Steady Rabbit
Get in touch

Secure-Data Platform Transformation

Delivering a Multi-Tenant, AI-Ready, SOC 2-Compliant Infrastructure in Nine Months with Steady Rabbit’s Core-Flex
Micro-GCC Model

Client
US InsurTech Scale-up
Founded

2018 | Series A: US $28 M

Product

Cloud data platform ingesting policies, claims & IoT telemetry, exposing AI-ready APIs for underwriting, pricing, and analytics.

US InsurTech Scale-up

Case Study

Executive Summary

A fast-growing US-based InsurTech scale-up—positioning itself as “the Snowflake for Insurance”—needed to evolve its proof-of-concept data service into an enterprise-grade, multi-tenant platform … fast. Three Fortune-500 carriers were ready to sign multi-year contracts, but only if the company could guarantee sub-second query performance, SOC 2 Type II compliance, and AI-ready data services within nine months.

Steady Rabbit mobilised a Core-Flex Micro-GCC: a permanent Core squad for end-to-end ownership, an on-demand Flex layer of specialists, and a zero-cost Buffer bench to hedge attrition. Together we delivered:

  • 2 TB/day secure ingest pipeline that scales ×10
  • Vector search cutting p95 query latency 4.2 s → 480 ms (8.7 × faster)
  • SOC 2 Type II audit passed three months early
  • Zero schedule slippage across 11 sprints, unlocking US $7.8 M ARR in new contracts

The system is now a revenue-generating SaaS add-on, projected to add USD 2.3 million ARR to I2E’s services portfolio.

Client Profile & Business Context

  • Headquarters

    Chicago, IL

  • Founded

    2018 | Series A: US $28 M

  • Product

    Cloud data platform ingesting policies, claims & IoT telemetry, exposing AI-ready APIs for underwriting, pricing, and analytics.

Tech Baseline (Pre-engagement)

Area
Status
Data Ingest
Manual CSV uploads; capped at 200 GB/day
Database
Single-tenant PostgreSQL
API Layer
Monolithic Flask; noisy-neighbour latency spikes
Security
No encryption-at-rest; no automated compliance controls
Business Risk
Three marquee deals contingent on 99.9 % uptime & ≤ 800 ms p95 latency

Winning those contracts meant execution predictability—missing the launch window would forfeit US $7.8 M ARR and erode investor confidence.

Problem Statement / Key Challenges

Challenge

Security & Compliance Debt

Why It Mattered

Fortune-500 insurers require SOC 2 Type II to even start UAT.

Challenge

Scalability Bottlenecks

Why It Mattered

Tele-matics partners projected > 1 TB/day ingest within six months.

Challenge

AI Readiness Gap

Why It Mattered

No embedding pipeline or vector search; competitors already demo-ing similarity queries.

Challenge

Aggressive Sales Commitments

Why It Mattered

Nine-month clock tied to signed Letters of Intent worth US $7.8 M.

Challenge

Talent Constraints

Why It Mattered

Five generalists on staff; specialist hiring lead-time ≥ 10 weeks.

Our Approach

Micro-GCC Composition

Layer
Roles
Mission
Core Squad (5 FTE)
Squad Lead, 2 Back-end (Go/Python), DevOps, QA Automation
Own ingest re-platform & API rewrite end-to-end
Flex Layer (2 SME)
CISSP Cloud-Security Architect, GPU/VectordB MLOps Engineer
Parachute in for threat-modeling, embeddings, and audit hardening
Buffer Bench (1)
Shadow Full-Stack Dev
Covers PTO/attrition at zero cost to client

Shift-Left Governance

  • 7 Plan-Left gates (Persona, AC, Risk tag, Arch sketch, Estimation, Capacity check, Test note).
  • Story can’t move to Dev-Doing until all gates are green—average gate time < 28 min/story.
  • SteadCAST dashboards track Risk-High WIP %, Test-Note coverage, Capacity vs Velocity.

Delivery Operating Model

  • 2-week Scrum; demo every second Friday.
  • IaC (Terraform Cloud) + blue-green on AWS EKS.
  • DevSecOps default: Snyk, SonarCloud, OWASP ZAP gating every PR; pipeline fails on critical CVEs.

Discovery Sprint 0 (Weeks 0-2)

  • STRIDE threat model + zero-trust blueprint
  • North-Star architecture (event-driven ingest, micro-services, vector DB)
  • NFR: sub-800 ms p95, 10 × ingest headroom, SOC 2 evidencing

Stakeholders signed off, eliminating requirement gaps later.

Steady Rabbit

Solution Delivered

Secure, Event-Driven Ingestion

  • AWS Kafka Connect → encrypted S3
  • Lambda pre-processors (virus scan, schema validation, PII redaction)
  • Step Functions wrap tenant-specific KMS keys—zero cross-tenant risk

Multi-Tenant Data Lake & Micro-Services

  • FastAPI split into 5 bounded contexts (ingest, catalog, search, auth, billing)
  • Namespace-per-tenant on Aurora Postgres; IAM generated via Terraform
  • OpenTelemetry & CloudTrail feed Grafana—auditors loved it

AI & Vector Search Layer

  • Pgvector on Aurora (1.2 B vectors)
  • LangChain embeddings on GPU spot nodes (auto-scaled via Karpenter)
  • REST → Search-Service → pgvector → top-K ≤ 480 ms p95

Compliance Automation

  • Encryption-at-rest (KMS CMK) + mTLS
  • Terraform state, Git hashes, and scan artefacts auto-harvested—cut audit prep by ~120 h

Blue-Green CI/CD

  • Weighted ALB shift 10 %→100 % over 60 min; auto-rollback on p95 latency > +15 %
  • Four cut-overs—zero downtime

Bonus React Dashboard

  • Buffer dev shipped a quality-scorecard UI at no extra cost.

Execution Journey

Phase
Timeline
KPI Shift
Predictability
Sprints 0
Wks 1–2
Threat model, NFR, architecture
100 % gate compliance
Ingest MVP
Wks 3–6
Kafka → S3, Terraform baseline
Risk-High WIP ↓ 45 %
Micro-Service Split
Wks 7–10
Auth, Search, Billing live
API p95 4.2 s → 1.3 s
Vector Search POC
Wks 11–14
pgvector + LangChain
Unit coverage 34 %→78 %
Scale & Compliance
Wks 15–18
10× load test, SOC 2 evidence
Hot-fix Fridays 3→0
UAT & Launch
Wks 19–22
Tenant scripts, audit pass
0-day schedule slip

A mid-project DevOps leave risk was neutralised when the Buffer bench stepped in within 4 h, keeping velocity intact.

Business Outcomes & Impact

Latency: p95 4.2 s → 480 ms (8.7 × faster)

Ingest: 200 GB → 2 TB per day (10 × capacity)

Compliance: SOC 2 Type II three months early

Sales: 3 insurers onboarded in 30 days → US $7.8 M ARR

Predictability Premium Saved: US $1.4 M cost-of-delay vs. historical slippage

Security: 0 critical CVEs first 180 days in prod

Qualitatively: higher C-suite trust, smoother hand-offs, culture shift to evidence-driven DevSecOps.

Why Steady Rabbit?

Core-Flex Micro-GCC

Right skills at the right moment; Buffer bench masks surprises.

SteadCAST Predictability Engine

Real-time capacity & risk analytics drove 97 % schedule compliance.

Shift-Left Governance

Seven sub-30 min Plan-Left gates cut rework 40 %.

Deep Security & AI Expertise

CISSP architect + GPU-savvy MLOps engineer.

Outcome-Linked Incentives

Latency, audit pass, and schedule, not vanity metrics.

True Partnership

Weekly C-level checkpoints, transparent burn, proactive roadmap ideas.

Steady Rabbit doesn’t just code—we co-create, de-risk, and deliver outcomes.

Client Testimonial

Steady Rabbit

CTO

US InsurTech Scale-up

Steady Rabbit turned our proof-of-concept into a SOC 2-ready, AI-grade platform—exactly on schedule.
The Micro-GCC model actually increased our velocity.