Building Cloud Landing Zones provides a practical and future-proof mechanism to manage cloud estates. As adoption matures, landing zones enable the benefits of the cloud, such as cost savings, agility and faster innovation, delivering value to our customers.

There are numerous business benefits when building a Cloud Landing Zone. When developing them, the aim is to keep the end in mind and ensure value delivery with continuous alignment to your short and long-term strategic objectives.

Below is a quick compilation of Landing Zones’ business benefits and how we can use selected metrics to measure the progress against our goals.

BenefitDescriptionExample Metrics
Enhanced rate of innovationProvide an environment where developers can easily and rapidly deploy and innovate through continuous improvements and reduction of lead times to increase the number of features delivered and enable failure rates reduction.Lead time to change

the Average number of features & Change Requests successfully delivered over a set period

Change failure rate
Faster pace of changeThe ability to deploy quickly and safely deliver value as soon as possible with a faster cadence, driven by decreased average feature delivery time, elevated the deployment frequency and decrease in the average mean time to build and deploy. Average feature delivery time

Average deployment time

Mean time to build

Deployment frequency
Rapid onboardingStarting new initiatives quickly and reducing the cognitive load of mundane, easy-to-automate processes and reducing the time it takes to onboard a new development team and reduces the overall number of support requests from the service teams.Average time taken to onboard a new service team

Number of support requests raised by the service teams
Assured CompliancePredefined boundaries and guardrails, which are established out-of-the-box enabling an effective increase of the SecOps ruleset coverage and the number of workloads in compliance to reduce the risk of non-compliance.Regulatory & SecOps ruleset coverage

Percentage of workloads in compliance with ruleset
Workload visibilityUnderstanding your current state and knowing where to improve; reduce overall time taken to recover from failure and the average number of critical incidents per workloads.Mean time to recover

Average number of critical (workload) incidents
Workload AccessProviding secure, performant end-user and developer access to your workloads and reducing the workload access latency whilst reducing the number of workload-related security incidents.Average number of security incidents involving workload access

Average workload latency
Cost ManagementUnderstanding the underlying service and operational costs and impacts of right design decisions to support value propositions. This followed by reducing the time since each workload was assessed under the optimisation framework and increasing overall compliance with the Cost Optimisation Framework.Time since last workload assessment under cost optimisation framework

Number of workloads assessed under the optimisation framework

Workload profit margin
Support for technical debt reductionSafely migrating legacy workloads and enabling their evolution to maintain relevance in the value stream. Resulting in increasing the number of workloads migrated and modernised. Increasing service-scoped profit margin.Total number of workloads migrated

Number of modernised (PaaS: containers, serverless) workloads

Number of workload decommissioned

Service profit margin

Our previous article about Cloud Landing Zones discusses its numerous benefits, but this document focuses on the two main aspects of “how” to create Cloud LZs.

The sustainability perspective

Sustainability relies on evolution, linear or otherwise.  Not to be confused with the same term used within the context of the Well-Architected Framework, focusing on the environmental impact of Digital Operations. 

It is also a solid principle to pursue in keeping at bay technical debt. As Architects, we use business benefit realisation as our “true North” to guide us towards the end state; we plot the right course to reach our destination and, true to Agile and DevOps principles, adjust as needed to respond quickly to changing demand and de-risk delivery.

To achieve the desired sustainability, there are two main aspects that bridge the business and technical domains. The first aspect is “vertices”.  Vertices focus on a group of related requirements to solve targeted problems. An example may be isolation (deep-dive below), where we aim to flexibly provide access to all relevant resources whilst maintaining security posture. 

The second is best practices, summarised in the Well-Architected Frameworks shared by all public cloud vendors. These guide us to designing and implementing efficient and reliable environments where we can innovate at pace and ensure that we provide our customers with the products and services they need.

The Vertices of a Cloud Landing Zone

There are three vertices of a Cloud Landing Zone: Isolation, scalability and modularity.

Isolation: Having the right set of controls in place is paramount. Combined with modularity and scalability, Landing Zones enable rapid deployments and management of access, networking enabling the zero-trust security models. Landing Zones can be flexible enough to cater for fully isolated, shared and managed services – depending on business requirements.

Scalability: Landing Zones enhance and expedite cloud adoption at scale. Repeatability of the environments through consistent configuration and automation improves the quality of the output and increases the speed of deployment of new workloads,  thus reducing time to value.

Modularity: Landing Zones provide a modular approach to building out environments based on a standard set of design criteria. Cloud services can be coupled together to build self-service platforms to provide consumable capabilities such as Container Orchestration. The independence of the components eases the burden of maintenance and enables continuous evolution.

The context of best practices

Landing Zones are built modularly to support all pillars of the Well-Architected Framework (WAF) to ensure compliance with best practices and enable long-term success when running workloads on the cloud. To expand on the context, it is worth mentioning the pillars of WAF:

Operational Excellence – how the systems are run and monitored to ensure effective operation. Areas of excellence include automation of processes and changes and establishing correct procedures and standards.

Security – protecting workloads, systems and data from threats. Some topics include access management, data integrity, controls and security event management. 

Reliability – Continuous focus on the continued operation of the systems and quick recovery in the event of failure. Some items include distributed design, planning and adaptation to changing requirements.

Performance – Focuses on adapting to changes in usage patterns through efficient allocation of IT and compute resources. Some aspects include planning and optimising workload requirements based on correct performance metrics aligned with business requirements.

Cost Optimisation – Centred on monitoring and managing workloads and service-related costs. Areas of focus include ownership of the fund allocation, good selection of resources and continuous improvement based on measuring appropriate metrics to meet business requirements.

Sustainability – Minimising the environmental impact of workloads and services. Topics such as efficiency monitoring of resource allocation, utilisation and planning aid continuous improvement and effective impact planning.

Continuous alignment of technical, process and organisational aspects of cloud adoption with the pillars of the Well-Architected Framework is paramount to sustained and effective business operations on the cloud. They provide value through the development of systems and services that meet users’ and customers’ needs.

Impact of evolution

When operating on the cloud, success requires designing with the “true North” in mind. As tempting as realising the short-term benefits of cloud adoption may be, it is vital to approach the problem correctly, not least to avoid the accumulation of technical debt! 

Our team built a Cloud Landing Zone (Premium Tier) in partnership with AWS for one of our Central Government clients, leveraging best practices and using native tools. We did that in 2020, and since then, we’ve been evolving their platform, helping our client meet their needs. It became a valuable resource to our clients because it provided a stable destination to migrate their applications into at a faster cadence; we found first-hand how critical the “evolve” approach is. To put the improvement in context, before building the Landing Zone, our client moved on average one complex workload per quarter; post-Landing Zone, the migration time was reduced by 40%.

We quickly adapted the platform to migrate dozens of workloads and support the long-running migration across a host of varied workloads. This is why we have developed our internal accelerators in line with our customer requirements that align with the three tiers of our Cloud Landing Zone offering:

TierFunctionalityComplexityUse Case
BasicCoreLowFoundational platform used across all types of customers with the core functionality available. Easy to scale and add components as required. Best fit for small enterprises in the long term.
StandardSelectedMediumBuilt on top of the core platform with additions of selected modules. Well suited to early cloud adopters, focused users or large enterprises looking to scale in the future. Focused on early and accelerated value delivery.
PremiumCompleteHighMost complete platform covers the most common enterprise-scale use cases such as hybrid cloud, central IT operations and 100s of workload/service teams. This is the most customisable solution.

The Cloud Landing Zone tiers are built on the principle of three vertices of isolation, scalability, and modularity, supported by the best practices defined in the Well-Architected Framework.

With the help of tech-driven sustainability, the guiding principles of vertices and best practices, Automation Logic can build Cloud Landing Zones with your “true North” in mind, so you can evolve your business as everything else changes.

At Automation Logic, we build with the future in mind, so reach out if you are ready to speak. Contact us on

by Adam Jasinski

< Back