30%
Reduction in total cloud spend

90%
Of optimization recommendations fully automated

100%
Correctly-tagged AWS resources

Executive Summary

Legit Security, a leading application security platform provider, faced escalating AWS costs across their infrastructure. Manual cost optimization efforts couldn’t keep pace with their rapid growth.

By implementing OpenOps, Legit Security transformed their FinOps practice through no-code workflow automation and human-in-the-loop approval gates, achieving a 30% reduction in overall cloud costs—enabling significant reinvestment in product development and market expansion.

About Legit Security

Legit Security secures software supply chains through comprehensive application security posture management. Their platform runs on a multi-account, multi-region AWS deployment using Kubernetes-based microservices with extensive EC2, EBS, RDS, and container services. Founded in 2020 and now in rapid scale-up, their challenge was managing exponential infrastructure growth while maintaining unit economics.

Growth Is Costly

Legit Security’s rapid growth created compounding infrastructure challenges:

  • Resource Proliferation: EBS volumes, aging AMIs, and over-provisioned instances accumulated across regions. Multiple regions used expensive gp2 storage exclusively, while others contained numerous oversized volumes and forgotten snapshots.
  • Kubernetes Complexity: Code scanner pods showed significant discrepancies between requested and actual resource usage, but manual right-sizing would require extensive effort and risk.
  • Traffic Cost Multiplication: A single NAT Gateway architecture caused data to traverse availability zones unnecessarily, inflating network expenses by 40%.
  • Manual Limitations: Sporadic audits and one-off scripts couldn’t scale or provide continuous optimization.

The OpenOps Platform

OpenOps’ no-code workflow automation and human-in-the-loop controls enabled systematic optimization across their infrastructure.

  • Foundation: The team started with OpenOps’ pre-built workflow templates, customizing them through the no-code interface without writing scripts. Every automated action sent notifications to Slack channels where engineers could review, approve, or reject changes. Starting with read-only workflows in staging, they gradually enabled automated remediation as confidence grew.
  • Storage Optimization: Customized workflows automated gp2-to-gp3 volume migrations across regions (15% storage cost reduction), right-sized over-provisioned volumes with human approval gates (20% EBS cost reduction), and cleaned up obsolete snapshots (57% backup cost reduction).
  • Compute & Database: Instance migration workflows orchestrated upgrades to newer generations (15% cost reduction). When analysis revealed minimal IOPS utilization, automated workflows with approval gates migrated PostgreSQL to gp3 storage (23% database cost reduction). Dependency checking in cleanup workflows prevented potential outages by identifying Spot fleet configurations that referenced seemingly unused AMIs.
  • Kubernetes: Workflows integrating Kubecost data enabled Slack-approved pod resource adjustments (40% pod cost reduction). Single-AZ pod scheduling experiments with automated rollback showed 30% inter-zone traffic cost reductions. ECR pull-through caching workflows reduced Docker registry traffic by 60%.
  • Network Architecture: Workflows orchestrated multi-AZ NAT Gateway deployment with human approval at key transition points (45% data transfer cost reduction). Customized workflows incorporating VPC Flow Log data reduced overall network costs by 35%.
  • Implementation Approach: The no-code interface lets DevOps engineers build and refine workflows without specialized scripting expertise. When the standard EBS migration workflow needed modification for their multi-region setup, the team made changes through the interface during their first week. Senior engineers reviewed proposed optimizations via Slack during morning standups, approving safe changes with a click—all without logging into the AWS console or running CLI commands and scripts manually.

See What OpenOps Can Do For You

Get Started

Measurable Impact

The implementation delivered quantifiable improvements across multiple teams:

Cost Reduction

  • 30% reduction in total cloud spend
  • 35% reduction in EBS costs
  • 15% savings from instance upgrades
  • 23% reduction in RDS costs
  • 40% reduction in data transfer charges
  • 57% reduction in backup storage costs

Operational Impact

  • 100% resource tagging compliance achieved
  • 90% of optimization opportunities now automated
  • 60% reduction in time spent on manual cost audits
  • Optimization workflow deployment reduced from weeks to hours

Strategic Benefits

  • Cost per transaction reduced by 35%
  • DevOps team redirected to product innovation
  • Monthly cost variance reduced from ±15% to ±3%

Key Insights

  • No-Code Automation Accelerates Adoption: The entire DevOps team could contribute to cost optimization, not just those with scripting expertise, accelerating implementation and creating broader organizational buy-in.
  • Human-in-the-Loop Builds Trust: Maintaining approval gates for significant changes gave the team confidence to automate aggressively. Slack-based approvals meant oversight didn’t slow operations—approvals typically happened within minutes.
  • Templates Reduce Time-to-Value: Pre-built templates dramatically reduced implementation time and incorporated best practices the team might not have discovered independently.
  • Safe Experimentation Enables Innovation: Workflow testing and automated rollback features let the team experiment with optimizations they would have been too cautious to try manually, leading to discoveries like 30% network cost reductions.

Looking Forward

Legit Security’s OpenOps implementation established the foundation for continuous cost optimization as they scale. The platform’s automated workflows now prevent waste that previously accumulated silently, while the no-code interface enables the team to respond to new optimization opportunities within hours rather than weeks.

This agility, combined with human-in-the-loop approvals, transforms cloud cost management from a reactive discipline into a proactive competitive advantage—enabling infrastructure costs to scale sub-linearly with growth.

By using the OpenOps no code automation engine and templates, we immediately resolved issues that saved over 30% of bill, and set guardrails to make sure they don’t surface again.

Liav Caspi

Co-Founder & CTO, Legit Security

About OpenOps

OpenOps is an open-source cloud operations automation platform that helps organizations implement systematic FinOps practices through no-code workflow automation and human-in-the-loop controls. By combining customizable workflow templates, safe execution with approval gates, and seamless integration with tools like Slack and GitHub, OpenOps enables continuous cost optimization without risking production stability.

Learn more at openops.com or explore the documentation at docs.openops.com.

Industry
ASPM
Headquarters
Boston, MA

Table of Contents