KuppingerCole Report
Executive View
By Mike Small

AWS Control Tower

Managing access to applications, systems and resources is a key task for any organization and the hybrid IT deployment model has made this even more complex. One area of concern is managing administrative access – administration is an essential process, but the administrator accounts provide the keys to the kingdom. This report describes how AWS Control Tower helps to customers to meet these requirements for their AWS environments.
By
sm@kuppingercole.com

Content of Figures

  1. Figure 1 AWS Control Tower Overview (graphic published with permission from AWS)

1 Introduction

Managing access to applications, systems and resources is a key task for any organization and the hybrid IT deployment model has made this even more c ...

Login Free 30-day Select Access Get full Access

2 Product Description

AWS is a major provider of cloud services with a global footprint and millions of customers across the world. In June 2019 AWS announced the genera ...

Login Free 30-day Select Access Get full Access

2.1 AWS Administrative Model

An AWS customer administers its use of AWS services through its AWS account. The customer’s AWS Principal (or root) account provides unlimited admi ...

Login Free 30-day Select Access Get full Access

2.2 Landing Zone

A Landing Zone is a multi-account AWS environment that is based on security and compliance best practices. AWS Control Tower automates the setup of ...

Login Free 30-day Select Access Get full Access

2.3 AWS Control Tower Overview

The AWS administrative model provides customers with powerful capabilities to configure and secure their use of AWS services. The challenge for custo ...

Companies using AWS often need to manage large numbers of administrative accounts for teams distributed across their organization. AWS’s existing m ...

Login Free 30-day Select Access Get full Access

2.4 Account Factory

The account factory automates the provisioning of new accounts using a configurable account template. It helps to standardize the provisioning of new ...

Login Free 30-day Select Access Get full Access

2.5 Preventive & Detective Guardrails

Guardrails are pre-packaged governance rules for security, operations, and compliance that customers can select and apply globally or to specific grou ...

Login Free 30-day Select Access Get full Access

2.6 Mandatory & Optional Guardrails

AWS Control Tower offers a set of guardrails based on AWS best practices and common customer policies for governance. The customer can automatically ...

Login Free 30-day Select Access Get full Access

2.7 Dashboard

The Control Tower dashboard provides continuous visibility into the customer’s AWS environment. It is possible to view the number of OUs and accoun ...

Login Free 30-day Select Access Get full Access

3 Strengths and Challenges

The AWS administrative model provides customers with powerful capabilities to configure and secure their use of AWS services. The challenge for custo ...

Login Free 30-day Select Access Get full Access

4 Related Research

Advisory Note: Maturity Level Matrix for Cyber Security - 72555
Architecture Blueprint: Access Governance and Privilege Management - 79045
Architecture Blueprint: Hybrid Cloud Security - 72552
Advisory Note: Security Organization Governance and the Cloud - 72564
Leadership Compass: Privileged Access Management - 79014

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top