Cloud adoption can be really hard to get right. It brings a host of challenges, complexities and risks that need to be carefully managed to ensure the many benefits of cloud computing are realised.
Landing zones offer an effective way to simplify and de-risk cloud adoption. They give developers a pre-configured foundation to build on in the vast ecosystem of the cloud. In fact, they’re the cornerstone of a fast, secure and cost-effective cloud adoption strategy, addressing potential issues upfront so they don’t cause problems later.
This post looks at why cloud landing zones should be at the heart of cloud adoption.
What is a cloud landing zone?
Every organisation migrating to or implementing in the cloud has different needs and priorities, which means there’s no one-size-fits-all template for best practices. However, a well-designed and strategically executed landing zone is the next best thing, providing an organisational template for deploying workloads into the cloud.
Put simply, a landing zone is comprised of building blocks that cover foundational elements of cloud deployments. These building blocks might include governance, data security, network design and logging as well as multi-account architecture and identity/access management. They’re configured in line with the broader organisational strategy and industry regulations, enforcing best practices for any workload deployed to the cloud.
Critical hygiene factors, like security and compliance, are baked in so developers can focus more time and energy on tasks that deliver value. They can also be given greater autonomy to explore the full potential of the cloud when these foundations are in place. Meanwhile, the overall risk is reduced because landing zones provide guardrails to prevent the environment from becoming an unwieldy, invisible and expensive entity that is difficult to control.
Three ways landing zones aid cloud adoption:
1. Landing zones help teams unlock cloud benefits
Landing zones help teams unlock cloud benefits by centralising and automating administrative tasks and heavy lifting. This enables wider benefits of cloud adoption – like agility, scalability and easier deployment – to be leveraged sooner. When application teams don’t hold responsibility for platform management, they can direct their time and expertise to activities that deliver enhanced customer value
2. They make the overall cloud environment more secure
They make the overall cloud environment more secure by creating a centralised security baseline for all implementations. Landing zone configuration should be aligned with the cloud provider’s well-architected principles for security, as well as any industry-specific or organisational requirements. This gives application teams the confidence and freedom to innovate, safe in the knowledge that security is taken care of.
3. They can be used to embed a cost-effective approach
Finally, they can be used to embed a cost-effective approach by consolidating cost management. In a previous blog post we looked at how tools like CloudCheckr can help reduce cloud operating costs. These can be integrated with landing zones that are built using vendor services such as AWS Control Tower.
Getting set for long-term success
While cloud landing zones are an excellent starting point for newly migrated or newly built deployments, they are not a ‘fire and forget’ project. Their context is everchanging as the cloud landscape, business conditions and security obligations evolve. They need to be nurtured to keep pace with these wider developments as well as advancements in best practice.
Ideally, cloud landing zones should be considered a product in their own right. In other words, managed on a long-term basis by a dedicated team, with users treated as customers.
You could say that landing zones are not an upfront design consideration, but rather a core element of a safe and effective cloud strategy. They address fundamental requirements and must continually adapt to perpetuate good standards of governance, security and cost-control.
At DevOpsGroup we’ve got lots of experience creating landing zones for both AWS and Azure. Our case study for global procurement consultancy Efficio explains how we used landing zones to ensure its migration to AWS embraced Well-Architected principles from the outset.