Keyrock is a global crypto market maker and liquidity provider, operating critical trading infrastructure across digital asset markets. The business runs a multi-account cloud environment on AWS, alongside additional cloud providers and SaaS systems. At this scale, infrastructure needs to be delivered with speed, governance, and clarity – without relying on a centralized team to manage every change

Keyrock used Terraform Cloud to manage infrastructure delivery. As Keyrock grew and its cloud infrastructure scaled, Terraform Cloud became harder to operate with confidence. Drift and manual changes introduced risk, and permissioning couldn’t keep up with how Keyrock needed to scale access across teams. The infra team ended up absorbing too much of the day-to-day change load. 

Keyrock Challenges: infrastructure bottlenecks, limited control & drift 

Terraform Cloud did the job early on, but as Keyrock scaled, infrastructure became harder to manage with confidence. Legacy Terraform code, drift, and unmanaged-by-IaC resources introduced operational risk, while workspace sprawl made it difficult to enforce ownership at scale.  

Keyrock needed a model that could scale access across engineering teams while enforcing segregation and least privileged operations.

Rob Dudley, Head of Infrastructure at Keyrock, described the business impact:

“We were introducing significant risk through drift and unmanaged-by-IaC resources. This lack of confidence then impacts your delivery cadence and velocity.”

Rob Dudley

Head of Infrastructure

Keyrock began looking for a Terraform Cloud alternative. The goal wasn’t just to fix drift – it was to democratize infrastructure access without losing control.  Keyrock needed a solution that was reliable enough to safely hand infrastructure ownership to engineering teams across the business.

Keyrock Solution: replacing Terraform Cloud with ControlMonkey

Keyrock adopted ControlMonkey as a Terraform Cloud replacement to build a more scalable infrastructure delivery model – one that delivers full visibility into discrepancies between cloud vs. code, enforces permissioned access across teams, and supports audit-ready automation across the cloud estate.

First win: visibility into IaC vs. real infrastructure

Keyrock’s first win with ControlMonkey was visibility – surfacing the gap between Terraform code and real cloud infrastructure, including drift and ClickOps. The DevOps Team gained clear visibility across the estate.

“The big one was the ability to visualize and surface the delta between what we thought we had and what we actually had. We went from 0% visibility on ClickOps & drift to having 100% visibility”

Rob Dudley

Head of Infrastructure

Compliance-ready governance

Keyrock operates under strict regulatory and security requirements, including DORA, MiCA, and SOC 2. At this scale, compliance depends on infrastructure delivery that is locked down, auditable, and clearly owned across teams. ControlMonkey gave Keyrock the foundation to enforce segregation and responsibility, so the business can move fast while staying secure and audit-ready.

Our ability to meet our compliance needs all depend on having a system that is fully locked down, fully auditable, nicely segregated, and very clear in terms of responsibility.

Rob Dudley

Head of Infrastructure

Democratizing IaC: shifting infrastructure ownership beyond a central team

As Keyrock grew, infrastructure delivery couldn’t stay centralized within the infrastructure team. The team needed a way to expand infrastructure access across engineering teams while keeping delivery controlled, auditable, and safe. ControlMonkey enabled that shift – making infrastructure a shared workflow rather than something handled only by a small group.

Rob described the impact ControlMonkey has had on his Team:

I highly recommend ControlMonkey to peers. Not only for its amazing technology stack but also because of the speed in which they push features that make our lives easier

Rob Dudley

Head of Infrastructure

As part of this shift:

• Stakeholders contributing to Infrastructure changes grew 8× –  from ~5 people to ~40 active contributors
• ~70–80% of infra change management contributors are now from outside the infrastructure team
• Engineers gained the context they need to make safe changes, even when access is read-only — including full plan visibility

The Results

With ControlMonkey, Keyrock gained clear visibility into the gap between infrastructure in code and infrastructure running in the cloud –  including drift and manual ClickOps changes. What started as a Terraform Cloud replacement quickly became a foundation for scaling infrastructure delivery across engineering teams, without losing governance or auditability.

Already, the platform has delivered meaningful impact – Keyrock now have 0 drift & clickops on their best practice cloud estate.

More importantly, infrastructure is no longer something that is “done to teams.” It has become a shared workflow and a common point of conversation across the engineering org:

The sheer level of support, service and partnership that we get from working with ControlMonkey can’t be overstated. It is night and day compared to other providers that we’ve worked with

Rob Dudley

Head of Infrastructure

Ready to eliminate ClickOps, and scale IaC across your engineering org?

ControlMonkey helps engineering teams ship infrastructure with confidence — with full ClickOps visibility, drift control, and org-wide IaC participation.

Request a demo to see how it works:

UBIQ Education delivers a school website platform, helping schools worldwide deliver personalized experiences. The company serves hundreds of institutions across multiple regions. It onboards 10–20 new schools every month and deploys workloads across dozens of Azure regions. This ensures reliable, local delivery at scale.

UBIQ Challenge: Scaling Cloud Operations While Staying Compliant

As UBIQ’s customer base expanded, its cloud operations struggled to keep pace. The company initially used Terraform Cloud (TFC) but quickly hit limitations around environment separation, stack flexibility, and private agent pricing. The initial infrastructure was set up manually by developers. This created a ClickOps culture. As a result, there was Terraform drift, compliance gaps, and long deployment cycles.

Provisioning each new school site required 4 people in the loop. This added overhead and slowed a process that needed to keep pace with UBIQ’s rapid global growth.

At that point, Ed Haynes joined UBIQ as Principal Platform Engineer. He has over 15 years of experience in infrastructure roles. Ed worked at Lloyds Banking Group and Landmark Information. He has strong skills in Azure and Terraform. He understood that the company needed a scalable model for its growth.

The Results – Provisioning at Scale

Provisioning at Scale

With ControlMonkey, UBIQ transformed its cloud operations. Provisioning effort dropped by 75% – from four people to one. By removing handoffs between teams, UBIQ cut overhead and reduced ticketing. Developers gained more time to focus on innovation instead of repetitive provisioning tasks. 

ControlMonkey’s auto-stack creation ensured new environments could be spun up instantly. Moreover, the Azure DevOps PR integration provided contextual feedback. This helped reduce provisioning time and back-and-forth code reviews.

Providing such robust automation also eliminated ClickOps. Engineers felt more confident provisioning and updating infrastructure through Terraform. They no longer needed to bypass the golden pattern by using the Azure console.

UBIQ SOC 2 Compliance Gains

ControlMonkey also strengthened compliance. Before, manual provisioning and drift incidents made it harder and slower. It was difficult to keep up with  SOC 2 requirements, especially around encryption defaults and public-facing configurations. Through policy enforcement, Ed established rules to maintain a zero-tolerance approach for secrets and API keys in production. Additionally, drift detection promptly identified any misconfigurations.

The result: Achieving a 100% SOC 2 compliance acceptance rate in the infrastructure delivery process. This gave the company confidence to scale securely without losing agility.

"We achieved a 100% SOC 2 compliance acceptance rate, particularly around encryption and the security pillar of SOC 2. Compliance is now built into our infrastructure delivery process and proactively enforced, giving us confidence that issues are addressed before they ever reach production"

Ed Haynes

Principal Platform Engineer

Migration off Terraform Cloud

Ubiq decided to migrate from Terraform Cloud after seeing ControlMonkey in action. They realized the benefits of an IaC platform that supports infrastructure delivery, AI-powered Terraform code generation, and cloud integration beyond the code.

Migration from Terraform Cloud took just 1 day thanks to ControlMonkey’s automated migration tool.

Next phase: Self-service Terraform templates for non-tech users

With provisioning streamlined and compliance risks eliminated, Ed is now focusing on taking automation even further. UBIQ plans to adopt ControlMonkey’s self-service templates, which will allow non-technical teams to provision new customer environments without engineering involvement.

This next step will extend automation beyond DevOps. It will further reduce overhead and enable faster business growth. It will help UBIQ onboard 10 to 20 new schools each month without the cloud operations team becoming a bottleneck or slowing down the business.

"We’ve taken the number of people required to be involved in provisioning a new site from four down to one. That efficiency means more time for innovation, less ticketing, and more productivity overall"

Ed Haynes

Principal Platform Engineer

About

HoneyBook is a business management platform specifically designed for creative entrepreneurs and small businesses. It provides a range of tools and features to help users manage their workflow, including project management, invoicing, and client communication. By streamlining these processes, HoneyBook aims to help users save time and grow their businesses more efficiently.

HoneyBook Challenge: Improve deployment speed, security, and configuration clarity

HoneyBook was working on a new project to split their AWS accounts into smaller accounts while doing it fully with Terraform in order to improve deployment speed, security, and configuration clarity.
Some of the resources were intended to be re-created in new AWS accounts and other resources were planned to be imported to Terraform in the original AWS account.

A Complex Multi-Account Terraform Migration

This project was expected to take 12 months with the help of two DevOps engineers and a manager.
As the migration project was complex, HoneyBook was seeking solutions that would allow for a smoother and more cost-effective transition to Terraform.

Accelerating Migration with GenAI Automation

To overcome this challenge, HoneyBook leveraged ControlMonkey’s GenAI-powered code generation capabilities, enabling the automatic creation of Terraform resources directly from existing AWS configurations.
This GenAI-driven automation significantly accelerated the Infrastructure as Code adoption process, reducing manual effort and ensuring consistency across multiple AWS accounts.

“ControlMonkey helped us to shift to Infrastructure as Code easily and swiftly, while saving 80% of the migration time. Now we manage our AWS Infrastructure in a GitOps methodology through the ControlMonkey platform, with no ClickOps operations, saving countless hours of the DevOps time for infrastructure provisioning and management.”

Doron Gutman

Head of DevOps, HoneyBook

The Results: Visibility and Automation – Immediately

After just three minutes of connecting to ControlMonkey, HoneyBook’s cloud environment was quickly mapped and organized into Stacks by the ControlMonkey platform.

The platform automatically generated Terraform code that represented the different resources and created the matching Terraform state file, so HoneyBook could easily either create the resources in a new account or import the existing resources to Terraform without any hassle.

From Months to Weeks: 80% Faster Migration

During the project, HoneyBook was able to see their Terraform coverage on the ControlMonkey dashboard and to prioritize what AWS services and resources they should handle next.

These immediate benefits enabled HoneyBook to replan the migration project to two months of a single DevOps engineer.

Harnessing ControlMonkey capabilities, HoneyBook cut short their migration project by 80% and saved countless hours of error-prone and labor-intensive DevOps hours.

HoneyBook and Disaster Recovery solution

In addition, HoneyBook adopted ControlMonkey’s Disaster Recovery solution to strengthen their resilience posture. ControlMonkey automatically backs up HoneyBook’s entire cloud configuration (including networking, IAM/security, and core infrastructure settings) as versioned, restorable IaC snapshots, giving the team a reliable recovery point and a fast path to restore configuration after accidental changes or deletions.

As a SaaS platform, our availability depends heavily on Cloudflare and our network configuration. Traditional backup solutions didn’t address how we would recover routing policies or edge configurations in the event of an incident. ControlMonkey gives us confidence that our Cloudflare configurations are backed up and recoverable.

Doron Gutman

Director of DevOps and DevSecOps

About ReasonLabs

ReasonLabs is a Cyber Security Company that provides enterprise-grade protection for personal devices, and they serve more than 100 million home users globally.

They have roughly 150 employees and are headquartered in New York and Tel Aviv, Israel, with other offices worldwide.

ReasonLabs Challenge: Large Spread-out Cloud Environment

Effectively managing and governing a large and spread-out cloud environment has always been a challenge for Reasonlabs.

Reasonlabs Supports millions of global users and continuously updates cyber-security threats to their customers’ assets, which means they release code to production in multiple regions several times a day.   

Before ControlMonkey, they were manually reviewing and approving over 100 Git pull requests a day, in order to make sure the provisioned Infrastructure was compliant according to their organization’s Control Policies.

The Breaking Point: Manual Governance at Scale

With team members spread over different time zones, communicating and syncing effectively on deployments was a huge challenge for everyone on the DevOps team.

As a DevOps manager, Anton wanted to improve his team’s productivity, gain full visibility over their cloud infrastructure, and accelerate the release to production, without needing to compromise on quality or compliance.   

Before ControlMonkey, they tried to develop a solution in-house. But very quickly they understood that developing and maintaining such a robust system would take a lot of time and effort, which they didn’t really have to spare. 

ControlMonkey’s Solution: increases their productivity by 30%

Now with ControlMonkey, the DevOps team at Reasonlabs finally gained full visibility and control over what’s actually running on their cloud. 

ControlMonkey’s solution for GitOps Infrastructure CI/CD automatically reviews the pull request and the ControlMonkey Bot tells them exactly where and why it failed, and then they can easily run to fix it, it’s that simple now.  

ControlMonkey is the only solution that offers such a robust and complete GitOps CI/CD pipeline that not only validates that their AWS infra is always secure and compliant, but also saves the DevOps team plenty of time and effort, and increases their productivity by 30%.

“Thanks to ControlMonkey, we are now able to release faster and safer to production, all while dramatically improving our team collaboration and productivity.”

Anton Yurchenko

Director of DevOps & Data

About

A leading virtual education platform serves millions of students and educators worldwide. It manages a distributed architecture on AWS and relies heavily on Terraform to orchestrate its infrastructure. With over five years of Terraform code spread across 50 repositories, it faced challenges in managing large-scale cloud environments, such as Terraform drifts, inconsistent configurations, and a lack of visibility.

They turned to ControlMonkey to address these issues, aiming to modernize its Terraform operations and create a standardized, scalable infrastructure.

Challenge: Scaling Terraform Without Central Control

Before adopting ControlMonkey, the DevOps team encountered several operational challenges that worsened as they scaled.

No Visibility Across 50 Repositories

• Terraform Drifts: Years of Terraform code and multiple users modifying resources in production through ClickOps have led to mismatched versions and frequent drifts, necessitating hours of manual investigation.
• Lack of Visibility: Understanding the state of resources across 50 repositories was challenging without a central control plane.
• Inconsistent CI/CD Pipelines: Each repository used different CI scripts, leading to inefficiencies, confusion, and lack of standardization.
• Compliance Audits: Ensuring compliance with CIS and PCI standards in multiple regions was time-consuming, especially during audit preparation.

From POC to Platform Adoption in Days

After discovering ControlMonkey through an online search, they quickly started a POC and began implementing the platform. Within a day, they had onboarded their first organization, and its benefits became evident to other DevOps team members and engineering group teams. The POC’s results were promising, so they chose ControlMonkey as its Terraform Automation Platform. 

The Key capabilities leveraged by the DevOps team include the following:

1. Drift Detection & Remediation: Real-time detection of infrastructure drifts with one-click remediation significantly reduced manual investigation time, saving the DevOps team countless hours. 
2. Terraform CI/CD: Unified pipelines with GitOps standardization ensured compliance across all repositories, simplifying audits for standards like CIS and PCI. This boosted developer confidence in Terraform and made it more user-friendly.
3. Complete Asset Inventory: A centralized control plane provided a clear yet deep view of the infrastructure, allowing the team to fully understand the current state of their cloud resources and transition from reactive to proactive management.
4. Identifying Unused Resources: With the missing visibility provided by the ControlMonkey platform, the team was able to identify and eliminate zombie resources, resulting in immediate savings that covered the cost of the platform.

The Results: Faster Terraform Delivery and DevOps Efficiency

Within a year of using ControlMonkey to automate and govern cloud infrastructure, they have achieved:

• Improved DevOps Efficiency: Terraform task lead times were cut by an average of 20%, freeing the team to focus on higher-value work and strategic innovations. 
• Terraform Accessibility and Collaboration: ControlMonkey is used by 15 DevOps engineers daily and by more than 100 developers weekly.
  ControlMonkey is a cross-team infrastructure collaboration platform that makes Terraform more accessible to less proficient developers. 
• Standardization Across Repos: ControlMonkey brought consistency to their CI/CD pipelines, reducing errors and misconfigurations, enhancing reliability, and ensuring compliance. 
• Increased Scalability: The ControlMonkey platform enabled faster, more efficient scaling of cloud resources on AWS infrastructure. 
• Cost Savings: Identifying unused VPCs and other zombie resources has already saved the company significant costs.

The cost savings were so significant that we could cover the annual expense of the ControlMonkey platform, which I found remarkable.

Ivan Carrion

Principal DevOps Engineer

Future Plans: Enforcing IaC-Only Operations and Policy Control

ControlMonkey is helping the DevOps team to implement new Terraform CI/CD policies to restrict resource usage, enhance compliance, and cut costs.
The platform has allowed for the complete shutdown of console operations (ClickOps), enabling them to fully utilize Infrastructure as Code (IaC) and maximize Terraform’s potential.

Conclusion

ControlMonkey has been crucial in helping the DevOps team modernize its Terraform operations, improve visibility, and reduce costs. By resolving significant bottlenecks and optimizing workflows with Terraform Automation, they are better prepared to scale infrastructure and concentrate more on innovation.

After a year of using ControlMonkey, the results have been nothing short of transformative for our DevOps team and the entire organization. It’s completely changed how we manage and scale our cloud infrastructure.

Ivan Carrion

Principal DevOps Engineer

About

Windward analyzes more than +2M Daily vessel activities to provide its customers with the latest insights and Organization Defined Risk tailored to their unique workflows to optimize operational readiness and supply chain risk management.

The Challenge

For a rapidly scaling company with a large and robust cloud infrastructure, Windward found it extremely difficult to manage and govern its AWS environments efficiently.

The combination of error-prone manual resource configuration, lack of version control, inconsistencies, and scalability drove Windward’s engineering to standardize their cloud environments by utilizing Terraform.

Despite high Terraform usage, the WindWard DevSecOps team still faced challenges managing and governing their AWS resources.

• Employees were still modifying resource configurations through the AWS Console, causing Terraform Drifts that negatively impacted the standardization they attempted to implement with Infrastructure as Code.
• Whenever an infrastructure change was needed, Terraform ‘Plan’ and ‘Apply’ were run on the DevOps personal laptops, wasting time, being counterproductive, and creating unnecessary operational bottlenecks.
• Lack of visibility and auditing of infrastructure changes made it extremely difficult to troubleshoot and know exactly who modified what resource and when.
• Shifting more of their infrastructure to Terraform Code required extensive DevOps resources.

So, six months after initially shifting to Terraform, Jonathann Zenou, Director of DevSecOps at Windward, sought an IaC Automation solution to help him overcome these challenges and level up his cloud governance with Terraform. 

The Solution

Windward evaluated several platforms in their search for a Terraform Automation Platform but eventually decided on ControlMonkey as their preferred solution.

While other platforms covered only specific aspects of Terraform Automation, ControlMonkey was the only solution that provided the most comprehensive Terraform Automation, was the fastest to implement, and was extremely simple to use.

Onboarding the ControlMonkey platform and integrating their Terraform stacks was super-easy, enabling the DevOps team to get started immediately.

Since implementing ControlMonkey six months ago, the WindWard DevSecOps team has been able to:

• Run Terraform ‘Plan’ and ‘Apply’ from a centralized, collaborative space and eliminate the need to use their personal laptops.
Whenever a Pull Request was created, the team had full visibility into which resources would be changed and the impact of those changes on security, cost, and other compliance requirements.
• Using ControlMonkey Terraform Import Engine, they shifted more AWS resources to Terraform. They increased their Terraform coverage without writing a single line of code, saving the team precious time routed to strategy and innovation.
• Implement proactive control policies for any new infrastructure change using the ControlMonkey Terraform CI/CD solution.
  • Enforce tagging of every resource to leverage AWS EDP.
  • Prevent the deletion of Production resources.
• Automate the onboarding of new employees using Terraform – ControlMonkey automates the creation of all user accounts for the subsystems employees use (e.g., AWS, Jenkins), making their workflows more efficient.
• Automate the validation of any PR with ControlMonkey’s bot. The bot runs the Terraform ‘Plan’ and provides a detailed report of where and why it failed, leaving the DevSecOps only to need to approve and merge the PR.
• Easily investigate production incidents with a clear audit log of who changed what resource configuration and when, significantly reducing the investigation time from minutes to seconds.
• Extract SLDC and audit reports from their SOC and present them to their security auditors. 
• Enable developers to launch infrastructure resources independently using ControMonkey’s Self-service solution (Internal Developer Platform)
• Shift left their security and compliance measures as part of the Infrastructure CI/CD. 

“What I love about ControlMonkey is that it lets you leverage Terraform to its fullest without needing to write a single line of code.”

Jonathann Zenou

Director of DevSecOps