Flux7 Flux7
  • Digital Innovation
      • Digital Innovation
      Enable Software Innovation
      • CI/CD: Accelerate Deployments Through Pipelines
      • Containers Infrastructure:Improve Agility with Containers
      • Build:Custom Toolchain Deployment
      • Microservices: Speed Application Development
      • HPC:Product Design & Simulation
      • Renovate:Application Migration to the Cloud
      • Serverless:Innovate at the Speed of the Market
      Scale Enterprise DevOps
      • AWS DevOps Consulting:  Refactor Large Quantities of Apps to AWS
      • Cloud-Native Architectures: Accelerate Business with Cloud-Native Services
  • Operational Excellence
      • Services
      Cloud Implementation Services
      • Cloud Migration Services: Streamline Your Cloud Migration
      • Build Cloud Foundations: Accelerate Adoption with Strong Cloud Foundations
      • ISV Workloads on Cloud: Defined Solutions and Proven IP
      • High-Performance Computing Services: Exploit Cloud Elasticity and Scalability
      Enforce Security and Compliance
      • Automate Compliance: Meet Corporate and Legal Requirements
      • Web Application Firewall:Protect Vital Data and Functions

      Our landing zones on AWS emphasizes training, documentation, and resources to help teams new to AWS get the skills they need for long-term business agility.

      Gain a Landing Zone That Fits Your Needs Today

  • Industries
      • Industries
       
      • Energy:Cloud Solutions for the Energy Industry
      • Finance: Secure Infrastructure for Improved Customer Service and Analytics
      • Healthcare & Life Sciences: Meet Security & Compliance Requirements
      • Hospitality: Increase Customer Acquisition
       
      • Manufacturing: Innovation with Digital Transformation
      • Retail:Grow Customer Loyalty and Lifetime Value
      • Semiconductor: Legacy Modernization Services
      • Software:Grow Developer Agility and Application Reliability
       

      Read our industry success stories and the benefits our customers saw

      Read the Case Studies

  • Tech
      • Tech
      Flux7 Tech
      • DevOps Toolchain: Reduce DevOps Challenges
      • Amazon Web Services: Reduce Complexities and Risks in AWS Architectures
      • AWS Database Services: Design and Implementation of Infrastructure for Cloud-Based Databases
      Configuration
      • Cloud Configuration: Gain Greater Consistency, Repeatability & Agility
      • HashiCorp Terraform: Defining Infrastructure as Code 
      • AWS CloudFormation: Reduce Maintenance and Improve Security
      Containers
      • Container Infrastructure: Improve Agility with Containers
      • Docker: Build, Ship and Run Applications Anywhere
      • Kubernetes: Container Consulting Services
      • Red Hat OpenShift: Speed Code Delivery

      Rapidly adopt technology to achieve Infrastructure as Code and continuous delivery and support of applications and workloads.

      Create Your DevOps Toolchain

  • Resources
      • Resources
      Research & Reports
      • Analyst Insights & Reports
      • Blog
      • Case Studies
      • White Papers
      News & Events
      • Events Calendar
      • Newsroom
      • Press Releases
      Flux7 Academy
      • Tech Tutorials

      Read about what we do, how we do it and how our customer's benefit from our solutions.

      Read and Download Our Case Studies

  • About
      • About Flux7
      Get To Know Us
      • About Flux7
      • Awards & Recognitions
      • Meet Our Team
      Work With Us
      • Careers
      • Our Culture
      Partner With Us
      • Flux7 partners with technology vendors who deliver solutions to help our customers address scalability, security, reduce the cost of infrastructure delivery and improve speed to market.

      Welcome to Flux7! Get to know us a bit better and discover what makes us different than other DevOps Consultants.

      Discover What Makes Us Different

  • Contact us
An NTT DATA Company

Login Contact us

Secure Your AWS Cloud Foundation: Get Started with AWS

Secure Your AWS Cloud Foundation: Get Started with AWS

Secure Your AWS Cloud Foundation: Get Started with AWS

By Flux7 Labs
February 25, 2020

Secure Your AWS Cloud Foundation for Successful Cloud Adoption

Cloud Computing, Central to IT Modernization

Consumers increasingly expect digital offerings from companies they do business with. From online and mobile banking to QSR kiosks and even facial recognition and VR apps, both B2B and B2C customers are placing increasing pressure on organizations to digitize and modernize their offerings. Cloud infrastructure has become a clear enabler for businesses to extend new digital offerings to customers, enabling them to rapidly innovate while decreasing their time to market. Yet, knowing where and how to begin can be a challenge, especially for large enterprises who face these pressures across product lines and must be able to answer ongoing questions of security, compliance and risk management in the cloud adoption process. Whether you are new to public cloud, or you are looking to take your existing cloud environment to the next level, it’s imperative to start with a sound cloud foundation that employs security by design best practices and principles.

 

Pressure to Get It Right is High

The quality of the cloud environment created directly impacts the future function of services and applications moved to the cloud. It also directly affects everything from future customer loyalty to assuring data security. Clearly, starting on the right path represents an ever more critical stage in any cloud journey. A hybrid or multi-cloud approach is quickly becoming a fundamental reality of executing digital business transformation at scale. Building the right cloud foundation — one that offers security, scalability and can be extended over time — is a critical first step regardless of your cloud strategy, and one that we will explore in-depth in this paper.

 

Using a Cloud Landing Zone

In the military, a landing zone is a safe place where aircraft can land. Similarly, in the public cloud, a landing zone is a safe place for services to land as they move through delivery pipelines. Landing zones are part of a proven framework for delivering services with greater quality and speed. The landing zone is where services deploy and as a result is focused on catching service agnostic components as they are delivered via processes designed specifically to automate the delivery of services into the landing zone. The concept of a service-agnostic landing zone is very critical as a service agnostic landing zone is very efficient and facilitates easy, automated repeatability. As an enterprise transitions from a traditional Development – IT Operations framework, a cloud landing zone is important as it provides needed efficiency, standardization, and governance.

WP Getting Started on AWS Flux7


Begin the Infrastructure as Code Journey

Many organizations begin their journey to the cloud with a pilot project. This is the best approach as it allows the organization to prove the value of Infrastructure as Code and a DevOps approach in a small, controlled environment where it can gain acceptance and grow the initiative, rather than employing a sweeping
approach which may be destined to fail under its own weight.

The DevOps model is about process improvement and that is best facilitated by technology. As a result, the most successful pilots begin with a landing zone which provides automation to facilitate standardization and governance. Successful pilots are small and impactful which means that although staff may be eager to dive in and get their hands dirty building a complete, scalable, landing zone, it is more important to do a minimum-viable landing zone and launch the first app.

While landing zones in a pilot environment are not yet customized to meet specific enterprise needs at scale, they should include all the basics, like security and operational best practices. A first pilot can play a gating role in determining your organization’s journey forward. Moreover, it can play a critical role in determining success while also being a great investment for future growth and velocity.

Knowledge Transfer

New technologies require new skills and the pilot team should also allow themselves the time — and resources — to acquire new skills as they will be responsible down the line for helping train additional resources as success spreads and scales throughout the organization.

As such, successful knowledge transfer generally includes:

  • Interactivity, with the new team learning skills hands-on working alongside experienced peers
  • Participation across the team, ensuring learning is both deep and wide
  • Creation of a thorough runbook early in the process
  • Correlation of deliverables to specific learnings
  • Capture of knowledge training sessions for reference and future training
  • A focus on both the ongoing ‘care and feeding’ of the landing zone and how to build upon it in the future
  • Pre-configured hands-on labs

For organizations that are new to AWS, there is immense value in knowledge transfer sessions with experienced consultants as they can help your organization achieve a solid start — and provide you with the knowledge to build and expand for ongoing success.

Automate IT Processes at Scale

Following a successful pilot, organizations should focus on remediating any architectural shortcomings and prepare to scale for mass-migration. At this point, an organization’s landing zones should include:

1. Best-practices
2. Customization for the organization’s specific needs
3. Corporate and industry compliance, like CIS compliance
4. Tool preferences
5. Advanced technologies
6. Automation-at-scale

A scalable landing zone is truly enterprise-grade and ready for mass migration to the public cloud, especially when coupled with migration factories for refactoring and/or replatforming strategic applications. Past the migration phase, the landing zone continues to play a key role as a platform for continuous innovation and maximum business impact.

Build a Solid Cloud Foundation

A properly designed and deployed landing zone is the foundation for successful cloud adoption and migration. Because the landing zone is deployed before any applications are migrated to the cloud, it’s imperative to get it right the first time. Just like it’s difficult to make changes to the foundation of a house after it has been built, it is similarly difficult to make changes to the landing zone once applications are deployed. While changes can be made to the landing zone post-deployment, design level changes can result in application redeployment, and with it, additional downtime inefficiencies. Missteps along the way can lead to security risks, unscalable systems, and inefficiencies that can slow processes and overall progress of cloud migration. And while not impossible to modify the landing zone to address missteps, it’s certainly worth avoiding if at all possible by carefully planning and deploying landing zones correctly from the outset. Landing zones are not a one-size-fits-all exercise and there is no standard framework for a cloud landing zone. And, with over 100 decisions to be made to create a unified, secure, scalable and extendable landing zone in AWS, it’s highly recommended organizations have professional advice available. Public cloud consultants are likely to have worked with use cases similar to yours, and as a result, can readily help you sidestep common mistakes, implement best practices, and ultimately make the best technology and process decisions for your unique business needs.

Key Landing Zone Criteria

A well designed and deployed landing zone simplifies decisions without sacrificing outcomes by incorporating:

  • Public cloud best-practices
  • Consistent security
  • Consistent management
  • Automation
  • Repeatability through Infrastructure as Code

While an enterprise cloud landing zone will feature customized infrastructure to match your specific security, networking, AMI and other needs, key criteria to consider include:

  • Deployment of a Continuous Integration/Continuous Deployment (CI/CD) tool, like Jenkins, to build various pipelines for infrastructure provisioning, application, and service deployment.
  • Enterprise Transit VPC for high security, scalability and availability needs; Transit VPC is critical for secure, reliable traffic flow between on-premises systems and the cloud.
  • Account factory that automates the creation of additional accounts. Consider also creating custom security alarms and account creation workflows.
  • EC2 pipelines that automate the creation and publishing of AMIs with custom security tests for AMI compliance.
  • A compliance dashboard that monitors the AWS account config and alerts operators if the account goes out of compliance.

 

Frequently Asked Questions

In this last section, we will address the most frequently asked questions we receive about how to get started with cloud computing.

Q: Security is a top priority for our organization. How do we apply Security by Design principles?

A: Any foray into the public cloud — from a first-time pilot project to ongoing migration at scale — shares responsibility for cloud security via a “Shared Responsibility Model”. Before getting started, it’s important to understand where the responsibility of the public cloud provider ends and where yours begins. For example, AWS operates, manages and controls the components from the host OS and virtualization layer down to the physical security of the facilities where it operates. Its customers are responsible for the management of guest OSs, application software, AWS WAF and more. That said, a security by design approach that embraces the building of security into the cloud foundation and landing zones are indeed foundational. Security should include best practices like log monitoring and archiving; a compliance dashboard to ensure policies (security, regulatory and operational) are all continuously met; DDOS protection; secure network connectivity; policies around IAM roles and responsibilities and more. If you are in doubt about security best practices, we highly recommend you consult with a professional services firm that specializes in this area.

Q: We are in a highly regulated industry. How do we make the transition to AWS while remaining in compliance?

A: The foundation of consistent compliance is often sound security. As a result, we recommend a landing zone that monitors specific regulatory-related controls and objectives. In addition, a compliance dashboard can ensure that the appropriate team members are alerted should a system, configuration, etc. move out of a known, good state. Last, we highly recommend a security by design approach that embeds industry best practices into the cloud foundation.

Q: We are pursuing a multi-cloud strategy. Can landing zones still help?

A. Yes. Not only can they help with individual public cloud adoption, but landing zones can bring enhanced efficiency, greater standardization, and speed adoption of hybrid and multi-cloud/cloud-agnostic service environments.

 

Complete the form at the right to download the guide.

Flux7, an NTT DATA Company |  Enterprises gain fast time to value from Flux7 cloud implementation, automation and DevOps consulting services and solutions. Bring ideas to life and shorten time to market with modern IT systems and workflows that scale, secure and increase the efficiency of technology service delivery.  Flux7 Premier AWS Consulting Partners provide insight and expertise from 300+ DevOps projects.

Share This Article
Facebook Twitter Pinterest Linkedin
Prev Post
Next Post

Related Articles

re:Invent Round-Up of AWS DevOps Announcements
By Flux7 Labs
December 21, 2020

re:Invent Round-Up of AWS DevOps Announcements

READ MORE
How Will SASE Change Networking in 2021?
By Flux7 Labs
December 16, 2020

How Will SASE Change Networking in 2021?

READ MORE

Recent Posts

  • re:Invent Round-Up of AWS DevOps Announcements

  • How Will SASE Change Networking in 2021?

  • AWS re:Invent Machine Learning Round-Up

  • How to Publish Managed Images to the Azure Marketplace

  • AWS re:Invent News Round-Up

  • Shave Days off Azure Marketplace Publishing with Automated Testing

  • IT Modernization and DevOps News Week in Review 11.30.2020

  • How To: Multi-Cluster Monitoring in Amazon EKS

  • IT Modernization and DevOps News Week in Review 11.16.2020

  • When to Migrate from AWS Landing Zone to AWS Control Tower

Flux7
  • About Flux7
  • Contact Us
  • Careers at Flux7
  • Newsroom
  • Meet our Team
Services
  • Enable Software Innovation
  • Enforce Security and Compliance
  • Adopt Cloud
  • Cloud Migration Services
  • Secure the Cloud
Resources
  • Analysts Reports
  • Case Studies
  • White Papers
About Flux7

Flux7, an NTT DATA Company, helps enterprises reduce the complexities of new and evolving cloud automation strategies. Agile and DevOps-native, Flux7’s robust IT services portfolio prioritizes a fast path to ROI, is transformation focused and creates secure and stable pathways for operational excellence.

Follow Us
Flux7, an NTT DATA Company | All Rights Reserved | Privacy Policy