HCLTech leveraged WAFER (Well-Architected Framework for Enterprise Remediation) to enable a large global financial services organization to modernize its AWS review and remediation operating model. The organization’s multi-region AWS footprint supporting business-critical platforms, digital banking workloads and data-intensive services environment operates under strict expectations for security, resiliency, auditability and change control. By combining customer-hosted deployment, governed workflow orchestration and Agentic AI through Amazon Bedrock AgentCore Runtime with Amazon Bedrock Knowledge Bases, the program shifted the client from passive findings visibility toward faster, more traceable remediation support. The initiative accelerated review cycles by 90%, improved remediation readiness and strengthened the connection between cloud governance and financial accountability.
The Challenge
The client operated at significant AWS scale (~5,000 AWS accounts) with a decentralized engineering model. While innovation velocity remained high, architectural governance had become harder to operationalize consistently across the estate.
Key issues included:
- Findings backlog: Traditional review processes produced high-risk findings faster than teams could interpret, prioritize and action them
- Financial drift: Resource sprawl, idle assets and delayed remediation created ongoing cost leakage and avoidable monthly variance
- Compliance fatigue: Security and governance teams were spending too much time coordinating manual reviews, evidence collection and follow-up actions
- Execution gap: The organization lacked a scalable way to turn findings into guided remediation outputs that engineering teams could actually use
The Objective
The goal was to move the client from reactive cloud review toward a more governed, remediation-oriented operating model.
Priority outcomes included:
- Reduce the delay between findings identification and remediation planning
- Improve financial accountability by identifying and addressing waste faster
- Create a more scalable workflow for review, decision alignment and remediation support
- Introduce agentic reasoning in a way that fits enterprise controls and customer-hosted deployment expectations
The Solution
HCLTech addressed the challenge using WAFER as a customer-hosted application on AWS.
WAFER was positioned as a private, enterprise-ready control plane for findings review and remediation support: the implementation combined internal application access, asynchronous workflow orchestration, supervisor-led agent execution and customer-grounded reasoning.
Phase 1: Customer-hosted foundation
WAFER was deployed inside the customer's AWS environment, with access routed through an approved internal path. The WAFER UI and WAFER Backend API were hosted as separate containerized services on Amazon ECS with AWS Fargate, allowing the client to run the application in a managed container environment without adding infrastructure management overhead.
This deployment model helped align the solution to the client's security expectations, network controls and data-handling requirements.
Phase 2: Workflow orchestration and Agentic reasoning
The WAFER Backend API received user actions, managed workflow state and submitted long-running analysis and remediation requests to AWS Step Functions. Step Functions then orchestrated the workflow and invoked Amazon Bedrock AgentCore Runtime for supervisor-led agent execution.
Within AgentCore Runtime, a supervisor agent coordinated specialized agents for:
- Findings analysis
- Trade-off and negotiation support
- Compliance interpretation
- Remediation guidance
This gave the client a more modular and explainable AI operating model than relying on a single, general-purpose agent for every task.
Phase 3: Customer-grounded intelligence
To improve relevance, WAFER used Amazon Bedrock Knowledge Bases to ground outputs against customer-specific context. Internal standards, prior findings patterns, remediation guidance and relevant source content were synchronized and indexed in Amazon S3 Vectors.
This allowed WAFER to generate outputs that were better aligned to enterprise standards and delivery realities, rather than relying only on generic model knowledge.
Phase 4: Persistence, traceability and reporting
Findings, workflow state and generated artifacts persisted in Amazon DynamoDB and Amazon S3. AWS Secrets Manager, Amazon CloudWatch and AWS KMS support secrets handling, monitoring and encryption across the platform.
The result was not just a faster workflow, but a more traceable and auditable one.
AWS services used
- Amazon ECS on AWS Fargate: Hosted the WAFER UI and WAFER Backend API inside the customer environment
- AWS Step Functions: Orchestrated asynchronous analysis and remediation workflows
- Amazon Bedrock AgentCore Runtime: Hosted the supervisor-led agent execution model
- Amazon Bedrock Knowledge Bases: Supplied retrieval-augmented context for grounded outputs
- Amazon S3 Vectors: Stored indexed context used by the knowledge base
- Amazon DynamoDB: Persisted findings metadata, workflow state and processing status
- Amazon S3: Stored source content, generated outputs and supporting artifacts
- AWS Secrets Manager, Amazon CloudWatch and AWS KMS: Supported security, monitoring and encryption
Financial analysis
Moving from a manual consultancy-led review to HCLTech WAFER changed the economics of cloud governance for the client.
The "Cost of Delay" Calculation
HCLTech estimated that the client was losing approximately $150K per month because of the time lag between identifying a cost leak and initiating remediation.
- Manual model: Finding identified on Day 1 -> ticket raised on Day 3 -> engineer assigned on Day 14 -> remediation planned and deployed around Day 30
- WAFER model: Finding identified in minutes -> grounded remediation guidance generated in minutes -> approved remediation workflow initiated within the first hour
The difference is not only in process speed. It materially reduced the cost of waiting.
The "zero-cost effect"
The solution achieved effective fiscal neutrality within the first sprint.
- Self-funding: Savings identified through faster visibility into fiscal liabilities, such as orphaned snapshots, idle network resources and over-provisioned storage or IOPS, offset the cost of the HCLTech engagement and the associated Bedrock inference spend
- Efficiency multiplier: The client avoided the need to add an estimated 4 additional cloud architects to sustain the review and remediation workload. WAFER absorbed a significant share of the discovery, interpretation and remediation-planning effort that would otherwise have required a larger specialist team
"Manual reviews behave like a sunk operating cost. WAFER shifts the conversation toward faster waste recovery, stronger operating discipline and more scalable remediation support."
The Impact
WAFER helped transform the client's cloud operations from a governance bottleneck into a faster, more action-oriented operating model.
Accelerated time-to-value
- 90% Faster Reviews: HCLTech reduced the Well-Architected Review cycle from 4 weeks to 3 days.
- Faster engineering follow-through: Engineers spent less time writing repetitive remediation boilerplate and more time reviewing grounded, AI-assisted outputs, improving team velocity by an estimated 40%.
Risk and Compliance
- 100% Coverage: The client moved from sampling a limited subset of workloads to scanning the full-scoped environment, uncovering risks in under-reviewed accounts and workloads that manual review patterns had missed
- Audit-Ready: The workflow produced traceable remediation artifacts and persisted review state in a way that better supported internal audit and governance expectations
AI-driven future
- Foundation for AIOps: The success of the supervisor-led agent model demonstrated a practical enterprise use case for Agentic AI in cloud operations, creating a foundation for the client to explore adjacent use cases in support operations and incident response
Why this case matters
This case study demonstrates that the value of WAFER is not limited to finding visibility. Its real strength is how it helps enterprises operationalize review and remediation in a way that is private, governed, explainable and customer-context-aware.
For large organizations, especially in regulated sectors such as financial services, that shift matters. It turns cloud review from a reporting exercise into a more usable decision-and-action workflow.
Conclusion
With WAFER, HCLTech helped a financial services client move beyond passive findings management toward a more structured remediation operating model on AWS. By combining customer-hosted deployment, Step Functions orchestration, Amazon Bedrock AgentCore Runtime, Amazon Bedrock Knowledge Bases and enterprise-grade persistence and controls, the engagement created a stronger foundation for faster review cycles, more relevant remediation guidance and better cloud governance outcomes.
For organizations facing similar scale, compliance and remediation-backlog challenges, this pattern offers a credible path from findings to governed action.
Related Case Studies
HCLTech introduced a secure, enterprise-grade Agentic AI platform for institutional bankers
Learn more
A structured Digital Academy was established by aligning learning closely with business needs, the initiative accelerated workforce readiness without compromising on quality or depth.
Read more
HCLTech leveraged multiple AWS services to accelerate the migration program for a major UK-based general insurance company.
Learn more
HCLTech modernized a global nutrition, health & beauty leader’s aging ServiceNow into a standardized, scalable, GenAI-enabled platform—accelerating automation and enhancing user experience.
Learn more
A virtual‑first SiL platform enabled a global OEM to accelerate Level‑3 ADAS validation through modular workflows and TestSphere KDT, cutting test design effort by 75% and enabling sub‑day releases.
Learn more
Global technology company partners with HCLTech to overhaul testing operations, improve speed, efficiency and cost savings
Learn more