Jezero

AWS | Landing Zone Accelerator

Secure accelerator patterns to turbo charge secure enterprise adoption of AWS for highly regulated public sector and private sector customers. Jezero enables you to establish a secure, and supported platform on AWS at warp speed, deployable in hours instead of months of enablement work.

What is > Jezero

140 million miles away, Jezero was the landing zone for the Mars Perseverance Rover, but in our world, Jezero is the Secure Landing Zone Accelerator that provides a framework for deploying and managing large multi-account cloud solutions on AWS at scale. Jezero will allow you to get up and running straight away with our best practice configuration, or due to its modular design, can be quickly tailored to suit your bespoke tooling requirements or patterns.

The Jezero Secure Landing Zone Accelerator includes value-added tooling services including pipelines, Kubernetes platforms, observability, networking and security guardrails so that your teams can concentrate on innovation, application development and operating workloads in an environment aligned with the latest in cloud platform best practice.

Jezero is based on 10 years experience of working with AWS on large-scale UK Goverment platforms including the Home Office and NHS Test and Trace. Our engineers have worked closely with AWS during this time to drive the features required to operate securely at enterprise scale. We continue to work closely with AWS product teams and can provide references from them to support our work.

Core Principles

The Jezero Secure Landing Zone Accelerator is built around key principles which we have developed and adopted from our many years partnering with AWS, architecting, deploying, and operating multi-account solutions at huge scale within highly regulated environments. 

Build platforms around a clearly defined shared responsibility model

Building on the AWS Shared Responsibility Model, Jezero considers three key responsibility layers (AWS, Platform, Workloads) across several key cross-cutting concerns (e.g. Security and Compliance, Operations…).  We often describe this to customers as "platform thinking", and it underpins so much of how we architect solutions for our clients, and define platform level products. We believe that getting this right is the key to efficiently operating scalable platforms, which can adapt and evolve with the blistering pace of advancement in the cloud technology space. 

Put security, compliance and observability at the centre of your platform

If you're going to provide a platform which gives your customers flexibility to innovate, whilst also giving them the tools, and guardrails to maintain governance and compliance, then security and observability need to be built in right at the heart of the platform. We achieve this, by building on principles of zero-trust and leveraging a number of AWS services, including AWS Security Hub, AWS Inspector, AWS GuardDuty, and AWS CloudWatch to name a few. IdentityE2E work with clients delivering critical national infrastructure in highly regulated environments and we've brought this experience to the Jezero platform.

Build on the Well-Architected Framework and industry best practice

AWS and other cloud providers have a wealth of experience and provide frameworks, principles, and design practices which harness this - The AWS Well-Architected Framework.  All our designs and products incorporate this guidance to make workload management more reliable, secure, efficient and cost-effective. We regularly review principles across all the leading cloud providers to ensure the Jezero platform adopts the best ideas from a variety of sources. 

Be supportive, adaptable and flexible. Don't be prescriptive or enforce rigidity

We strive to make best practices easy to follow for customer workloads and leverage key AWS services such as AWS Service Catalog, AWS Protonand Infrastructure as Code offerings such as Terraform, CloudFormationand the CDK to provide self-service models. In our opinion, the key to being able to adapt with the changing cloud landscape is to provide modularisation and well-defined interfaces at all levels of the platform which can be composed and swapped in innovative ways. Beyond some configurable, well-selected guardrails, we don't believe in ivory tower thinking - your customers can opt into your best practices, and choose which components to utilise, or not without compromising other tenants. We see this as a key differentiator from competing platforms in this space who in our assessment enforce rigidity on tenants, incentivising complex workarounds and in the end compromising security.

THE CAPABILITIES Of JEZERO

  • Platform

    • Technical Standards and Documentation
    • Automated Account Vending and Configuration
    • Opt-in network routing to the platform, including inspection
    • Dedicated and protected Backup patterns
    • Modular design for repeatable and configurable deployments
    • Containerisation platform based on Kubernetes
    • Certificate and Key management
  • Operations

    • Self-Service models and offerings enabling tenants to operate independently, leveraging best practices
    • CICD Pipelines out of the box
    • CIS hardened artefacts
    • Standard pattern for Observability (Logging and Metrics)
    • Dynamic documentation and procedures which evolve with the platform 
    • Full AWS support for Landing Zone
  • Security &
    Compliance

    • Built around zero-trust principles
    • Preventative and Detective Guardrails
    • Designed around industry standards, including CIS, NCSC CAF and security practices from our experience operating highly secure systems 
    • Observability and Audit patterns at the core of the platform 
    • Single Sign On (SSO) 
    • Automated Back-Up patterns that provide class leading mitigation to ransomeware threats
  • Cost
    Optimisation

    • Enforcement of tagging standards for central reporting
    • Award winning techniques to reducing AWS costs
  • Development
    Tooling

    • Ready to go CI-CD pipelines
    • Tooling both locally and centrally allowing developers to get going immediately and collaborate effectively
    • End User Compute setup for Infrastructure Development

Our AWS Journey

IdentityE2E has extensive experience in implementing enterprise-scale cloud platforms. We are an AWS Advanced Partner and have worked with them over several years to deliver multiple enterprise-scale platforms. We build and maintain our own internal Jezero platform, have experience in greenfield rollout, migrations, platform aggregations and taking clients on their own journeys to adopt what we call "platform thinking" at a pace which suits them.  

 We have implemented and operated across a number of highly regulated government spaces and, therefore, have a wealth of experience in working with leading industry organisations such as NCSC which we've incorporated into our platform offering to ease the accreditation process. 

AWS Solution Spark Public Sector Partners Badge with AWS Advanced Tier Services Badge

IdentityE2E & AWS→

Book A Demo

Our dedicated team of specialist engineers  would love to chat with you and demonstrate the benefits our products and services. To book a slot with us please fill out the form below:

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form. Please try again.