic.
Security & Compliance: AWS’s built-in security features (IAM, Secrets Manager, WAF, VPC isolation) aligned with MSSP requirements for multi-tenant isolation and least-privilege access control, supporting compliance with industry best practices.
Automation & Infrastructure-as-Code Support: AWS’s native integration with Terraform, Helm, and CI/CD pipelines enabled fully automated, repeatable deployments and rapid provisioning of new customer environments.
Cost Optimization: On-demand resources, autoscaling groups, and consolidated billing through AWS Cost Explorer and Cost Categories supported 30–40% cost savings compared to on-premises or self-managed alternatives.
High Availability:
EKS node recovery tested at <5 minutes for failed nodes.
RDS failover confirmed at <60 seconds, with zero data loss (latest snapshot + synchronous replication).
This architecture delivers 99.99% availability across the platform.
Security:
100% inbound traffic routed through CloudFront + WAF + ALB, blocking malicious or invalid requests at the edge.
IAM policies follow a least-privilege model, reducing risk of unauthorized access by ~40% compared to the previous setup.
Operational Efficiency:
Full AMM+AMP stack provisioning time reduced from 6–8 hours manually → <60 minutes via Terraform + Jenkins (85% faster).
Partner teams can now self-provision new customer instances in ~10 minutes, compared to 1–2 days earlier.
Automation eliminated ~70% of repetitive tasks, saving the operations team ~40 hours/month.
Observability:
100% of metrics and logs captured via Prometheus + ELK, aggregated in Grafana global dashboards.
Automated scaling and patching reduced unplanned downtime incidents by ~25% YoY.
Neuwave is an AI-native, composable suite of products purpose-built to accelerate integrations, migrations, and operations for ISVs, enterprises, and technology innovators.
© Neuwaveai.com. All Rights Reserved.
A distinguished technology leader with deep expertise in enterprise software and product engineering, he serves on Crest Data’s Board of Advisors. Sumeet is Managing Director of ServiceNow’s India Technology Centre and Senior Vice President of Engineering for the Core Business Workflows portfolio, overseeing products across HR, Finance & Supply Chain, Workplace, Health & Safety, Legal, and Contract Lifecycle Management. Previously, he held senior leadership roles at Broadcom, Cisco, and CA Technologies, scaling teams behind multi-billion-dollar product portfolios. He holds a degree in Computer Science and serves as Chair of the Telangana Regional Council at NASSCOM.
A strategic business, security, and technology leader with over 25 years of experience across telecommunications, financial services, and software industry verticals, he serves on Crest Data’s Board of Advisors. He currently serves as Vice President and Head of Technology Integrations, Technology Alliances at Netskope, driving strategic security and IT integrations at scale and advancing Netskope Cloud Exchange, recognized as a 2021 CRN Top 10 Cloud Security Tool. Previously, he held leadership roles at AT&T, Riverbed, and Palo Alto Networks, building strategic partner ecosystems and enterprise security programs. A former U.S. Navy Surface Warfare Officer, he actively advises and mentors several technology and consumer services companies.
Aditya Khetan is a Director of Technical Support with over 12 years of experience leading 24×7 global product support operations and customer success initiatives. He has built and scaled high‑performing teams, driving data‑informed improvements in NPS, CSAT, and operational efficiency while managing complex escalations. A Splunk Core Certified Consultant and Architect, Aditya has delivered enterprise solutions for global clients and partners closely with senior leadership to align support strategy with business goals.
Brings extensive sales, business development, and consulting expertise to Crest Data, where he drives strategic growth and builds high‑value enterprise relationships across ServiceNow and IT solutions. With a strong background in strategic alliances and solution‑led sales, he focuses on expanding market presence and partnership ecosystems. Rajeev has a proven track record of engaging C‑suite stakeholders, shaping go‑to‑market strategies, and accelerating revenue in competitive technology markets. His leadership blends commercial acumen with deep industry insight.
Bringing over 20 years of experience in information technology and cybersecurity. He has held senior leadership roles across strategic alliances, technical operations, and information security, including positions at VMRay, Cofense, and financial services firms. A long-time faculty member at IANS Research and owner of First Security Alliance, LLC, he has advised hundreds of clients, authored professional publications, and spoken at numerous security conferences. He holds CISSP, CISM, CRISC certifications and an MS in Information Assurance from Walsh College.
Jeet has over a decade of experience across Security Engineering, Implementations, and Operations. As Director of Business Development at Crest Data Systems, he leads the Tech Sales organization, driving growth, solution positioning, and strategic customer engagement. Previously, Jeet led Managed Services teams and delivered more than 100 Professional Services engagements, specializing in deploying, optimizing, and migrating enterprise security platforms such as SIEM, XDR, and UEBA. His blend of technical expertise and consultative sales leadership enables strong customer relationships and measurable business outcomes.
Damion Desai leads West Coast North American sales for Crest Data, based out of San Jose. With over 25 years of experience in enterprise technology sales spanning semiconductors, optics, manufacturing and software services Damion partners closely with our engineering teams to deliver AI-driven cybersecurity solutions to some of the largest technology companies in Silicon Valley. He is a past winner of the Intel Achievement Award and holds a Computer Science degree from The University of Southern California.
Neha Mashruwala is a highly organized and results-oriented marketing strategist with nearly two decades of experience in driving business growth through strategic marketing initiatives.
Known for aligning marketing strategy with business objectives, Neha brings deep expertise across brand strategy, demand gen and lead gen, product marketing, thought leadership, and end-to-end digital marketing. With a strong understanding of enterprise technology, AI-led marketing, creative storytelling, and data-driven execution, she accelerates go-to-market success with a customer-first mindset.
A Fellow Member of the Institute of Company Secretaries of India (ICSI), she brings over 10 years of experience in corporate governance, secretarial practice, corporate restructuring and transaction advisory, fund raising including IPOs, and capital market transactions. With strong legal acumen, she advises the Board of Directors, ensures compliance with applicable legal and regulatory frameworks, and oversees governance systems across the organization, thereby supporting Crest Data’s commitment to transparency, accountability, and responsible business conduct.
Gaytri brings over 25 years of experience driving revenue growth and customer success across global enterprises. She has led large-scale GTM initiatives, including managing over $100 mn Hi-Tech portfolio as Vice President of Sales at Genpact, and held senior sales leadership roles across leading enterprise technology organizations such as Cisco and Salesforce. An IIT Delhi engineering gold medalist, Gaytri blends technical depth with strategic sales leadership to build trusted C-suite relationships and drive sustained, long-term growth.
Rishi leads strategic partnerships with observability vendors, including AWS, Datadog, and Dynatrace. He brings over 20 years of experience building products, partnerships, and driving customer success across the observability, security, and application infrastructure domains. Most recently, Rishi led product management and customer success teams at PromptQL and Sumo Logic, supporting thousands of customers from Fortune 500 enterprises to emerging startups. He lives in Sacramento, CA with his family and enjoys the outdoors.
Bringing over 15 years of experience in cloud and DevOps engineering, he leads technology strategy and execution across product development and deployment at Crest Data. He has expertise in Kubernetes, containers, and multi-cloud architectures, building platforms for performance and scale. Prior to Crest Data, he co-founded and served as CTO of a cloud-native technology company recognized as a Great Place to Work. Colwin holds a Bachelor’s in Computer Science and multiple Kubernetes and AWS certifications.
As the leader of Business Development and Security Ecosystem at Crest Data, Vance leverages over 25 years of experience in security technology. He previously served as a product manager at Armis, driving technical alliances and integrations, and at Nozomi Networks, where he managed protocols and hardware. Vance holds CISSP and CCSP certifications and a Bachelor’s in Physics and a Master’s in Computer Science from Rochester Institute of Technology. He holds a patent in photoprint digitizing scanner technology. Combining his deep technical expertise with strategic leadership he is deeply involved with customers and ISVs to build innovative Cybersecurity solutions.
With over a decade of experience in IT leadership, he oversees enterprise IT infrastructure, cloud operations, and cybersecurity at Crest Data. He leads a cross-functional IT organization, driving secure, scalable, and resilient systems while enabling key security certifications including ISO 27001, SOC 2, GDPR, and BIA. With deep expertise across AWS, Azure, GCP, and AI-driven security tools, he focuses on strengthening endpoint security, managing inhouse data centers, optimizing cloud costs, and ensuring reliable, well-governed IT operations across the organization.
An HR leader deeply committed to people and culture, Devanshi brings over a decade of experience across diverse industries. As Director, HR at Crest Data, she drives culture-first people practices and builds high-impact HR teams aligned with business outcomes across India and the US teams. Known for her sharp insight, empathy, and storytelling-driven influence, she blends strategy with human connection. Outside of work, she cherishes time with her little one, enjoys playing cricket, and loves reading to him.
With more than 25 years of leadership experience in finance, he oversees financial strategy and operations across domestic and international business units. He leads enterprise-wide financial governance, compliance, and growth planning. With deep expertise across finance, taxation, legal operations, procurement, and revenue assurance, he has helped build and scale businesses, including a technology startup in video analytics. Nirav holds an M.Com, CA, a Diploma in Foreign Exchange Risk Management, and is a D&B Certified IFRS Professional.
With over 25 years of global experience across technology leadership, large-scale product engineering, and operational excellence. She defines and drives Crest Data’s engineering vision and execution across data and AI foundation for security, observability, automation, and cloud domains. Prior to Crest Data, Neha held senior engineering leadership roles at Cisco and other organizations. She has received several engineering awards including Cisco’s Pioneer award and holds a patent in networking security.
Neha holds a bachelor’s engineering degree in Computer Engineering from Gujarat University and a Master’s degree in Computer Networking from North Carolina State University.
Malhar defines the vision and drives a customer-first, agile, and empowering culture rooted in equality and continuous learning. With over 25 years of enterprise technology leadership, Malhar drives strategic growth in data and AI, security, DevOps, and cloud spaces while fostering innovation and team excellence at Crest Data. His strategic leadership positions Crest Data as an AI-first product engineering and technology solutions provider that accelerates clients’ success in a rapidly evolving technology landscape.
Prior to founding Crest, Malhar held leadership roles in product management at Cisco’s Insieme Business Unit (acquired by Cisco in 2013) and Nuova Business Unit (acquired by Cisco in 2008) where he led the growth of Cisco’s Data Center Switching business from inception to an annualized revenue of over $1.5 bn.
Malhar holds a bachelor’s engineering degree in Civil Engineering from Gujarat University and a Master’s degree in Computer Networking from North Carolina State University.