Modernizing Enterprise DevSecOps with an AI-Enabled, Multi-Tenant AWS Platform
Executive Summary
The customer, through this project, set out to help technology companies strengthen their security posture by automating daily vulnerability detection and delivering AI-enabled code suggestions across thousands of repositories. As adoption expanded, the platform needed to support a multi-tenant environment that could scale reliably while remaining cost-efficient and minimizing operational overhead. This required a cloud-native architecture capable of running large-scale, parallel vulnerability scans, orchestrating automated workflows, securely storing results, and providing real-time operational visibility.
This case study describes how Crest Data leveraged AWS CloudOps best practices to design and implement a fully managed platform using Amazon ECS, AWS Lambda, Amazon SQS, Amazon DocumentDB, Amazon CloudWatch. This helped in optimized networking with Amazon ECR and VPC Endpoints enabling predictable operations, reduced costs, and faster remediation insights to support scalable DevSecOps adoption.
About the Customer
The customer is a leading cybersecurity solutions provider focused on delivering unified asset intelligence and cyber risk management. The organization enables real-time visibility and protection across complex and diverse technology environments, helping enterprises and public-sector organizations continuously identify, prioritize, and remediate security risks at scale. Through its core platform, the customer supports large, dynamic infrastructures by providing actionable insights that strengthen security posture across interconnected digital and operational ecosystems.
Customer Challenge
The customer needed to deliver a multi-tenant vulnerability scanning platform that could scale to thousands of repositories across multiple tenants while maintaining cost efficiency and operational resilience. The core challenge was to balance scalability, automation, and observability without increasing manual overhead for development teams.
Traditional vulnerability management approaches were either too slow, too costly, or lacked actionable insights, making it difficult for software companies to quickly respond to security issues. The customer required a solution that could run daily scans, centralize results, and provide AI-led code-level remediation suggestions that integrated directly into developer workflows.
If left unaddressed, these challenges would have led to security blind spots across customer repositories, significantly increasing the risk of breaches and compliance violations. Development teams would continue to spend excessive time manually triaging and fixing vulnerabilities, slowing release cycles and eroding customer trust.
Proposed Solution
Crest Data implemented a multi-tenant SaaS solution on AWS designed to run daily vulnerability scans across thousands of repositories while ensuring scalability and strong observability. The architecture followed AWS CloudOps best practices to balance automation, cost-efficiency and reliability.
The scanning workflow is orchestrated using Amazon EventBridge and AWS Lambda, which trigger the scans once a day. Each repository is scanned using multiple vulnerability scanning tools. The scans are executed in parallel, enabling the system to process large workloads quickly and efficiently.
All scan results are aggregated and stored in Amazon S3, providing durable and cost-effective storage. Each record is tagged with a tenant ID, ensuring logical isolation of data across customers. After results are available, the platform invokes an external AI model via secure API calls, which analyzes vulnerabilities and provides code-level remediation suggestions.
For observability, we integrated Amazon CloudWatch metrics, dashboards and alerts to track scanner performance and task health. In addition, Lambda-based cleaners were implemented to detect and terminate long-running ECS tasks, improving reliability and preventing resource waste.
Finally, to control networking costs, VPC endpoints were introduced for services like S3, reducing data transfer through NAT gateways. This optimization ensured both cost-efficiency and security while maintaining high system performance.
Why AWS?
We selected AWS as the foundation for our SaaS tool because of its mature ecosystem of CloudOps services that enable automation, observability and ease of use at scale. With Amazon ECS for containerized workloads, AWS Lambda for event-driven automation, Amazon SQS for decoupled orchestration, and Amazon CloudWatch for centralized monitoring, AWS gave us the ability to design a resilient and cost-efficient multi-tenant architecture with minimal operational overhead. AWS also provides the security, compliance and global reach needed to support enterprise software companies.
Features such as VPC Endpoints for private connectivity and Amazon DocumentDB for secure, managed storage allowed us to reduce infrastructure complexity and optimize costs. By building on AWS, we could focus on our differentiator, AI-enabled vulnerability insights and remediation suggestions.
Outcomes & Success Metrics
The project delivered significant improvements in vulnerability detection and developer productivity for the customer’s DevSecOps workflows. By orchestrating daily scans across more than 3,000 repositories, the platform ensures continuous visibility into security risks without requiring additional manual effort.
The use of parallel ECS-based scanning reduced processing time by nearly 70% compared to serial executions, allowing daily reports to be generated in hours. This efficiency enabled security and development teams to act on findings more quickly, reducing mean time to detection (MTTD) and accelerating remediation planning.
From a cost perspective, infrastructure expenses were optimized through VPC endpoints and Lambda-based task cleaners, keeping the total operating cost at approximately $150-$200 per day for all tenants combined. This translated into a 25% reduction in network transfer costs and ensured predictable increase in costs as the customer scaled to more repositories.
Finally, by integrating AI-driven code-level suggestions, developers were able to resolve vulnerabilities faster, with early adopters reporting up to a 40% reduction in remediation time compared to traditional static reports. Combined with the AI-driven suggestions gave the developers as well as DevOps teams actionable insights while maintaining high system reliability.
About Crest Data
Crest Data is an enterprise technology services and solutions provider with deep expertise in data and AI-driven engineering across Agentic and Generative AI, cybersecurity, observability, data analytics, workflow automation, and cloud technologies. In this case study, Crest Data applied its CloudOps and DevSecOps expertise to build a cost-efficient, scalable AWS platform that enables continuous vulnerability management and supports enterprises in scaling securely with confidence.
Working closely with enterprise customers and supported by strategic partnerships with leading technology providers such as AWS, Google, Microsoft, Datadog, Dynatrace, ServiceNow, and NetApp, Crest Data delivers outcome-focused solutions that accelerate cloud adoption, strengthen security operations, and improve platform reliability.
