SlideShare a Scribd company logo

Secure Cloud governance - AWS landing zone

Tushar Gupta
Tushar Gupta

This presentation will cover Cloud Governance with desired security and admin controls provided by AWS Landing zone solution.

Presentations & Public Speaking
1 of 25
Download to read offline
Secure Cloud Governance Tushar Gupta Senior Cloud Consultant – APAC, SoftwareOne
Introduction
Tushar Gupta - 10+ years of experience across Enterprise Datacenter and Cloud technologies - Specialized in Cloud Migration and Hybrid Architectures to onboard customers to AWS Cloud 3x AWS Certifications: - AWS Certified Advanced Networking Specialty - AWS Certified Solution Architect- Professional - AWS Certified Solution Architect- Associate Connect with me on LinkedIn
Typical Enterprise Situation Infrastructure Request Infrastructure Provisioning Governance Service Management ▪ High Lead time – ~ days to weeks ▪ Process heavy Service Management ▪ Governance and Compliance Issues
Agility v/s Control We want Agility for innovation and Faster time to Market Line of Business Central ITHow to achieve Strong Business-IT alignment ??
Opportunity to achieve Agility & Control Infrastructure Templates, Policies & Best Practices Governance and Control Monitor and Logging Automated Provisioning ▪ Lead time in minutes ▪ Service Catalogue for Landscape Management ▪ Automated Service Management
Cloud Governance at Scale
Governance at AWS ▪ AWS’s focus is to maintain speed and agility in Cloud ▪ Governance is not a Project ▪ Requires collaboration of other teams and integrations of different perspectives of Cloud Adoption Framework Cloud Governance is one of the key perspectives of AWS Cloud Adoption Framework (CAF)
Security Standardization Operational Efficiency Key Drivers for Cloud Governance Standardization across multiple accounts for different business units Secure and compliant Infrastructure for data protection and audit purpose Quick Infrastructure provisioning and service management for business workloads in Cloud
Common Governance Challenges Control and Visibility Multi-Account Strategy Integration challenges Delegation of Responsibility
Need of the Hour 01 Automated Provisioning 02 Compliance Automation 03 Multi-Account Structure 04 Consolidated Billing
AWS Landing Zone Solution
Why one AWS Account is not enough? Chargeback Security and Compliance Controls Isolation Business Process Multi-Environment
Issues with Multi-Account structure - AWS • Issue with centralized management • No standard Security or Account level Baselines • Manual Provisioning with high lead time • Distributed Service Management • Cost Management issues
AWS Landing Zone - Solution Configured, Secure & Scalable Multi-account AWS environment based on AWS best practices Starting point for customer’s Application Migration journey Environment that allows for Iteration & Extension over time
AWS Landing Zone - Outcomes • Framework for creating and baselining a multi-account environment • Initial multi-account structure that includes security, audit, and shared service requirements Account Management • User account access managed through AWS SSO federation • Cross-account roles enable centralized management Identity & Access Management • Multiple accounts enable separation of duties • Initial account security and AWS Config rules baseline • Network baseline Security & Governance
AWS Landing Zone Mitigating Cloud Governance Challenges
AWS Landing Zone Solution ▪ Account provisioning via Account Factory ▪ Standardized account security baselines, AWS Guardrails ▪ Centralized Logging for AWS CloudTrail or AWS Config services ▪ Centralized multi-account account authentication via AWS Single Sign-On (AWS SSO) with an integrated directory ▪ Simple and interactive Dashboard for Alerts and Notifications for Compliance Management
3 Pillars of Cloud Governance Account Management Cost Management Compliance Automation
Account Management AWS Organizations ▪ Centrally manage multiple AWS Accounts ▪ Standard account and security baselines for other AWS Accounts AWS Service Catalog ▪ Automated Account provisioning using Account Factory Service Control Policies ▪ Access Management and control at AWS account level
Cost Management AWS Consolidated Billing ▪ Consolidated billing of all AWS accounts under one Master account AWS Budgets ▪ AWS Budgets for Cost Management across different AWS accounts AWS Alerts & Notifications ▪ Automated alerts & notifications to stakeholders for potential budget overruns
Compliance Automation AWS Config Rules AWS CloudWatch ▪ Compliance automation at account and service levels with AWS Guardrails ▪ Continuous Monitoring for Compliance rules change and logs sent to S3 Bucket Interactive Dashboard ▪ Centralized & Interactive dashboard for comprehensive view of compliance status across AWS accounts
Live Demonstration AWS Cloud Governance
Questions ??
Thank You !!

Recommended

AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Amazon Web Services
 
Maximizing Business Value as You Migrate to AWS
Maximizing Business Value as You Migrate to AWSMaximizing Business Value as You Migrate to AWS
Maximizing Business Value as You Migrate to AWS
Amazon Web Services
 
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
Amazon Web Services Korea
 
Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both Worlds
Amazon Web Services
 
Hybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudHybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS Cloud
Amazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Amazon Web Services
 
01 aws track 1
01 aws track 101 aws track 1
01 aws track 1
JoaoSeverino2
 

Recommended

AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Amazon Web Services
 
Maximizing Business Value as You Migrate to AWS
Maximizing Business Value as You Migrate to AWSMaximizing Business Value as You Migrate to AWS
Maximizing Business Value as You Migrate to AWS
Amazon Web Services
 
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
Amazon Web Services Korea
 
Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both Worlds
Amazon Web Services
 
Hybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS CloudHybrid IT Approach and Technologies with the AWS Cloud
Hybrid IT Approach and Technologies with the AWS Cloud
Amazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Amazon Web Services
 
01 aws track 1
01 aws track 101 aws track 1
01 aws track 1
JoaoSeverino2
 
Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
CloudHesive
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
East Midlands Cyber Security Forum
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web Day
AWS Germany
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
Amazon Web Services
 
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
Amazon Web Services
 
Running Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesRunning Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web Services
Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
Amazon Web Services
 
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Amazon Web Services
 
Architecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi AccountsArchitecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi Accounts
Amazon Web Services
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
AWS Chicago
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Amazon Web Services
 

More Related Content

What's hot

Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
CloudHesive
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
East Midlands Cyber Security Forum
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web Day
AWS Germany
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
Amazon Web Services
 
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
Amazon Web Services
 
Running Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesRunning Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web Services
Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
Amazon Web Services
 
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Amazon Web Services
 
Architecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi AccountsArchitecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi Accounts
Amazon Web Services
 

What's hot (20)

Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Datensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web DayDatensicherheit mit AWS - AWS Security Web Day
Datensicherheit mit AWS - AWS Security Web Day
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
 
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
Deploying a Data Lake in AWS - AWS Summit Tel Aviv 2017
 
Running Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web ServicesRunning Microsoft Enterprise Workloads on Amazon Web Services
Running Microsoft Enterprise Workloads on Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
 
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
 
Architecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi AccountsArchitecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi Accounts
 

Similar to Secure Cloud governance - AWS landing zone

Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
AWS Chicago
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Amazon Web Services
 
AWS Landing Zone - Architecting Security and Governance
AWS Landing Zone - Architecting Security and GovernanceAWS Landing Zone - Architecting Security and Governance
AWS Landing Zone - Architecting Security and Governance
Akesh Patil
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Amazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
Amazon Web Services
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
Amazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Amazon Web Services
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
Amazon Web Services
 
Governance at Scale
Governance at Scale Governance at Scale
Governance at Scale
Amazon Web Services
 
Application Migrations
Application MigrationsApplication Migrations
Application Migrations
Amazon Web Services
 
Migración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores PrácticasMigración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores Prácticas
Amazon Web Services LATAM
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
Amazon Web Services
 
Webinar: Accelerate Your Cloud Business With CloudHealth
Webinar: Accelerate Your Cloud Business With CloudHealthWebinar: Accelerate Your Cloud Business With CloudHealth
Webinar: Accelerate Your Cloud Business With CloudHealth
CloudHealth by VMware
 
Are You Well Architechted? - DevDay Los Angeles 2017
Are You Well Architechted? - DevDay Los Angeles 2017Are You Well Architechted? - DevDay Los Angeles 2017
Are You Well Architechted? - DevDay Los Angeles 2017
Amazon Web Services
 
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing Zone
Amazon Web Services
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Amazon Web Services
 
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Amazon Web Services
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
OSSCube
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services
 

Similar to Secure Cloud governance - AWS landing zone (20)

Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptxTrack 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
Track 5 Session 2_SEC01 多重帳戶安全策略與方針.pptx
 
AWS Landing Zone - Architecting Security and Governance
AWS Landing Zone - Architecting Security and GovernanceAWS Landing Zone - Architecting Security and Governance
AWS Landing Zone - Architecting Security and Governance
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
 
Governance at Scale
Governance at Scale Governance at Scale
Governance at Scale
 
Application Migrations
Application MigrationsApplication Migrations
Application Migrations
 
Migración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores PrácticasMigración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores Prácticas
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Webinar: Accelerate Your Cloud Business With CloudHealth
Webinar: Accelerate Your Cloud Business With CloudHealthWebinar: Accelerate Your Cloud Business With CloudHealth
Webinar: Accelerate Your Cloud Business With CloudHealth
 
Are You Well Architechted? - DevDay Los Angeles 2017
Are You Well Architechted? - DevDay Los Angeles 2017Are You Well Architechted? - DevDay Los Angeles 2017
Are You Well Architechted? - DevDay Los Angeles 2017
 
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing Zone
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
 
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...
 
Introduction to AWS
Introduction to AWSIntroduction to AWS
Introduction to AWS
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 

Recently uploaded

IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
Claudio Gallicchio
 
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
OECD Directorate for Financial and Enterprise Affairs
 
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
gpww3sf4
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
samililja
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
OECD Directorate for Financial and Enterprise Affairs
 
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
OECD Directorate for Financial and Enterprise Affairs
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
Robin Haunschild
 
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
SkillCertProExams
 
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real lifeCarrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
artemacademy2
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other usesDisaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
RIDHIMAGARG21
 
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
OECD Directorate for Financial and Enterprise Affairs
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Ben Linders
 
Using-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptxUsing-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptx
kainatfatyma9
 
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
kekzed
 
Proposal: The Ark Project and The BEEP Inc
Proposal: The Ark Project and The BEEP IncProposal: The Ark Project and The BEEP Inc
Proposal: The Ark Project and The BEEP Inc
Raheem Muhammad
 
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionArtificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
OECD Directorate for Financial and Enterprise Affairs
 

Recently uploaded (20)

IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
 
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
 
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
 
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
 
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
 
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real lifeCarrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
 
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other usesDisaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
 
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
 
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
 
Using-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptxUsing-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptx
 
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
 
Proposal: The Ark Project and The BEEP Inc
Proposal: The Ark Project and The BEEP IncProposal: The Ark Project and The BEEP Inc
Proposal: The Ark Project and The BEEP Inc
 
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussionArtificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – LIM – June 2024 OECD discussion
 
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
 

Secure Cloud governance - AWS landing zone

  • 1. Secure Cloud Governance Tushar Gupta Senior Cloud Consultant – APAC, SoftwareOne
  • 3. Tushar Gupta - 10+ years of experience across Enterprise Datacenter and Cloud technologies - Specialized in Cloud Migration and Hybrid Architectures to onboard customers to AWS Cloud 3x AWS Certifications: - AWS Certified Advanced Networking Specialty - AWS Certified Solution Architect- Professional - AWS Certified Solution Architect- Associate Connect with me on LinkedIn
  • 4. Typical Enterprise Situation Infrastructure Request Infrastructure Provisioning Governance Service Management ▪ High Lead time – ~ days to weeks ▪ Process heavy Service Management ▪ Governance and Compliance Issues
  • 5. Agility v/s Control We want Agility for innovation and Faster time to Market Line of Business Central ITHow to achieve Strong Business-IT alignment ??
  • 6. Opportunity to achieve Agility & Control Infrastructure Templates, Policies & Best Practices Governance and Control Monitor and Logging Automated Provisioning ▪ Lead time in minutes ▪ Service Catalogue for Landscape Management ▪ Automated Service Management
  • 8. Governance at AWS ▪ AWS’s focus is to maintain speed and agility in Cloud ▪ Governance is not a Project ▪ Requires collaboration of other teams and integrations of different perspectives of Cloud Adoption Framework Cloud Governance is one of the key perspectives of AWS Cloud Adoption Framework (CAF)
  • 9. Security Standardization Operational Efficiency Key Drivers for Cloud Governance Standardization across multiple accounts for different business units Secure and compliant Infrastructure for data protection and audit purpose Quick Infrastructure provisioning and service management for business workloads in Cloud
  • 10. Common Governance Challenges Control and Visibility Multi-Account Strategy Integration challenges Delegation of Responsibility
  • 11. Need of the Hour 01 Automated Provisioning 02 Compliance Automation 03 Multi-Account Structure 04 Consolidated Billing
  • 13. Why one AWS Account is not enough? Chargeback Security and Compliance Controls Isolation Business Process Multi-Environment
  • 14. Issues with Multi-Account structure - AWS • Issue with centralized management • No standard Security or Account level Baselines • Manual Provisioning with high lead time • Distributed Service Management • Cost Management issues
  • 15. AWS Landing Zone - Solution Configured, Secure & Scalable Multi-account AWS environment based on AWS best practices Starting point for customer’s Application Migration journey Environment that allows for Iteration & Extension over time
  • 16. AWS Landing Zone - Outcomes • Framework for creating and baselining a multi-account environment • Initial multi-account structure that includes security, audit, and shared service requirements Account Management • User account access managed through AWS SSO federation • Cross-account roles enable centralized management Identity & Access Management • Multiple accounts enable separation of duties • Initial account security and AWS Config rules baseline • Network baseline Security & Governance
  • 17. AWS Landing Zone Mitigating Cloud Governance Challenges
  • 18. AWS Landing Zone Solution ▪ Account provisioning via Account Factory ▪ Standardized account security baselines, AWS Guardrails ▪ Centralized Logging for AWS CloudTrail or AWS Config services ▪ Centralized multi-account account authentication via AWS Single Sign-On (AWS SSO) with an integrated directory ▪ Simple and interactive Dashboard for Alerts and Notifications for Compliance Management
  • 19. 3 Pillars of Cloud Governance Account Management Cost Management Compliance Automation
  • 20. Account Management AWS Organizations ▪ Centrally manage multiple AWS Accounts ▪ Standard account and security baselines for other AWS Accounts AWS Service Catalog ▪ Automated Account provisioning using Account Factory Service Control Policies ▪ Access Management and control at AWS account level
  • 21. Cost Management AWS Consolidated Billing ▪ Consolidated billing of all AWS accounts under one Master account AWS Budgets ▪ AWS Budgets for Cost Management across different AWS accounts AWS Alerts & Notifications ▪ Automated alerts & notifications to stakeholders for potential budget overruns
  • 22. Compliance Automation AWS Config Rules AWS CloudWatch ▪ Compliance automation at account and service levels with AWS Guardrails ▪ Continuous Monitoring for Compliance rules change and logs sent to S3 Bucket Interactive Dashboard ▪ Centralized & Interactive dashboard for comprehensive view of compliance status across AWS accounts