Case Study

CLOUD GOVERNANCE AUTOMATION

Case studies

Cloud Governance Automation

Concerns with the unknown and concerns of losing control are probably two major hurdles for any transformation in a corporate environment. When looking through a Security or Financial lens, these concerns are further magnified. Cloud Adoption in an enterprise falls squarely in this bucket. Though there are other dimensions to this transformation, the right partner can help provide the necessary tooling, automation, and training to help gain visibility into assets deployed on Cloud and to enforce enterprise standards and best practices.

Qualigy Tech’s Cloud Accelerators bootstrap our customer’s cloud adoption journey. Using our accelerators, we lay a cloud foundation to meet our customer’s needs and reducing friction in the process. Qualigy Tech recently helped a customer set up their AWS environment.

Cloud governance automation

Discovery

  • Qualigy Tech’s advisors met with customers stakeholders to understand their AWS needs
  • Primary drivers of cloud adoption
    • Business Agility
    • Rapid experimentation
  • Concerns of stakeholders; Business, Engineering, Operations, Security, Finance, Compliance
  • Application footprint
    • Mix of legacy backend applications and web applications
    • Desire to create a data lake to enable analytics
Cloud Governance

Define AWS account structure

  1. Workload delineation and tracking
  2. Dependencies and interconnect needs

Security and Compliance

  1. Define guardrails through AWS Organization Security Control Policies
  2. Define a process to audit, create and update policies

Tracking using Tags

  1. Define asset taxonomy (tags) – integration with ITIL/CMDB systems
  2. Define a process to request, approve and create new tags

Automation needs

  1. Account Vending Machine to launch new accounts with pre-defined guardrails

Implementation

multi-account AWS foundation.

Qualigy Tech’s qGov to setup a multi-account AWS foundation.

  • ~60 SCP’s
  • Tagging Policy with CD pipeline to integrate with CMDB on ServiceNow
  • SSO integration with Okta for AWS console and CLI access
  • ServiceNow workflow integration to request and launch new accounts through qGov framework

Security Hub and Guard Duty setup

Qualigy Tech’s qSec to automate security and compliance

  • Integration with CloudTrail, Guard Duty and Security Hub
  • ~100 security and compliance checks triggered by CloudTrail events
  • At-risk assets identified within 15mins of launch; remediation and notification

Inventory and audit trail

Qualigy Tech’s qFi for financial tracking

    • Cloud spend tracking through Tags
    • Processing of AWS CUR invoices using Athena and dashboards on PowerBI
    • Custom process for internal chargebacks

Get In Touch