AWS Smart Business Blog

Build a Strong Foundation in the Cloud to Help Your Small or Medium Business Grow

People often admire and pay attention to tall and shining skyscrapers. One thing in common among all these skyscrapers is that they each have a deep and solid foundation as the first building block of their construction. Without it, the building would be susceptible to movement, shifting, or even collapsing.

It is a similar situation when you build or implement applications in the cloud. You often focus on delivering results as quickly as possible, however building the application on top of a solid foundation is what help you make it secure, scalable, and successful.

A typical pattern we observe when small and medium businesses (SMBs) build or migrate their applications from their datacenters to the cloud is that they often retain an on-premises mindset, such as sharing access credentials for administrator accounts or over-provisioning IT infrastructure to accommodate growth. To assist our customers in adapting to the cloud and establishing a solid foundation, Amazon Web Services has developed guided paths called Cloud Foundations. These paths provide guidance to help customers deploy, configure, and secure their new workloads, ensuring they are well-prepared for ongoing operations in the cloud.

In this blog post, we’ll focus on three important foundational categories with capabilities that SMBs and their tech advisors should consider first to achieve greater operational efficiency and long-term return.

Challenges to establishing and growing a cloud environment

As you plan your business growth, you should also consider how your cloud environment will scale with it. Managing one or two simple workloads in the cloud is easy enough. But as your requirements grow with your business, your cloud environment can become harder to manage, costing your team valuable time and money. Some of the challenges associated with a growing cloud environment include:

  • Potential cloud security events
  • Securing and managing access for partners, employees, and business stakeholders
  • Identifying bottlenecks or issues in code
  • Managing costs
  • Addressing business continuity and disaster recovery issues that could lead to downtime
  • Human-error
  • Testing changes before releasing to production

Building your cloud environment on a strong foundation helps prevent issues so you can scale securely, quickly and efficiently. This can increase your return on investment and allow your organization to operate more effectively as it grows. A 2022 report identified that organizations receive a 241 percent return on investment over a three year period where services for management, security, and operations are used. AWS helps you realize this return by providing services and solutions for developing a Cloud Foundation.

What is a Cloud Foundation?

A Cloud Foundation is a set of guided paths, features, and processes that you can enable as you or your tech partner develops your AWS environment. They are designed to provide guidance in developing an operating model to deploy, operate, and govern your workloads. AWS organizes Cloud Foundation capabilities into a decision framework that includes solutions to support building a strong foundational environment. Whether you are already running workloads on AWS or just getting started, isn’t too late to invest in a Cloud Foundation.

SMBs employees working together in an office at a long table in front of computer monitors

How a strong foundation facilitates growth

Building a foundational cloud infrastructure impacts how SMBs grow by providing several key benefits:

  • Control costs – Implementing governance controls like resource tagging and change management allow you to see where your organization is spending money and gives you an opportunity to optimize high-spend areas to achieve cost savings.
  • Reduce risk and impact of incidents – Combining foundational capabilities like security, governance, and cost management can alert you to issues before they impact your business.
  • Scale efficiently – Starting your cloud journey with growth in mind allows your infrastructure to scale with your organization.
  • Control accessSMBs can add and remove access to their environment easily by introducing proper identity access management controls and ensure only the minimal permissions are granted.
  • Freedom to innovate – Creating isolation boundaries with your infrastructure gives teams freedom to try new ideas without risking disruption to critical infrastructure. For example, a sandbox account can be used to test a new app idea or feature, AI model, or code optimization before you deploy to a production environment.

Three foundational categories to consider first

Governance, Risk, and Compliance

If you have growth in mind, strong governance is foundational to success in scaling your cloud environment. The Governance, Risk, and Compliance category enables you to define and enforce business and regulatory policies, such as HIPAA, PCI-DSS, and GDPR, for your cloud resources. Cost-effective governance can be embedded at the account level down to the data level, helping you address your compliance requirements and mitigate risks before they become incidents.

Foundational governance enables visibility, like the increased visibility AWS customer Purple Technology gained using our cloud to respond to regulatory complexities, and can be streamlined across all of your cloud operations. We recommend three ways to get started with governance on AWS: Tagging, Workload Isolation, and Change Management.

Tagging

Tagging is fundamental to providing visibility and control and is best done when first creating your environment. Tagging your cloud resources can also provide a strategic path to organizing your workloads in separate accounts, provide cost visibility into your organization, and separate access control within your team. Consider how your business will operate in the cloud and ask your team to tag your resources.

Workload Isolation Boundary

SMBs operate more efficiently by separating environments by business function, phase and access requirements. Creating these boundaries helps reduce issues and protects critical infrastructure from accidental changes. A multi-account strategy is key to success when customers are starting to adopt AWS Cloud, expanding their footprint on AWS, or planning to enhance an established AWS environment.

Change Management

An advantage to cloud computing is the ability to develop complex infrastructure easily with just a few clicks of a button or changing a few lines of code. However, changes to a cloud environment can also introduce risk. Altering cloud resources introduces the opportunity for controls to be disabled or rendered ineffective. By enabling change management controls, you have continuous visibility into what changes to your environment or workload have occurred and can prevent governance violations if they happen.

Security

At AWS, security is a shared responsibility with customers. AWS is responsible for “security OF the cloud” and secures the hardware and facilities, patches the underlying operating systems for managed services and provides security tooling for customers. Customers are responsible for “security IN the cloud” and should secure their account and ensure the proper security features are enabled to protect their workloads.

Two security areas to consider first are Identity and Access Management (IAM) and network security.

Identity and Access Management

It is essential for SMBs to consider delegation of tasks in their environment to ensure proper access is granted. This not only prevents security breaches, but improves efficiency as your environment grows and more access is needed. AWS offers cloud solutions that make IAM scalable and cost-effective. For example, see how Sophos utilized IAM Identity Center to combine multiple identity providers to simplify and centralize account management.

Network Security

The integrity of your workloads is dependent on developing strong network security practices and policies. By protecting your resources at the network level, you increase availability and reduce risk of failures that erode your customers’ trust.

Finance

According to a 451 Research study, organizations that use cost management practices report that their efforts result in greater cloud services adoption, higher revenue and improved profitability. AWS offers flexible pricing models, a free tier for many services and many other features to rightsize your resources and optimize your cloud spend.

The Cloud Financial Management capability provides the ability to manage your cloud expenses and enables you to track, notify and optimize your resources by cost in your environment. SMBs are able to realize greater savings, like the projected US$333,000 annual savings achieved by OLX Autos, when a foundation of cost visibility enables resource consolidation. Three finance category considerations SMBs should focus on first are:

Cost allocation

Grouping your cloud resources into logical categories allows you to properly align your IT budget and look for opportunities to reduce cost. For example, allocating cost by business unit, product or team can help you establish effective charge back processes and associate bills with their proper owner.

Cost monitoring

Configuring cost monitoring tools in your account can not only help you control costs, it can alert your of spending anomalies that may be an indicator of a deeper issue. If a service in your account averages at one rate and then suddenly spikes, there may be an issue with your infrastructure or could be an indicator of fraudulent activity.

Cost optimization

When building out your cloud environment it is important to consider tradeoffs in design that may have cost implications. SMBs should continually investigate opportunities to save money by focusing on high cost areas or by leveraging the newest tools and technologies that often include better performance ratios, saving you money.

Banner driving to our interactive assessment tool

Key takeaways to start building a strong cloud foundation

Moving to the cloud involves many important decisions organizations must make to realize the full potential of cloud computing. When you are first getting started it can be easy to focus only on building features you or your customers use day-to-day and miss opportunities for long-term scalability and success. The Cloud Foundations Framework aids your organization by providing you with capabilities and a decision framework to implement best-practices that foster growth and innovation.

Starting with a strong governance strategy by implementing tagging and a multi-account strategy can ensure you have the right environment to organically grow. Security should be a top priority for all SMBs to reduce the impact of incidents that prevent growth. Cost management will help you identify areas to optimize your spending and increase your profitability. Consider these Cloud Foundation categories and capabilities first and you’ll be on your way to building a towering skyscraper in the cloud.

Next steps

As your organization considers growth, Cloud Foundations not only helps you realize a greater ROI and drive economic impact, it can provide a secure environment to scale technology and build trust in and outside of your organization. Lets us help you implement a strong cloud foundation by exploring SMB solutions on the AWS Solutions Library or reach out to an SMB expert at AWS.

Todd Fortier

Todd Fortier

Todd Fortier is a Senior Solutions Architect at AWS. He has over 15 years of experience in multiple languages, frameworks, and cloud platforms. Todd is responsible for leading technical teams that deliver value and delight customers by engaging in the complete agile lifecycle, from discovery through transition. He is based in the United States.

Cheng-Lun Chen

Cheng-Lun Chen

Cheng-Lun Cheng is a Senior Solutions Architect at AWS where he helps customers improve their business outcomes in the cloud. Before joining AWS, he worked in engineering roles for health tech company, DrFirst, and alcohol retailer, Total Wine & More. Cheng-Lun is based in Virginia (US).