About Customer

KG Somani & Co LLP (KGS) is a third-generation Chartered Accountancy firm based in India, with a professional legacy spanning more than five decades. The firm provides audit, taxation, advisory, and consulting services to a wide range of clients across industries. KGS has association with Financial Institutions, Banks, Power Companies and Corporations, Manufacturing and Transport (including Railways & Aviation) Industry etc. in and outside India.

With increasing reliance on digital platforms and web-based engagement, KG Somani required a modern, scalable, and secure cloud infrastructure to support its public-facing applications and internal business operations while maintaining compliance and operational reliability.

Challenges

As part of its digital modernization initiative, KG Somani aimed to deploy a secure and resilient web application platform on Amazon Web Services (AWS). The objective was to enable scalability, ensure high availability, strengthen security controls, and establish an efficient cloud operating model with DevSecOps enablement.  

Prior to engaging Velocis, the organization faced several operational and architectural challenges, including:

• Limited Automation and DevOps Enablement: Application deployments were predominantly manual, resulting in longer release cycles and increased operational risk. Additionally, the absence of segregated QA, UAT, and production environments led to inadequate testing controls, higher chances of production impact during releases.

• Scalability and Availability Constraints: The existing application’s single server setup required a more resilient and scalable architecture to support growing user traffic without service disruption.

• Logging and Observability: Insufficient logging mechanisms made it challenging to gain insights into the performance and health of AWS services and resources, impacting operational efficiency.

• Security and Governance Gaps: The environment lacked advanced security controls, automated compliance monitoring, and centralized visibility, which are critical for regulatory-driven workloads.

Why Velocis

KG Somani selected Velocis as its AWS Cloud Managed Services Partner due to Velocis’ strong expertise in AWS architecture design, cloud operations, security, and governance. As an AWS Advanced Consulting Partner and AWS Well-Architected Partner, Velocis conducted a detailed assessment of the customer’s requirements and designed a secure, scalable, and operationally efficient AWS environment aligned with AWS best practices. Velocis’ Cloud MSP team was responsible for solution design, implementation, and establishing a robust cloud operations framework.

Solution Advised

AWS Web Application Firewall | AWS Elastic Load Balancer | AWS Auto Scaling Group | Amazon Elastic Compute Cloud | AWS Certificate Manager | AWS Code Deploy | AWS Security Hub | Amazon Inspector | Amazon RDS | Amazon GuardDuty | Amazon CloudWatch | AWS CloudTrail | AWS X-ray |

Velocis proposed a comprehensive AWS-based solution focused on operational excellence, security, high availability, and cost optimization, leveraging the following AWS services:  

• Amazon EC2 (Elastic Compute Cloud) to provide scalable and resizable compute capacity in the cloud, allowing us to adjust resources based on demand for cost efficiency and performance optimization. Integrated with AWS Elastic Load Balancer (ELB) and Auto Scaling Group (ASG), it ensures high availability and scalability by distributing traffic across multiple servers, and seamless scalability to enhance the user experience.

• Amazon RDS (PostgreSQL) to host the relational database layer in private subnet, securely, ensuring data durability and controlled access.

• CI/CD Pipeline using Bitbucket Pipelines integrated with AWS CodeDeploy, SonarQube, and OWASP ZAP to automate build, test, and deployment processes while embedding security into the release lifecycle.

• Amazon S3 and Amazon CloudFront to host and deliver the Vue.js frontend globally with low latency, secured using AWS WAF.

• Amazon Route 53 to provide global DNS resolution, allowing users to access web applications using the domain name. Route 53 is used to route incoming traffic based upon the recodes configured in the capitall.io Hosted Zone.

• AWS WAF (Web Application Firewall) to provide an essential layer of protection for web applications against common web exploits and attacks such as SQL injection, cross-site scripting (XSS), and HTTP floods. Also, AWS Certificate Manager (ACM) to provide simple and cost-effective way to manage SSL/TLS certificates for domain names.

• A combination of Amazon CloudWatch, AWS CloudTrail, and AWS Security Hub to bolster governance and gain comprehensive visibility into its AWS infrastructure and web applications.

• AWS Systems Manager and AWS Config to support operational automation, patch management, configuration tracking, and compliance monitoring.

‍

Solution Description

The AWS environment for KG Somani was deployed in the Mumbai (ap-south-1) region using a multi–Availability Zone architecture to ensure high availability, fault tolerance, and operational resilience. Separate QA, UAT, and Production environments were provisioned using dedicated VPCs, enabling strong environment isolation and controlled release management. The entire infrastructure was deployed through an automated Infrastructure-as-Code (IaC) approach using AWS CloudFormation templates, ensuring consistency, repeatability, and governance across environments.

Internet-facing components, including Amazon CloudFront and the Application Load Balancer (ALB), are hosted in public subnets, while backend services and the Amazon RDS (PostgreSQL) database are securely deployed in private subnets. This design enforces network segmentation and minimizes exposure of sensitive resources.

Application workloads run on Amazon EC2 instances managed through Auto Scaling Groups, enabling dynamic scaling based on traffic and resource utilization to maintain consistent performance while optimizing infrastructure costs. The database layer is hosted on Amazon RDS (PostgreSQL), providing a fully managed, highly available, and secure data platform.

A CI/CD pipeline using Bitbucket Pipelines automates application build and deployment processes, significantly reducing manual effort, deployment risks, and release timelines. The pipeline integrates multiple third-party tools for static code analysis and dynamic application security testing, enabling DevSecOps practices across the application lifecycle.

‍

Results and Benefits

The AWS Cloud Solution delivered by Velocis resulted in measurable business and operational improvements for KG Somani:

• Improved Availability and Resilience: The implementation of a multi–AZ architecture, combined with Auto Scaling Groups and automated health checks, improved application availability to 99% and reduced the risk of service disruption by eliminating single points of failure.

• Operational Efficiency and Faster Deployments: The adoption of an automated CI/CD pipeline reduced manual deployment effort by 60–70% and shortened application release cycles from days to hours, enabling faster and more reliable application updates with significantly fewer deployment-related issues.

• Enhanced Security and Governance: The implementation of layered security controls, centralized logging, and continuous monitoring significantly strengthened the KG Somani’s infra security posture and audit readiness.

• Proactive Managed Cloud Operations: With 24×7 managed cloud operations support from Velocis—including monitoring, patching, security oversight, and continuous optimization— KG Somani experienced improved service stability and reduced operational overhead, enabling internal teams to focus on core business and client-facing activities.

‍

‍