A best-practice framework for enterprise-grade AWS environments: secure, compliant, serverless, cloud-native
Whether you're starting your cloud journey or you're a seasoned cloud veteran, governing your cloud resources and ensuring that they conform to necessary standards is not an easy task. Although security best-practices guides exist and are publicly available, knowing which services to use, how to configure them, and how to perform these tasks at scale can easily end up in misconfiguration unless it's done in a clear, automated, and repeatable way.
AllCloud's Next-Generation Landing Zone (NGLZ) consulting offer provides a fully automated enterprise-scale governance and security framework that configures and updates multi-account, multi-region AWS Organizations organizational units (OUs) based on AWS services. The offer has already been deployed across a large number of AllCloud customers of all sizes and it continues to grow and evolve alongside the AWS ecosystem with periodic version updates and releases.
Austria, Canada, Germany, Israel, Switzerland, United States
Easily applied cloud best practices
Uses configured templates based on industry standards, compliance frameworks, and AWS best practices.
Findings, alerts, and notifications are consolidated into AWS Security Hub and pushed to an external SIEM.
Cost governance and control
Central control over accounts limits and budgets, with cost control monitoring and alerts.
Flexible and expandable
Open framework with settings, configurations, and templates customizable to support third-party tools.
How it works
About this consultant
How it works
NGLZ is a fully automated, enterprise-scale governance and security solution. It is built to configure and update multi-account, multi-region AWS Organizations OUs and based on AWS services. The solution works as a security baseline to lay the foundation for a cloud migration or any modernization journey, or to manage large growing AWS environments. The process of onboarding to NGLZ consists of two parts: technical design sessions and NGLZ framework deployment.
The technical design sessions are intended to map out the customer's business needs. They are held between AllCloud's solutions architects (SAs) and the customer's stakeholders in research and development, security, networking, finance, and operations. Technical design sessions cover AWS account structure, AWS Identity and Access Management structure, business continuity, backup policies, compliance requirements, and more.
The solution offers three predefined OU profiles (Sandbox, Non-Production, and Production). Customizable elements include a serverless orchestration pipeline that uses AWS Developer Tools and AWS Step Functions, and a built-in Amazon Machine Images (AMI) factory to create, share, deploy, and customize AMIs across OUs with automated delivery workflows. Flexible network blueprints offer customizable network topologies using AWS shared subnets with virtual private clouds (VPCs) protected by AWS WAF.
The deployment of NGLZ is simple and straightforward through AWS Service Catalog. Once the framework has been deployed, AllCloud's engineers will configure the solution alongside the customer according to the requirements from the technical design sessions to ensure that by the end of the process the customer has the necessary know-how to operate and manage the framework. Cost governance and control are assured by enabling detective guardrails for unused resources and setting resource limits and account budget alerts.
NGLZ implements AWS security best practices using services such as AWS Control Tower, AWS Key Management Service (AWS KMS), AWS Config, Amazon GuardDuty, AWS Security Hub, Amazon Inspector, and AWS Service Catalog. Robust and customizable security policies can include public Amazon Simple Storage Service (Amazon S3) buckets, encryption, key deletion, custom alerts, and backup, as well as incident response using cloud-native tools, automated indicators of compromise (IoC) detection and response, and SIEM integration. NGLZ builds on AWS Control Tower to provide a single end-to-end framework for security orchestration and visibility that meets the most stringent security, governance, and compliance standards and regulations.
1) Technical design sessions
Meetings between AllCloud’s SAs and customer stakeholders to map out business needs
2) NGLZ framework deployment
Deployment of NGLZ through AWS Service Catalog
3) Configuration and customization
AllCloud’s engineers will configure the framework alongside the customer according to the requirements from the technical design sessions
4) Flexible network blueprints
Customizable network topologies using AWS shared subnets with flexible virtual private clouds (VPCs) protected by AWS WAF
5) Data protection
Enforce security policies such as public Amazon Simple Storage Service (Amazon S3) buckets, encryption, key deletion, custom alerts, and backup
6) Incident response
Investigate incidents using cloud-native tools, automated indicators of compromise (IoC) detection and response, and SIEM integration
7) Cost governance and control
Enable detective guardrails for unused resources, setting resources limits and account budget alerts
An AWS account with AWS Organizations configured ("All Features" enabled)
AWS Organizations account access
Admin access to the AWS Organizations main account
Basic knowledge in Git to maintain and operate the NGLZ configuration files
About this consultant
AllCloud is an AWS Premier Partner and a global player in the cloud managed services market for a range of customers from startups to multibillion-dollar companies or divisions. AllCloud has achieved a number of AWS Competencies including the AWS Migration, AWS DevOps, and AWS Security Competencies. AllCloud works in a DevOps culture of speed, automation, re-use, and best practices and has the agility, experience, expertise, competencies, and proven methodology to design, deliver, and support strategic, holistic digital transformation and IT modernization road maps.
AllCloud's offerings range from world-class advisory services to best-in-class design patterns, prebuilt ready-to-deploy technology assets, and fully managed services. No matter how simple or complex the project, however, AllCloud works closely with its customers to ensure that they benefit from short time to value, mitigated risk, and optimized cloud operations. AllCloud's phased build-and-grow approach captures business value from Day 1 and continuously drives customer success.
Ready to get started?
Browse our portfolio of Consulting Offers to get AWS verified help with solution deployment.
Browse our library of AWS self-deploy solutions to common architectural problems.
Find AWS certified consulting and technology partners to help you get started.