Automating Your AWS Landing Zone:
Enabling Large-Scale Migrations and Next-Gen Apps
Before you migrate applications to, or build next-gen applications on, Amazon Web Services (AWS), you need to ensure that you have a landing zone in place. The landing zone concept is a key component of cloud operational maturity as part of your enterprise multi-account environment strategy.
A landing zone should enable self-service for developers and engineers through the use of policy guardrails. These policy guardrails should be in place before migration, during migration, and post migration. After all, security and compliance cannot be a one-time effort, they must be a continuous process in order to minimize the risk of misconfigurations or policy violations.
DivvyCloud delivers several key components to ensure policy guardrails are automated:
- Unified security and compliance policies in multi-account environments mapped back to industry standards or your organization’s standards.
- Monitoring of policy violations across multiple-account environments.
- Real-time, user-driven, automated remediation of policy violations to minimize and mitigate risk.
- Reporting to verify security and compliance to peers, executives, and auditors and to build trust in CloudOps and CloudSecOps.
DivvyCloud recommends at a minimum using policies associated with the following standards pre-migration to build your landing zone:
- CIS AWS Benchmark
- CIS Kubernetes Benchmark (applies to AWS EKS)
- NIST Cybersecurity Framework
DivvyCloud also offers policies mapped to the following additional standards for your deployment pre-migration:
- NIST 800-53
- PCI DSS
- SOC 2
- ISO 27001
- CSA CCM
- FedRAMP CCM
You can create custom standards in DivvyCloud that include policies from one or more of the out-of-the-box standards and also build your own unique custom policies from scratch.
By deploying DivvyCloud pre-migration you can test each application to be migrated against these policies and avoid situations in which the application is out-of-compliance from their inception in AWS. This avoids immediate security and compliance issues and solves for challenging rework after the application has been promoted to production.
During migration DivvyCloud ensures that as developers and engineers leverage self-service capabilities to make changes these changes don’t violate security and compliance policies, and if they do they are immediately identified and corrected. This ensures that post-migration there are no surprises and again minimizes rework.
Post migration DivvyCloud plays an important role in ensuring that any drift that occurs from the initial configuration does not violate policy and delivers maturity to CloudOps and CloudSecOps teams. DivvyCloud’s ability to monitor, remediate, and report on security and compliance means that these teams can keep up with the incredible pace of cloud and rest easy.
Watch DivvyCloud’s 60 second video to learn how we help customers like GE, 3M, Autodesk, Discovery, and Fannie Mae stay secure and compliant.
DivvyCloud minimizes security and compliance risk by providing virtual guardrails for security, compliance, and governance to customers embracing the dynamic, self-service nature of public cloud, and container infrastructure. Customers like General Electric, Discovery Communications, and Fannie Mae run DivvyCloud’s software to achieve continuous security governance in cloud and container environments (AWS, Azure, GCP, Alibaba, and Kubernetes). First, our software performs real-time, continuous discovery of infrastructure resources allowing customers to identify risks and threats. Second, customers can implement out-of-the-box or custom cloud-native policy guardrails that identify and alert on violations. Third, we automate the enforcement and remediation of these policies.
*** This is a Security Bloggers Network syndicated blog from DivvyCloud authored by David Mundy. Read the original post at: https://divvycloud.com/blog/automating-your-aws-landing-zone/