Many organizations are swiftly making the move to adopt cloud as part of their enterprise strategy. Indeed, 87% of the business and tech executives responding to PwC’s US Cloud Business Survey told us they’ve implemented cloud either via a hybrid cloud approach (66%) or by using public cloud exclusively (21%). This means that enterprises no longer just look to the cloud as a niche sandbox, but rather an enterprise-ready platform to migrate their most critical workloads.
In the early stages of a cloud transformation project, many organizations lack the appropriate governance for the foundation of their cloud environments. These organizations may have exploratory workloads being run by disparate teams without the appropriate governance in place or they may have no cloud presence at all. Having a well-architected landing zone is an important building block in order to not only enable innovation at scale but provide the appropriate guardrails to confirm that your teams can operate optimally.
But first, what is a landing zone? It is a critical foundational component of any cloud environment. Not only does a well-architected landing zone provide structure in a multi-account environment, it supports the enforcement of your governance and security objectives across your Amazon Web Services (AWS) landscape. When built correctly, a landing zone should address key areas such as identity and access management, logical segmentation, security controls, cost management and data protection.
AWS introduced a service called AWS Control Tower in June of 2019. This service removes the undifferentiated heavy lifting and allows you to quickly deploy and operate your cloud landing zones at scale. It does this by integrating with other underlying AWS services to automate the provisioning of accounts using AWS Well-Architected practices.
It also provides customization solutions that integrate with the Control Tower service life cycle events. These solutions enable implementation of additional security and infrastructure leading practices in an automated way. The first solution, Customization for Control Tower (CfCT), supports CloudFormation as the infrastructure-as-code (IaC) platform of choice. The second solution, Account Factory for Terraform (AFT), supports Terraform as the IaC platform of choice. Our clients report seeing significant reductions in manual effort related to performing repetitive tasks by using one of these solutions.
In order to help accelerate your organization’s cloud journey, cloud native services should be leveraged where applicable. Take, for example, common use cases across workloads such as data encryption, storing secrets and maintaining public/private certificates for encryption in transit. AWS offers self-managed services for each of these core areas, namely AWS KMS, AWS Secret Manager and AWS Certificate Manager. Using cloud native services provides the flexibility to immediately start developing capabilities around some of these important nonfunctional requirements without having to go through a traditional procurement process (sales, licensing, etc). The pay-as-you-go model for these services provides a flexible approach to costs associated with enabling these features.
Finally, apart from the technological considerations, an equally important element in accelerating a cloud migration lies in fostering a culture of cloud adoption. We’ve seen the success of cloud migration and application modernization projects being directly proportional to how early and effectively cross functional teams such as security, infrastructure, apps and DevOps within an organization get involved with the initiative. Cloud migrations won’t work without cross functional teams collaborating to meet functional and nonfunctional requirements. By collaborating early, your teams stand to experience firsthand the nuances of developing in a public cloud and directly achieve a successful outcome.
PwC has helped many organizations build out new landing zones or enhance their existing landing zones using industry leading practices. Our holistic approach helps establish that those landing zones not only meet their business and technical requirements but can also scale over time. Additionally, PwC understands the importance of educating our clients along the way and confirming IT teams are enabled to adopt a cloud-first mindset.
PwC helps leaders meet the demand of the digital economy.