The governance layer includes the activities that address real risk, business drivers and needs, compliance standards, and data security. The key activity areas include cloud financial management (FinOps), cloud operations management (CloudOps), cloud data management, and cloud security and compliance management (SecOps).

At the top of the stack, the application layer is concerned with how you build, deploy and manage applications along with application-specific services in the cloud.

The operation layer supports the application layer through the deployment process to add and enhance management, monitoring and operations of cloud services and feeds this back to the application teams.

The security layer builds on top of the foundation layer to ensure that the infrastructure is not vulnerable to threats. This brings a number of services which provide compliance management, vulnerability scanning, threat detection and configuration management.Ideally, the security layer should be integrated into your business’s wider cybersecurity efforts.

The foundation layer underpins all the other layers with core services such as: Identity management, Network management, Logging, Central backup management, Infrastructure as code (IaC) and centralised monitoring and alerting functions.

Traditionally infrastructure is commissioned and amended using a combination of click-ops (manually making change through the AWS console), scripts that employee the AWS CLI and infrastructure tooling. A number of services in AWS are not straightforward to setup and require multiple changes be made to different accounts in a specific order before working as expected.
‍
We use a pure Infrastructure as Code approach using to automate the optimisations and deployment of many AWS services across the core areas of cost, security, and operational performance. We have developed our own private registry of modules that are pre-configured to build AWS resources using best practices and compliance with industry standards whilst still allowing customizations where required.
‍
We have then expanded our registry to create solution modules that provide the end-to-end solutions for common scenarios. These modules also ensure that AWS services are configured correctly and in the correct order so that everything interconnects to provide the maximum return of the service.

We use Terraform as our IaC language to build as much as is possible, as already mentioned we have an extensive registry of modules that we use to speed up the development and deployment process and have been design integrate with one another.

The modules are segregated into following key areas: 

• Platform Solutions                                             – Application Layer

• Site Reliability Engineering                                – Operations Layer

• Security Compliance & Auditing                        – Security Layer

• Security Reference Architecture Foundation    – Foundation Layer

Once we understand your existing infrastructure, we will work with you to migrate you into what is known as a Multi Account Landing Zone (MALZ) design. Your existing infrastructure setup will determine the best way we can achieve this with minimal disruption. Depending on the complexity of the migration and using any bespoke settings for your needs we can deploy a MALZ in a matter of hours using our experience rather than the weeks and potentially, months it could potentially take.

Our implementation has been built and designed using the AWS Security Reference Architecture at its core, so you have the peace of mind that what we are delivering is already approved as AWS best practices.

The next step is how we move your existing workload accounts into the MALZ architecture, these accounts represent your Dev, QA, Staging and Production environments. This step can be the most complex part of the process as you have multiple workloads and environments contained in a single account which will need to be broken apart into the new architecture. You can be assured that we have experienced a variety of configurations, so we are prepared for every eventuality.

Security and compliance remain an integral part of CloudOps as we have previously mentioned in SecOps, so we then activate and configure a number of AWS services that will assist in the monitoring and reporting both from a security and a configuration perspective. These assist in ensuring your resources are configured to standards for compliance, security, and operational integrity. There is also the ability to comply with a number of industry standards such as CIS, NIST CSF, HIPAA and PCI.

We have developed our own compliance conformance pack that can be deployed to ensure a base level set of best practices across a number of AWS resources.

The final stage in onboarding is to install and configure our KBOT monitoring framework into each of your accounts. Within each account KBOT will monitor a variety of AWS resources based on what is active, and for each resource a number of metrics will be observed. Whenever a metric being monitored exceeds its threshold the ITSM tool is automatically notified to allows engineers to react and investigate the alarm.

Once KBOT is configured it will generate a dashboard displaying all the metrics we are monitoring in the account to give an overview on the general health of account.
KBOT also supports monitoring of our compliance conformance pack so we can alert you to any potential compliance breaches.

Service are deployed into your AWS organisation within a few hours, implementing best practice controls across the whole of your organisation to monitor, alert and report on findings.
 
Providing continuous optimisation across FinOps, SecOps and CloudOps to deliver best in class performance across cost security and operational performance.

Full integration into the ITSM tool with 24*7 monitoring and alerting allowing for engineering resources to proactively manage your environment.You no longer need to worry about your security posture or compliance to the required frameworks.

Cost is optimised as a continuous exercise, not on an ad-hoc basis so you can manage your budgets proactively.Infrastructure performance is fully optimised across the entirety of your deployment allowing for better performance and customer experience.

Reports and visulisations to allow for improved management of your cloud business.