Building Intelligence

Zero Certificate Downtime Through Automated SSL Management

How EverOps helped Building Intelligence eliminate customer-facing certificate failures and establish a repeatable architecture to standardize broader SSL management.

Cloud Infrastructure
Security & Compliance
Observability
0
manual certificate-related outages since implementation
Materially improved uptime
and reliability across the environment

Building Intelligence transforms building safety and operations through integrated security at every point of access. Their flagship platform, SV3®, gives facility and security managers the tools to seamlessly manage visitors, vehicles, and vendors from the lobby to the loading dock. Trusted by some of the world's most recognizable brands, the company is SAFETY ACT-certified and SOC 2 examined, serving commercial real estate, convention centers, stadiums, healthcare facilities, and event venues. 

When your platform is the security layer that organizations depend on to verify every person and vehicle entering their facilities, the reliability of your infrastructure is foundational to customer trust.

EverOps partnered with Building Intelligence over the course of a year to mature the company's infrastructure across AWS management, cost posture, and reliability. A central piece of that engagement was helping Building Intelligence establish and grow a real SRE function from an engineering-led effort. The certificate management work detailed below is one concrete, high-impact example of that broader transformation.

The Challenge

Fragmented Certificate Management Created Customer-Visible Failures

Building Intelligence’s SSL certificate management had become increasingly fragmented and unreliable over time. Multiple Certbot implementations ran across EC2 instances and Docker containers, alongside manually purchased certificates from providers like GoDaddy. Certificates were stored in inconsistent locations, with no centralized system to track ownership or status.

Simultaneously, there was a lack of proactive monitoring. Expired certificates were typically discovered only after customers encountered browser warnings or engineers happened to access a failing endpoint. While the underlying application often remained functional, these visible security warnings eroded user trust and reflected poorly on a platform built around safety and security.

Finally, when issues did arise, resolution was entirely manual. Engineers had to locate the correct instance, determine how the certificate was managed, find its location, and restart the appropriate services. Some incidents were resolved within minutes, while others stretched into multi-day outages. Without monitoring in place, failures often surfaced only when customers reported them, which significantly extended the time to resolution and turned certificate management into a recurring, high-risk operational issue.

The Approach

Standardize, Automate, and Monitor

EverOps partnered with Building Intelligence to replace its fragmented certificate management with a unified, automated architecture built on AWS-native services. The engagement began with a full audit of all SSL certificates, mapping domains, ownership, and management methods to establish a single source of truth.

From there, the team designed a standardized approach that eliminated manual certificate management entirely. All web traffic was routed through Application Load Balancers, with AWS Certificate Manager handling provisioning and renewal. TLS termination was also moved to the load balancer layer, removing certificate-related failure points from individual services.

EverOps worked alongside the Building Intelligence team to execute the migration without disrupting live systems or customers. The entire solution was implemented as Infrastructure as Code, ensuring consistency, repeatability, security, and auditability in a single pass.

Technologies & Tools:

The Approach

Embedded Expertise with a Clear Roadmap

EverOps embedded a 3-person FinOps Pod directly into Life360's platform team. Within the first week, our engineers had access to their AWS accounts, joined their Slack channels, and began a comprehensive cost analysis using our proprietary Opportunity Finder methodology.

The engagement followed a structured approach: two weeks of discovery and prioritization, four weeks of execution on high-impact optimizations, and two weeks of governance implementation to sustain savings. Throughout, the Pod operated as an extension of the internal team — attending standups, collaborating in real-time, and transferring knowledge continuously.

Unlike consultants who deliver reports, our Pod executed the changes directly — rightsizing instances, eliminating waste, renegotiating reserved capacity, and implementing automated cost controls.

Strobe logo
Strobe logo
Strobe logo
Strobe logo
The Solution

ALB, ACM, and WAF As a Unified Security Layer

EverOps replaced fragmented certificate management with a standardized, automated architecture built on AWS. The solution is fully defined in Infrastructure as Code, making it repeatable across products and regions.

Key Initiatives: 

  • ALB-Based TLS Termination: All public-facing services were moved behind Application Load Balancers, centralizing TLS termination at the load balancer layer. Individual services no longer manage their own certificates. The ALB forwards traffic directly to backend services, eliminating certificate-related failure points at the application level. Access logs are sent to S3 for improved audit and troubleshooting visibility. The architecture is designed for sharing, with a single ALB per VPC using forwarding rules and multi-SAN certificate support to handle multiple domains efficiently, keeping infrastructure costs down compared to common 1:1 load balancer-to-service implementations.
  • ACM-Managed Certificate Lifecycle: AWS Certificate Manager now handles all certificate provisioning and automatic renewal. Certificates that previously required manual purchase, installation, and rotation are managed entirely by AWS with zero human intervention. The entire configuration is defined in Infrastructure as Code, making the pattern repeatable and applicable across multiple products and regions.
  • WAF Integration for Defense in Depth: AWS WAF was deployed in front of every service behind the ALB, adding SQL injection protection, cross-site scripting defenses, and other OWASP-style controls. This standardized security across all ALB services, replacing ad hoc per-instance approaches with centrally managed policies.
  • Proactive Monitoring and Alerting: Real-time monitoring was configured through Grafana dashboards with Slack alerting, providing proactive visibility into certificate status, traffic patterns, and security events. Issues are now surfaced to the team before any customers are impacted.
The Results

Reactive Firefighting to Proactive Certificate Health

EverOps developed an automated solution for certificate-related outages at Building Intelligence by replacing manual, fragmented processes with a fully automated, AWS-native architecture. What was once a recurring operational risk now runs reliably in the background. This new architecture also provides a proven, repeatable pattern for broader adoption across the environment. 

With ACM handling certificate lifecycle management, downtime from certificate expiration has been reduced to near zero. Grafana monitoring and Slack alerting give the team early visibility into potential issues, shifting from reactive firefighting to proactive management.

Beyond reliability, the EverOps team strengthened Building Intelligence's security posture by standardizing WAF protection across services, freeing engineers from manual certificate troubleshooting and allowing them to focus on higher-value work.

The solution, built entirely with Infrastructure as Code, provides a repeatable foundation that scales across products and regions. As the company expands coverage across its broader environment, the same architecture applies consistently, without introducing new operational overhead.

0
manual certificate-related outages since implementation
Standardized WAF protection
deployed across services
Materially improved uptime
and reliability across the environment
Client Experience

“We're a security platform, so visible certificate failures hit us in two places at once. They eroded the trust our customers place in us, and they consumed real engineering and support capacity through constant manual remediation. Resolving both of those at once changed how our team operates day to day and reinforced the reliability our customers count on."

Building Intelligence Representative
CLIENT EXPERIENCE

“We're a security platform, so visible certificate failures hit us in two places at once. They eroded the trust our customers place in us, and they consumed real engineering and support capacity through constant manual remediation. Resolving both of those at once changed how our team operates day to day and reinforced the reliability our customers count on."

Green background with repeating placeholder text in a dark green color scheme pattern design.
— Building Intelligence Representative
What's Next?
With automated certificate management and unified security controls in place, Building Intelligence has a foundation that scales with the business. As new products and services are added to the platform, the same ALB, ACM, and WAF pattern can be applied without introducing new operational overhead. The EverOps team continues to support ongoing infrastructure initiatives as Building Intelligence expands its platform capabilities.
RELATED CASE STUDIES
Consumer Tech
Life360
From 12 Hours of Interviews to Instant Strategic Insights with a Custom AI Agent
Read case study
Consumer Tech
Life360
From Weeks to Days: How Real-Time Observability Transformed Infrastructure Velocity
Read case study
Consumer Tech
Global Consumer Tech
Full Visibility into $20M in Devices to Eliminate Fraud Risk
Read case study