The widespread adoption of cloud technologies offers significant benefits in operational scalability; however, it also presents new security challenges. When individual teams operate independently, they can create inconsistencies in growth, making it difficult to maintain common compliance and security standards. Often, teams lack a unified vision, leading to accountability issues among various stakeholders. Additionally, prolonged provisioning times within AWS environments and limited automation can disrupt agile development cycles and complicate governance.
Accenture’s Secure Cloud Foundation (SCF) effectively addresses these issues by implementing an automated account provisioning process that provides a scalable governance framework. This framework includes guardrails designed to facilitate secure and efficient self-service, allowing application teams across the organization to innovate with cloud-native services seamlessly.
The SCF solution utilizes infrastructure as code (IaC), incorporating best practices and automated security measures. This empowers teams to dismantle organizational silos and take ownership of their outcomes.
In this article, we will explore how Amazon Web Services (AWS) and Accenture are helping customers quickly establish a Secure Cloud Foundation on AWS through the Velocity platform from the Accenture AWS Business Group (AABG). We will specifically discuss how Velocity’s SCF component can reduce setup time and effort for a robust and secure cloud foundation on AWS for both new and existing customers. For more insights, check out this blog post that discusses related topics.
Accenture is proud to be an AWS Premier Tier Services Partner and Managed Services Provider (MSP), offering a wide range of solutions for migrating and managing operations on AWS.
Introduction to Velocity
Accenture and AWS jointly developed and funded the Velocity platform to remove barriers to innovation, allowing customers to focus less on cloud complexities and more on delivering tangible business value. Velocity is an automated, repeatable, and opinionated platform that is both flexible and optimized for key business outcomes, including speed, resilience, scale, and agility. It features a comprehensive selection of ready-to-use solutions and software delivery accelerators that Accenture and AWS can deploy at the click of a button.
Velocity continually innovates with new and enhanced AWS-powered solutions across various industries, enabling customers to innovate rapidly, build more effectively, and allocate resources wisely. SCF is one of several solutions powered by Velocity from the AABG.
The Secure Cloud Foundation Framework
To expedite the development and adoption of a cloud foundation, Accenture created the SCF framework, consisting of ten individual blocks that can be independently deployed in the AWS environment.
At the base of this framework is the Base Foundation block, which manages AWS Organizations and establishes the relationship between management and member accounts. This foundation also handles the onboarding of new accounts with essential cloud-native security tools such as Amazon GuardDuty, ensuring that customers’ AWS environments remain secure and maintain a solid security baseline.
Above the Base Foundation, the SCF framework includes a Network layer that oversees AWS networking components like centralized Amazon Virtual Private Clouds (VPCs), Amazon Route 53, and comprehensive traffic inspection with AWS Network Firewall.
Next, the Identity layer focuses on simplifying entitlement and identity management using AWS IAM Identity Center.
The SCF framework also offers blocks to manage AWS workloads effectively. The Endpoint layer standardizes golden Amazon Machine Images (AMIs), facilitates AMI pipelines, and ensures patch management. It also conducts vulnerability assessments for newly created AMIs and deploys security agents to workloads, ensuring that everything from containers to serverless services is hosted securely.
Once the foundational architecture and workload are established, the framework progresses to Monitoring and Observability using AWS Lake Formation, providing a Data Governance and Security strategy with centralized backup and disaster recovery through AWS-native services. Finally, the SCF framework introduces a DevSecOps layer with AWS CodePipeline designed for self-service deployment.
Leveraging AWS Control Tower in Secure Cloud Foundation
The SCF blocks are designed to utilize AWS Control Tower features in landing zone environments. AWS Control Tower is ideal for managing multiple accounts in both greenfield and brownfield settings. It aids in the creation, orchestration, and monitoring of multi-account environments.
Tower Post Processor Block
To automate security configurations and enforce a consistent security baseline across all accounts, Accenture developed the Tower Post Processor. This block automates the enablement of essential security services for newly provisioned accounts and remediates any drift from the baseline.
The architecture of the Control Tower Post Processor integrates AWS Control Tower features to enable various security services and settings for all accounts within AWS Organizations. It employs an AWS Lambda function that responds to Control Tower lifecycle events, assuming the AWSControlTowerExecution role in member accounts to execute configuration and service enablement.
Sample actions facilitated by this block include:
- Account-level actions applicable across all regions within an account, such as blocking public access in Amazon Simple Storage Service (Amazon S3) and establishing a strong AWS Identity and Access Management (IAM) password policy.
- Region-level actions specific to certain regions, including setting a default encryption policy for Amazon Elastic Block Store (Amazon EBS) and deleting default VPCs.
IAM Block
As organizations scale, new AWS accounts are provisioned frequently. Account administrators require a method to deploy standardized IAM roles and permission sets across their organization. The SCF IAM block helps establish a least privilege model, making it easier to manage security postures across multiple accounts. For more information on this topic, check out this excellent resource.
Location
Visit us at Amazon IXD – VGT2, 6401 E Howdy Wells Ave, Las Vegas, NV 89115.
In conclusion, Accenture’s Secure Cloud Foundation offers a comprehensive approach to building a secure and efficient cloud infrastructure on AWS, empowering organizations to innovate and grow while maintaining robust security measures. For further insights, explore this authority on the topic for a deeper understanding.
Leave a Reply