Körber - LandingZone

Security Case Study

About Körber

Körber is a leading international technology group with around 10,000 employees and more than 100 locations worldwide. Körber is the home of entrepreneurs - and turns entrepreneurial thinking into success for their customers. The Körber AG leads the group with its five Business Areas Digital, Pharmaceuticals, Supply Chain, Tissue and Tobacco.

The challenge

Körber IT Solutions operates the IT for the Körber Group including central IT-services and solutions.

Körber started their group-wide cloud journey in 2017 and faced the challenge to provision multiple cloud accounts to businesses and teams with security and best practices in an efficient way. From agile digital projects to migrating IT workloads, Körber wanted no compromise on security and compliance, yet without impairing the entrepreneurial spirit within its businesses.

They needed a solution that was capable of discovering unsecure configurations, and to actively alarm as well as continuously identify potential security gaps, visualize the risk and close them in a timely manner.

Finally, the Körber IT team wanted to establish ownership for cost, security and compliance in a volatile and thus challenging environment, without significantly growing its overhead.

The solution

Following their requirements, we built a Multi-Account Management Solution combined with an account request application to ensure automatic, fast and compliant provisioning of multiple secure AWS environments.

AWS Landing Zone is a solution that helps customers more quickly to set up a secure, multi-account AWS environment based on AWS best practices. This not-only enabled them to have a uniform and centralized environment configuration regarding security and compliance best practices, but it also answered their needs regarding the centralized billing of AWS accounts and identifying the ownership of cost between teams and sub companies.

The account request application is handling processes between account owner, general ledger, accounting/financial teams and responsible tech team to establish the ownership for each environment. A unique business logic following their requirements, allowed the account creation request to be approved by several actors before being fulfilled and deployed.

Results and Benefits

Increase Speed and Agility

Reduction of time to market and business risk through automation, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.
Security & Compliance

Ensure compliant provisioning of secure AWS environments. AWS manages dozens of compliance programs in its infrastructure. This was a specifically critical point for our customer, and in general for all big companies, that need centralized compliance and security configurations over all their environments.
Cost Allocation

Centralized billing with detailed cost reports helping to monitor, manage and optimize the AWS spend through the full organization. Aligning cost allocation tags with financial reporting dimensions simplifies and streamlines the AWS cost management while keeping an eye on the ownership of costs by identifying the origin of any given cost.