Landing zones are consoles that IT can use to manage multi-account environments. Learn more about their advantages and how to get started with them.
In the world of tech, one sign of technological advancement is when a phrase becomes redundant.
Just think of "smartphones". For most people, a phone
is
a smartphone. Today, you don't specify that your phone is hooked up to the internet – you specify the opposite by talking about a "brick phone" or "dumb phone". These usages reflect the ubiquity of smartphones in our daily lives.
Something similar is happening in the world of cloud computing. Once upon a time, "multi-cloud" computing was the boutique option. Today, the vast majority of companies use multi-cloud environments. It would be more noteworthy if all their workloads were running on a single cloud service.
This trend towards the multi has all sorts of benefits. But nothing in life is single-edged and for every silver lining, there's a splash of dark grey.
With multi-cloud environments, these take the form of security issues, a lack of scalability, a lack of flexibility and a lack of central management.
Enter the "landing zone". This is a multi-account environment that allows you to onboard workloads and teams with ease. It's a centralised framework for executing cloud migration successfully and painlessly.
In this article, we break down what exactly a landing zone is and does – and when you should consider creating one.
What is a landing zone?
At its most basic, a landing zone is a secure multi-account environment where you onboard workloads and teams. While you're there, you can secure and isolate workloads, meaning an improved security posture.
Without a landing zone, you can find yourself suffering from a data-induced headache. You may have users with the wrong access permissions. You may have stacks of untagged resources with no clear sense of who's using what when. What's more, you're showing off a large and tempting attack surface to hackers.
In short, it's about improved management of a multi-cloud environment – and while it's not a prerequisite of a successful infrastructure, it can provide tangible benefits.
What are the benefits of a landing zone?
In our book, there are five main advantages to creating a landing zone for multi-account management.
1. Better security
We're living at a time when security prioritises simplicity above all else: the Age of Zero Trust, you could call it. But that doesn't mean that a single security policy can cover the whole of an enterprise's network.
Different workloads need different security policies. A landing zone allows you to administer these with ease.
2. Everything in one place
Let's say that today's the day you need to onboard a new team to your cloud environments. With a landing zone, you can do this from a single console. It's the enterprise equivalent of controlling your thermostat, lights and CCTV all from your phone.
This makes it easier than ever to onboard new teams and administer security policies at the level of the team, sub-team or individual.
3. Let there be light
Every IT technician knows what it's like to be confronted with reams of data that are poorly tagged or not tagged at all. A landing zone gives you a single spot where you can tag resources, making it clear who builds what and when it's used.
4. Provision just the right amount
Cloud sprawl is bad for your budget and your blood pressure. One reason for this is that it can often lead to siloed services that use too much (read: cost too much). From your landing zone, you can ensure that environments are getting the resources they need – and no more.
5. Better security
"Everything in one place" applies to your management tools – not the data itself. With a landing zone, you can separate accounts. This means that if the day comes when you're hit by a data breach, it will be limited to isolated accounts, not the whole shebang.
Landing zones are also places where you can limit access to cloud accounts – an important step towards becoming GDPR-compliant.
When should you create a landing zone?
In cloud tech, there's no one-size-fits-all solution. It's one reason why cloud consultants can be so helpful – like an expert tailor, they create or fine-tune an infrastructure that's in line with your unique business requirements.
Landing zones aren't for everyone. But if any of the following five scenarios ring a bell, a landing zone could be for you.
- Your infrastructure is multi-cloud, with workloads split between public, private and hybrid clouds or some combination of the three.
- You need your data to be isolated, be it for more efficient auditing or recovery.
- Your colleagues access workloads via more than one user account.
- You don't have a clear understanding of what's being spent on different cloud environments.
- You have a security policy that means you need to segment access and resources.
How do you create a landing zone?
DIY landing zones are possible. But they require plenty of time and expertise. Many enterprises choose instead to turn to one of the big cloud providers or to a cloud consultant for outside help.
All the major cloud providers offer landing zones. That includes Google Cloud, AWS Control Tower, Azure and IBM's VPC landing zone.
Another option is to work with a cloud consultant. This is the cloud equivalent of having a personal shopper. They'll look at your business goals and requirements and match you up with a solution that works for you.
Conclusion
Landing zones can simplify the migration, management and administration of workloads and apps. It can lead to better security, more accurate provisioning, better access management and greater visibility. Above all, it can make life easier for you as you manage a complex multi-cloud environment.
Are you looking for a
cloud migration company
? Our experts are ready to help.
Get in touch
today to book an introductory chat.