Build, Secure and Govern your Cloud Platform and Services with AWS Control Tower
Building a secure cloud platform for an enterprise requires setting up of the right account structure and security boundaries in the cloud. It involves establishing controls and implementing the right policies that enable seamless consumption of cloud services. AWS Control Tower is a service that makes it easy to set up and govern a new, secure, multi-account environment based on best practices established by AWS.
Infosys has implemented AWS Control Tower for several global customers to establish a secure cloud platform on AWS and accelerate the adoption of cloud in secure and compliant manner.
Key Features of Secure Cloud Platform enabled by AWS Control Tower include:
Landing Zone: A multi-account AWS environment setup based on well-architected framework with embedded security and compliance best practices. AWS Control Tower automates the setup of a new landing zone using blueprints for identity, federated access, and account structure.
Preventive and Detective Guardrails: Implementing mandatory guardrails of the enterprise as part of the platform for proactive and continuous implementation of policies and controls. AWS Control Tower offers a curated set of guardrails based on AWS best practices and common customer policies for governance.
Account Factory: Automating the provisioning of new accounts in the organization enabling seamless adoption of cloud for various workloads. An account template for standardized provisioning of new accounts with pre-approved configurations for network, Region, etc. enables self-service for builders to configure and provision new accounts using AWS Service Catalog.
Benefits
- Multi-region, multi-account deployment in AWS Control Tower Landing Zones that reduces the total duration of any project and provides secure, compliant AWS environment for the reliable platform application on-boarding
- Adopts AWS Well Architected Framework that increases overall security score by ~90%
- Standardized network configuration deployed for a secure and performant network
- Improve operational resiliency, enable scalability, and drive agility
- Engineering with AWS cloud native services that can be enriched with 3rd party security product & services
Key Challenges and Solutions
Challenge: Large enterprises must deal with the complexity of designing a secure AWS foundation for multiple lines of business (LOBs). There is also the need to control and manage the process centrally
Solution: Use relevant Infosys Cobalt assets that are built with AWS Control Tower to simplify the deployment of a multi-account architecture. This follows the Well-Architected Framework with security and compliance best practices.
Challenge: How to reduce the total cost of ownership while ensuring integrated security?
Solution: Infosys approach for secure cloud platform incorporates battle tested cloud security reference architectures leveraging AWS native security controls and managed security services to reduce complexity and thereby reducing the TCO.
Challenge: Enterprises often face a challenge to segregate the workload based on the functionalities involved
Solution: Infosys facilitates workload migration to the new AWS environments with distinctive accounts to segregate workload and enable for cross account secure communications in the AWS Landing Zones