Case Studies Home

How Pump Uses Orca to Grow from 0 to 1,500+ Customers Securely

A group photo of staff members from Pump.co

Challenges

  • Fragmented visibility into a growing attack surface
  • Manual security processes couldn’t keep up with growth
  • Compliance reporting was time-intensive
  • No clear way to measure or communicate security progress

Results

  • 25% faster mean time to detection
  • 50–75% faster time to remediation
  • 50% less time spent on compliance audits
  • More team members using the platform than ever
  • Confidence to scale quickly and securely

Pump Saves Companies Time and Money

Pump helps companies save time and money on their cloud bills. Two years ago, that meant managing accounts for fewer than 100 customers. Today it’s over 1,500. The company has expanded from a single cost-savings product to a multi-cloud platform spanning AWS, GCP, and Azure, with Kubernetes optimization and infrastructure recommendations on the way. 

That kind of growth comes with responsibility. Pump works closely with its customers’ cloud environments, and every promise it makes about security has to hold.

“With that comes the responsibility to make sure what we’re operating is airtight,” says Ham Williams-Tracy, Solutions Architect at Pump.

Fragmented Security Tools Across Clouds Created Blind Spots

As Pump scaled, the fragmentation in its security picture grew with it. Ham and the solutions engineering team were monitoring their environments and managing access policies, but lacked a systematic way to surface what they were missing in one place.

Compliance was slower than they would have liked it to be. Pump holds SOC 2 and ISO certifications and helps customers align to the AWS Well-Architected Framework, a framework it applies to its own environment first and shares outward. But generating the reporting to prove compliance was slow and manual, pulling the team away from actually improving the posture they were trying to document.

Orca enabled Pump to quickly and effectively generate the necessary evidence for their audits, a necessity for a company whose entire value-add depends on the trust customers place in them.

A photo of work colleagues collaborating together near their workstations

Straight to the Point

What stood out about Orca wasn’t a feature list. It was the absence of a runaround.

Security tools often create a frustrating loop: a finding surfaces, the guidance is vague, hours go into research, and by the time you’ve figured it out, more findings have piled up. Orca broke that cycle. Continuous scanning meant the team wasn’t waiting for a scheduled check. And when something was flagged, the path forward was clear.

“The answers we get from Orca get straight to the point,” Ham says. “They tell you exactly what the issue is and exactly how to remediate it. Orca has probably paid for itself in the man-hours we’ve spent securing our own environment.”

Compliance audit prep time dropped by roughly half. Mean time to detection improved by 25%. Time to remediation fell by 50 to 75%. The uncertainty that had kept Ham up at night was being replaced, finding by finding, with a clear picture of where things stood.

Mission Control for a Company Moving Fast

Stuart doesn’t reach for security jargon when he describes what Orca means at the leadership level. He reaches for confidence.

“Orca is our mission control center. It gives us a bird’s-eye view of our security posture in minutes.” When Stuart joined, Pump had one product on one cloud. Now it has multiple products across three providers with more on the way. Expanding that quickly while maintaining the security commitments customers depend on isn’t a given. Orca made it possible.

“It’s given us the confidence that we can move really quickly,” Stuart says. “Product velocity. That’s been tremendous.”

Usage of the platform has grown by hundreds of percent as more of the team has come into the dashboard. The insights Pump gained from securing its own environment feed directly back into the guidance it gives customers, strengthening both sides of the relationship. “Zero complaints,” says Stuart. “It’s been wonderful.”

How Pump Built Security It Can Stand Behind

Pump started with one product, one cloud, and a promise to help companies spend less and build smarter. Two years later, it manages cost optimization for 1,500 customers, spans three cloud providers, and is still growing. That kind of scale demands more than good intentions. It demands proof.

Since adopting Orca, the team cut compliance audit prep time in half, improved mean time to detection by 25%, and reduced time to remediation by as much as 75%. Security has stopped being the job of a few and become the culture of the whole company.

Pump can now walk into any room, with any customer in any industry, and back up every promise it makes. Consolidating its security tooling has helped the team cut tech debt, accelerate remediation, and reduce cloud spend, and with Orca in place, Pump is confident it can scale four times over in the year ahead.