Cloud architecture review and cost optimisations for Risilience

Meet Risilience

Risilience provide a deeptech analytics platform that enables companies to manage enterprise risk, transforming their businesses to meet the strategic challenges of climate change.

Risilience brings a detailed understanding of management science and a radical new way of mapping, tracking and managing an organisation, providing products and services that apply research frameworks and approaches pioneered by the Centre for Risk Studies at the University of Cambridge.

The Risilience platform provides detailed science-based scenarios and evidence-based analytics to help organisations manage the risks and meet the opportunities of a rapidly-changing world, turning risk into strategic advantage.


accounts optimised within the assessment

Business Challenges

Making evidence-based analytics that help organisations manage a wide variety of risks puts a strain of multiple cloud environments. Risilience needed to better understand their use of the cloud, ensuring that their current environments and infrastructures were built intelligently, and able to cope with growth, whilst being cost effective.

This challenge presented Firemind with the ability to perform a full architecture and optimisation report, working across 6 individual accounts within AWS.

Why us?

Firemind was chosen due to our experience in assessing the quality and modernisation options available within existing architectures. Over the years, we have undergone a wide variety of workshops for businesses, spanning migration best practices, modernisation next steps, magic wand workshops and more.

Risilience needed a partner like Firemind who could quickly ascertain the quality of architecture in use, as well as work through the best cost optimisations for a company that was growing and scaling in in cloud demands.

During this project, Firemind reviewed the architecture, configuration and utilisation of services and resources across the 6 accounts within the Risilience AWS organization. The goal was to reveal methods to enhance security, optimise performance, review scalability, assess reliability and business continuity, and to cost optimise.

Overall, Risilience was doing an excellent job in managing and provisioning their AWS services and resources. A lot of recommended methods and best practices were being followed, using Ansible to manage IaC deployment of their environments provided a good level of consistency across accounts,
and everything was well organised with strong and manageable naming conventions.

The time spent on this review project looked more closely at services in use and resource relationships and configuration. The recommendations assembled in our report were focused on methods of being Cloud Native, full resilience and scalability, and taking full advantage of the AWS environment and the services available in AWS that enhanced or improved on more traditional server centric methodologies.

In addition, a lot of focus was put into cost optimisation. Not only reducing the current spend and making better use of the services and resources in place, but also ensuring that costs can be managed and did not grow exponentially as the business grew. Essentially, we wanted to help Risilience ensure that as the business scales, costs remain manageable, proportional and can avoid any financial surprises that would require a drastic change to infrastructure design, resource selection or operations.

To view some of the main benefits, view the value adds below.

Added value

The report on the current architecture and cost optimisation options revealed some significant cloud saving opportunities, as well as some modernisation steps which could transform the Risilience cloud platform.


savings found across compute costs with right sizing


Right-sizing was an easy win for Risilience. Adjusting the size of compute and database tiers deployed into the environments will not only save them money, but open budget to apply more effective scaling solutions. Amazon EC2 is the most over-provisioned service, and probably the easiest to adjust inside the current CICD pipeline. The only thing to review and test in preparation for this change was the statefulness of the Risilience application.

Security highlights

The network/VPC configuration was one of the few major concerns in regards to Risilience security. Their placement of some resources on a public subnet should be avoided, and anything that can be moved into a private subnet should be moved as soon as possible. Resources that are only connecting to other resources do not need to be publicly exposed, and servers that do need to be accessed for login to Risilience,
should be associated with a load balancer to ensure there is added security and a secure connection for all authorised traffic with a Client VPN for staff/dev access.

Organisation upgrades

Some additional organisational advice was to use tagging policies (SCP) or adding additional tags to resources deployed from Ansible (environment, owner, version, etc.), and to enable logging wherever possible with a defined retention policy on logs (EC2, RDS, MQ, etc).

Client Satisfaction

“We were very pleased with the outcome. The project was professionally ran, and Firemind clearly have a deep technical competence which met our objectives. I also found Firemind to be very easy to work with. I would be happy to use Firemind again if we needed AWS technical consulting support.”

Mark Pinkerton

VP Software Engineering - Risilience

Leverage our toolkits to improve your time to value
Get in touch

Learn more about how to harness the full power of your data today