Governance & Secure Landing Zones
Operationalized the security pillar of the Well-Architected Framework into repeatable landing-zone guardrails — turning one-off security reviews into automated, baseline-enforced governance across Azure deployments.
- Role
- Cloud Engineer
- Org
- Insight Global // IBM (Kyndryl)
- Period
- 2019–2021
Context
As Azure footprints grow, security can’t stay a manual gate. The work was to make governance repeatable: every new landing zone should inherit a known-good security baseline instead of relying on a reviewer to catch gaps after the fact.
Approach
Policy and tooling were operationalized around the security pillar of the Microsoft Well-Architected Framework.
- Repeatable landing-zone guardrails — security baselines and policy enforced at deployment so new environments start compliant.
- Centralized identity and access through Microsoft Entra ID for consistent, governed RBAC.
- Defender / Purview / Intune stood up to maintain security posture and automate compliance checks rather than audit them by hand.
- Collaboration with Microsoft FastTrack to streamline governance strategy and automate provisioning through Azure DevOps.
Outcome
Security posture became a property of the platform, not a manual checkpoint — risk evaluation met corporate and industry standards by default, and new deployments inherited guardrails automatically.
Quantify where you can — number of subscriptions/landing zones under governance, policy compliance rate, time saved per onboarding.