AZURE LANDING ZONES

key highlights

cloud migration

DevOps

IAM

Security

Automated multi acc

 INDEX
Sr No. Table of Contents Page No.

1. Background 4

2. Introduction 4

3. Challenges 4

4. Solution 5

4.1 Azure landing zone 5

5. Conclusion 6

Appendix 6

This case study aim to provide a holistic overview on the processes of

Infrastructure discovery and assessment, Solution Overview and
Architecture, Azure Foundation and Landing Zone, Business
Continuity and Disaster Recovery, Security Policies designs
for Azure Migration.

2
3
1. BACKGROUND
The number of enterprise applications and data being moved to the cloud is on a
pacing rise, and so is the number of failures. C & K and AWT Ltd. approached
us with a similar problem of cloud failure. They had difficulty with their on-

4
premise hardware procurement & provisioning, and could not attain the
flexibility they wanted on the cloud. So as a cloud service provider Enterprise
EY decided to move cloud landing zone that is typically the first step in a
business’ cloud migration for a factory model application. It is the infrastructure
foundation that allows you to scale ten stories on top of it without any chances
of collapsing – only if the design/blueprint is correct.

2. INTRODUCTION
 This case study talks about, a health giant AWT and C&K Management
e-learning platform with a global presence, that wanted to implement an
Azure landing zone to establish a secure and scalable cloud environment.
 This use case is aimed to improve security, governance, and control for all
the existing and future subscriptions in the customer’s Azure account.
 The key security aspects that the Cloud Infrastructure team of EY Cloud
service provider covered were security control policies, proactive and
remediation, identity and access management policies and roles, cloud
security and configuration tooling, alerting, and monitoring, iteratively
evolving and improving overall governance

3. CHALLENGES
Organizations today struggle to balance agility with risk management for secure
and scalable environment following are the challenges faced by organizations:
 security controls of multi-account structures
 efficiently used the network topology
 Lacking of secure enviornment with proper implementation of Access
management(RBAC roles)
 Infrastructures and cloud migration security management
 Lacking auditing requirements to support highly scalable workloads
 Companies Lack better cost optimization and governance policies.

4. SOLUTION
The Cloud Service Provider EY Ltd. turns to Azure for providing solution to
their patners. For organisations like C & K Ltd. And AWT ltd. Scalability data
migration and governance can be solved by implementing azure landing zone

5
4.1 AZURE LANDING ZONE
 An Azure landing zone is the output of a multi-subscription Azure
environment that accounts for scale, security governance, networking,
and identity. An Azure landing zone enables application migration,
modernization, and innovation at enterprise-scale in Azure.
 Landing zones provide a way for organizations to set baseline parameters
around things like governance and networking and then apply those
parameters to new cloud environments. Without landing zones,
engineering teams would have to manually configure every cloud
environment before it’s deployed.
 With centralized monitoring and logging, Azure AD logs, user activity,
and Network flow logs are aggregated in log analytics workspace &
dashboard is created in Azure monitor for better visibility. Logic apps are
configured to be triggered from event hub based on the log analytics
events, and resource utilization thresholds

1. Security Compliances and governance policies:

The Azure landing zone was designed to meet the organization's
compliance requirements. The organization's data was classified based on
its sensitivity,appropriate security controls were implemented to protect
the data. meet organization's compliance requirements, HIPAA. The
organization's security and compliance teams involved in the process to
ensure that the Azure landing zone met their standards.

2. Increased Agility:
Azure landing zones is the increased agility they provide. With Azure
landing zones, you can quickly set up your cloud environment and
start using it right away. This can help you accelerate your time-to-
value and get your applications up and running faster.

3. Improved Security:
cloud environment will be secure from the get-go. Azure landing
zones include pre-configured security controls, network segmentation,
and identity management to protect your data and applications.

4. Azure landing zones accelerators:

Accelerators are infrastructure-as-code implementations that help you
deploy an Azure landing zone correctly. We have a platform landing

6
 zone accelerator and several application landing zone accelerators you
can deploy.
5. Account security baseline:
Security baseline with preventative and detective control. Secure by
control, compliance, and design needs to be at the heart of everything
that is done. Planning for centralized security and logging approach
gives you a single pane of glass over multiple environments or
accounts. With continuous monitoring, you can also set up alert
notifications pertaining to security, sign-in failures, root logins, etc.

6. Automated account management:

Landing Zone provides a framework for creating and baselining a
multi-account automated environment Automation of the multi-
account cloud environment helps save the time of setup, while also
implementing that initial security baseline for any digital environment
you are going to use.

7. Platform Automation and DevOps:

DevOps automation tools that creates containerized environments for
apps, making them more portable, secure, and reducing conflicts while
testing. Docker enables DevOps to build and run applications quickly
and efficiently.

8. Access management and network considerations:

Identity and access management (IAM) is a framework of business
processes, policies, and technologies that facilitates the management
of electronic or digital identities. Network Implementation measures
to ensure the network is highly available, resilient, and scalable.
Choose networking services, tools, and architectures to support the
organization’s workload, governance, and connectivity requirements.

5. CONCLUSION
A Landing zone forms the baseline for any organization’s cloud adoption
journey. It is extremely crucial for a organization that its security, governance,
and compliance requirements are never compromised. Therefore, by careful
planning with Intuitive .Cloud’s Engineering team(EY), the customer C & K
and AWT was able to build a strong, secure, and compliant foundation for
beginning its cloud adoption journey. The organization also experienced cost

7
reductions and improved efficiency. Moreover, with the right industry-standard
best practices in place, they achieved a secure, scalable, and highly available
Azure environment to accelerate their cloud adoption journey.

Appendix:
https://intuitive.cloud/case-studies/azure-landing-zone-implementation
https://blog.clearscale.com/cloud-landing-zones-what-are-they-and-why-do-
they-matter/#:~:text=Landing%20zones%20provide%20a%20way,cloud
%20environment%20before%20it's%20deployed
https://www.thomasmaurer.ch/2023/02/5-reasons-to-use-azure-landing-zones-
for-your-cloud-migration/
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/
landing-zone/