Landing zones: the best starting point for the public cloud

Traditional managed hosting is reasonably clear. You have one shared environment within which storage, computing and networking are housed together. That’s done differently in public cloud environments. With a cloud environment, the whole world is your playing field and there is no shared environment anymore. ‘Simply’ transitioning to a public cloud could lead to a lack of oversight, an increased risk of errors – and extra costs. A robustly-designed starting point is vital.

This is where a (cloud) landing zone comes into play. If you want your systems to be rock-solid in the cloud, a landing zone can be seen metaphorically as your foundation, the building agreements, and the gas, water and electricity. So, it is important to spend some time thinking about the importance of a well-designed landing zone which, in line with best practices, is suitable for your organisation.

The role of a cloud landing zone

The term ‘public cloud’ gives the impression of uniformity – you have access to the same features and data anytime, anywhere. However, a fragmented landscape may be hidden beneath the surface. Not only may data be stored all over the world, spread across millions of servers, the services offered by the cloud providers themselves may also be substantially different. Whereas a traditional hosting business offers a shared environment where all users build on the same basis, a cloud provider offers services that must be selected and configured for each unique organisation.

Organisations that switch to the public cloud may be thrown in at the deep end without the requisite knowledge, as a result of which they may quickly come up against security issues or rapidly mounting costs. The various implementation options from cloud providers must fit the needs of an organisation. That is why the landing zone is so important. It is a tailor-made environment that brings together best practices with regard to, among other things, networking, security and infrastructure.

When organisations switch to the public cloud, a few important focus points include security, time pressure and costs. Landing zones help to streamline implementation and maintenance processes in these areas. Precisely because there are so many design choices, it is a good idea to start from a position in which you do not waste any time and where optimal configuration with minimal costs is possible.

A well-structured landing zone reduces the available services and countless features to a single manageable whole. This offers clear benefits. A landing zone can improve security and networking by arranging firewalling and routing more conveniently. It also offers various options for cost management so that you are not confronted with a bill for tens of thousands of euros when you expected much lower costs.

A customised landing zone makes the difference between an environment that is completely open to the outside world and a well-secured system.

Customisation is a must

An important challenge with landing zones is that customisation is always required. To start, there is no single solution that suits all the technical environments and implementation options. Amazon Web Services (AWS), Google Cloud, Microsoft Azure; they all make different choices in terms of architecture and techniques. A simple example: in Azure, networks are accessible as standard from the Internet until you secure them; this is the opposite in AWS.

In addition, every organisation has to weigh up considerations of costs, security and reliability. A financial service provider, for example, has different conditions than a municipality. Whereas the availability of a service provider in the financial world is a must, an organisation in another sector could survive if their website was temporarily inaccessible. So, they are more likely to focus on budgetary control. And whereas large multinationals can open up all the registers in order to safeguard the security of their environment, that is not feasible or necessary for a start-up with just eight employees.

Another example is quotas. Cloud providers often have a set, standard bandwidth to protect against unforeseen costs, but these standard settings may not be suitable for every organisation. And how about the geographical regions from the cloud provider that you put into use. For an organisation that is only active in the Netherlands, there is no point using services in Stockholm or São Paulo. But, if a business is active worldwide, it may well be necessary to use multiple regions, so that the environment runs as close to the client as possible.

This brings us to security. Closing certain regions to a cloud provider is a cost management measure, while at the same time offering a security solution. Nothing can happen in closed regions – and if something does happen, it is immediately a sign that something is wrong. Another example is to shield access to certain resources and resource types. From a security perspective, this means that only a virtual machine of type X, Y or Z can be started and only by users with specific rights.

You make a landing zone together

A customised landing zone makes the difference between an environment that is completely open to the outside world and a well-secured system. The difference between a balanced budget or unforeseen monthly bills of thousands of euros. So, always start small in the cloud, with your landing zone as the starting point. Start by testing, familiarise yourself with the environment and the options, and then take small steps. Or find a trusted partner who can guide you through the process and resolve any issues.

This is where Solvinity excels. Thanks to our background in infrastructure and security, working in a secure, reliable and cost-efficient way is part of our DNA. For example, we provide Translink with a stable and secure cloud platform within the Netherlands in order to process public transport payment transactions. For fraud detection business FRISS, we manage the cloud platform on a global scale, focusing on scalability, security and compliance. Both environments are managed from a solid foundation – their landing zone.