RMIT University Halves Delivery Timelines with Secure, Codified Cloud Foundation

Delivering education and research at scale requires more than technology. It demands agility, security, and confidence that teams can innovate without compromise. As cloud adoption grew organically across departments, RMIT ended up managing six separate AWS Organizations, each with its own billing setup, tools, and operating models. This fragmented approach created inefficiencies, inconsistencies in governance and security, and limited visibility across teams. Manual onboarding and decentralized management further delayed project delivery and contributed to infrastructure sprawl.

“Our ability to maintain consistent security and resiliency at an increasing scale—and the management overhead that came with it—was draining our productivity,” says Ken Mirvis, senior manager of cloud engineering at RMIT. The university set out not just to unify cloud accounts, but to redefine digital delivery with security and automation built in, empowering application teams to move faster with confidence.

To address its fragmented cloud landscape, RMIT partnered with Cevo, an AWS Premier Consulting Partner with expertise in enterprise cloud modernization. “Cevo was a great cultural fit for us, bringing deep knowledge and experience in integrating AWS enterprise capabilities,” says Mirvis.

Together, they built a fully integrated, automated, and secure enterprise landing zone (ELZ) that centralizes operations and enforces compliance across RMIT’s AWS Organizations. While the Landing Zone Accelerator on AWS supported parts of the build, the broader transformation focused on codifying standards, reducing manual effort, and shifting governance from reactive to preventive. “This underpins our centralized cloud operating model, with governance, core technologies, integrations, and automated processes managed by a dedicated platform engineering team,” adds Mirvis.

Security was a cornerstone. The team pursued a near zero-trust architecture with minimal overhead to reduce complexity for developers and reliability engineers. Guided by AWS Well-Architected Framework best practices, they automated the Security Pillar into assessment processes, implemented defense-in-depth patterns, enforced preventive governance at every phase of continuous integration/continuous development (CI/CD), and codified platform policies. Preventive and detective controls were reinforced through a hierarchy of service control policies, centralized logging and monitoring, and AWS security services including AWS CloudTrail, AWS Config, and Amazon GuardDuty as well as AWS Security Hub, Amazon Macie, and AWS IAM Access Analyzer for threat detection. RMIT also benchmarks its cloud security posture against NIST and CIS standards in AWS Security Hub, regularly achieving near-perfect compliance. “With this approach, we could strengthen security while removing unnecessary overhead and complexity,” says Mirvis.

RMIT and Cevo also adopted shift-left principles to move testing, quality, and security earlier in the software development lifecycle. Opinionated git pipelines apply security standards upfront, including code quality and vulnerability scanning, while a Terraform module library codifies secure AWS resource instantiation. These patterns extend to secure network blueprints, encryption, access control, and container scanning—ensuring workloads are secure by design, every time.

 

Operational agility came through ServiceNow integration. The team connected request-fulfillment workflows with the ELZ for frictionless project onboarding and linked ServiceNow Configuration Management Database (CMDB) auto-discovery and automated service mapping, creating a central repository of IT services, assets, and relationships. The results are transformative. “We’ve built a secure, codified AWS foundation that sets a new benchmark for automation, compliance, and agility—turning security and governance into a default, not an afterthought,” says Matthew Barry, director of global technology services at RMIT. 

By establishing a modern ELZ, RMIT has transformed the way it delivers digital services. The platform ensures consistent governance, secure automation, and seamless onboarding across all departments and business units. Workload accounts, network, and access provisioning—along with CMDB onboarding—are now 90 percent faster, while digital delivery timelines and costs have been reduced by up to 50 percent. Developers can launch workloads 70 percent quicker with greater agility and fewer manual steps.

Beyond high-level metrics, ELZ has delivered meaningful business impact. A critical research initiative requiring secure access to key software was stalled for more than 12 months due to security and governance concerns. With the ELZ’s “secure by design” architecture and proactive governance, connectivity was implemented in under six weeks once the platform was operational. Barry says, “By unifying and modernizing our AWS environment, we’ve cut the time and cost of delivering environments for digital initiatives by half, improved satisfaction across the university, and strengthened RMIT’s leadership in cloud-enabled research and education.”

The platform is also helping RMIT scale globally. The university recently launched an on-demand cybersecurity curriculum in Vietnam, and research teams now collaborate more efficiently across time zones and campuses. “Now that our technology is no longer a barrier, we can scale innovation and collaborate globally—not just within Australia, but with partners around the world,” adds Mirvis.