Cloud Security and Compliance
Consistent security across cloud platforms
What is a cloud landing zone?
A cloud landing zone describes a securely configured cloud environment. It defines permissible project scopes, e.g. for dev or production environments. Policies for the connected cloud platforms can be set and selected during project creation. The landing zones are implemented using cloud-native tools such as Azure Blueprints or AWS Cloud Formation Templates.
What are the benefits of using cloud landing zones?
Cloud landing zones enable organizations to establish a preventive cloud security approach. Configuring cloud tenants before handing them out to DevOps teams, has many benefits:
- It prevents misconfigurations of cloud environments, e.g. missing encryption
- It relieves DevOps teams from manual set up steps for cloud tenants
- It unifies the security level of a large number of cloud tenants, leading to more consistency and transparency
- It enables cloud management teams to ensure a certain level of control on the infrastructure, while providing DevOps teams with autonomy within the clouds
Security by default for all clouds
- Individual definition of policies
- Consistent implementation of policies by Landing Zones
- Best-Practice Landing Zones
- Continuous Inspection of the Landing Zones
- Landing Zone Lifecycle (e.g. Edits, Updates, Deletion)
- Auditable Access Logs (→IAM)
- Integrated approval workflows, e.g. for role changes (→IAM)
Secure Cloud Configuration: How Landing Zones work in meshcloud
Platform Operator Olivia can define landing zones for different project types.
When creating a meshProject, Team Lead Tom selects the appropriate landing zone for each cloud platform.
Security and compliance for all your cloud projects
Challenge – Lack of know-how to implement compliance guidelines
In most cases, development teams are responsible for the implementation of regulations and policies in consultation with compliance and security teams. As a result, policies are implemented differently and are subject to a complex and resource-intensive review process. This makes it difficult to use new technologies, and valuable development resources are lost. In addition, compliance with policies is difficult to control in the long term, especially in multi-cloud environments.
Solution - Uniform security level for all cloud accounts
With meshcloud, policies can easily be rolled out across clouds via landing zones. This enables a consistent implementation of secure operating concepts. An example: Limit cloud regions by default to ensure data storage in Germany or Europe or exclude non-GDPR-compliant services from use.