NUIMS: Establishing a Secure Multi-Account AWS Landing Zone
Industry: Energy / Public Sector
Challenge
NUIMS needed a centralized, secure cloud foundation to govern multiple business units using AWS. The lack of unified governance, account structure, and visibility led to risks around compliance, cost control, and operational efficiency.
Solution
Descasio deployed an AWS Control Tower Landing Zone, featuring:
- Multi-account structure with Account Factory automation
- AWS SSO/IAM Identity Center for centralized access
- Service Control Policies (SCPs) for security guardrails
- CloudTrail, Config, and GuardDuty for unified monitoring
- Consolidated billing & tagging for cost visibility and accountability
Results
- Reduced new account setup time from weeks to <1 day
- 40% faster incident response
- Zero compliance gaps achieved
- 30%+ operational savings through automated governance
- Improved cost tracking and budget enforcement across units
Lessons Learned
Designing network and security baselines early prevents costly rework. Stakeholder engagement and clear IAM role definitions ensure seamless onboarding and adoption.
