Case Study
CLOUD GOVERNANCE AUTOMATIONCase studies
Cloud Governance Automation
Concerns with the unknown and concerns of losing control are probably two major hurdles for any transformation in a corporate environment. When looking through a Security or Financial lens, these concerns are further magnified. Cloud Adoption in an enterprise falls squarely in this bucket. Though there are other dimensions to this transformation, the right partner can help provide the necessary tooling, automation, and training to help gain visibility into assets deployed on Cloud and to enforce enterprise standards and best practices.
Qualigy Tech’s Cloud Accelerators bootstrap our customer’s cloud adoption journey. Using our accelerators, we lay a cloud foundation to meet our customer’s needs and reducing friction in the process. Qualigy Tech recently helped a customer set up their AWS environment.
Cloud governance automation
Discovery
- Qualigy Tech’s advisors met with customers stakeholders to understand their AWS needs
- Primary drivers of cloud adoption
- Business Agility
- Rapid experimentation
- Concerns of stakeholders; Business, Engineering, Operations, Security, Finance, Compliance
- Application footprint
- Mix of legacy backend applications and web applications
- Desire to create a data lake to enable analytics
Define AWS account structure
- Workload delineation and tracking
- Dependencies and interconnect needs
Security and Compliance
- Define guardrails through AWS Organization Security Control Policies
- Define a process to audit, create and update policies
Tracking using Tags
- Define asset taxonomy (tags) – integration with ITIL/CMDB systems
- Define a process to request, approve and create new tags
Automation needs
- Account Vending Machine to launch new accounts with pre-defined guardrails
Implementation
multi-account AWS foundation.
Qualigy Tech’s qGov to setup a multi-account AWS foundation.
- ~60 SCP’s
- Tagging Policy with CD pipeline to integrate with CMDB on ServiceNow
- SSO integration with Okta for AWS console and CLI access
- ServiceNow workflow integration to request and launch new accounts through qGov framework
Security Hub and Guard Duty setup
Qualigy Tech’s qSec to automate security and compliance
- Integration with CloudTrail, Guard Duty and Security Hub
- ~100 security and compliance checks triggered by CloudTrail events
- At-risk assets identified within 15mins of launch; remediation and notification
Inventory and audit trail
Qualigy Tech’s qFi for financial tracking
-
- Cloud spend tracking through Tags
- Processing of AWS CUR invoices using Athena and dashboards on PowerBI
- Custom process for internal chargebacks