Cloud Landing Zone – Essentials you should know
Background
We see extensive expansion of cloud services everyday. If decade ago we might say that cloud is a perfect fit for start-ups and small business, so nowadays we see the persistent growth of cloud services used by enterprices.
By 2025, 75% of large enterprises will build self-service development platforms to improve internal developer experience and drive product innovation, up from 20% in 2021 Gartner
The enterprise-level workloads growth lead to new challenges for both service providers and IT departments. The cost of data breach gets higher every day and large enterprises have no choice but to adapt their processes and reborn in trully cloud-native environments. Cloud landing zone is the base for the successful infrastructure in the Cloud.
What is Cloud Landing Zone?
Cloud landing zone is a dynamic scalable secured environment, that adapts to changes in the organizational structure. It includes different elements: resources, identities, networking, security etc. The value of the cloud landing zone is in ability to adopt a new workload in standard, secure way. It may enforce security policies, basic configuration and limits for each workload.
Here are 5 key aspects a landing zone can and should take care of in your Multi-Account cloud:
- Security & Compliance
- Detective and preventive security solutions and Guardrails
- Standardized tenancy
- Identitiy and resource bindings correspond ro organization structure
- Automated deployment and onboarding
- Centralized Logs management
- Identity and access management
- Identity management via user directiry
- Privileges are assigned according to user roles
- API keys, secrets are securely stored and managed in secrets manager
- Networking
- Central Network Management for Egress, Ingress, Inspection
- Operations
- Central Monitoring System
- Patch management
- Application and infrastructure security: WAF, IPS/IDS, etc…
- Backups
Challenges and Caveats
Where do the things become tough? As we are speaking about large enterprise, we should consider it's heritage from the beginning of the times: legacy applications, vast amount of on-premises facilities, complex networking infrastructure etc. The cloud adoption is a challenge for all of the participants.
The cloud providers developped Cloud Adoption Frameworks for their customers. The properly built cloud landing zone will be a great starting point in the journey.
By 2025, 35% of companies that use multiple public cloud providers will use a single network stack, an increase of more than 10x from 2021. Gartner
The majority of enterprises are not enclosed to specific cloud provider, many of them having presence at all of the vendors. On of the main challenges here – is to build the processes and environment in the way, allowing to stay flexible enough and be cloud-agnostic. On the other hand, the cloud vendor solutions are essential still, to leverage the benefits of each specific vendor. The cloud landing zone should be built with maximum flexibility in mind. Multi-cloud became a standard nowadays. The tools used as cloud landing zone components should be carefully chosen during the design stage. In addition to vendor-locked solutions, there is a number of well-known third-party products, that may be used in cloud-native environments. WAF, Endpoint security, Firewalls are providing the cloud appliences, or cloud-native managed services. You may achieve the best level of efficency with combination of vendor and third-party solutions.
Properly built cloud landing zone will provide the standard thoroughly automated way to build your environments and will help to overcome the challenges.
Wrapping up
The cloud landing zone is a tool to build the basics of your long-term cloud journey. Well-architected and properly implemented landing zone solution will help you dealing with your infrastructure, security and compliance tasks. The great result requires sensitive investments – close work with cloud provider and consulting partner is essential for the success.
Useful Links
Today each Cloud Provider has it's own guidelines on how to build the Enterprise cloud landing zone: