A production-ready AWS landing zone using AWS Control Tower, all within a six-week execution timeline.
University of Rochester Masters the Momentum of Technology
The University of Rochester employs nearly 32,000 people in New York, functioning as both a top research university and an academic medical center. The university needed to expand their cloud portfolio to support sensitive data and meet strict compliance standards. Operating as a network of entities, the University of Rochester required a solution that could accommodate distinct security frameworks while enabling centralized governance.
Protecting Research Data Through AWS Control Tower
A Methodology for Improved Data Security
The University of Rochester includes unique entities across patient care, education and research. When it comes to building security frameworks, separate entities mean separate frameworks—each with their own data security requirements.
As a research facility, the University of Rochester manages highly sensitive data that comes with strict requirements instituted by the National Institutes of Health (NIH) to meet security compliance standards. The Medical Center framework also had to meet NIH security requirements to qualify for STRIDES funding, which they rely on to support critical programs.
The university’s goal? Establish a rock-solid AWS cloud foundation. They wanted to take a “crawl, walk, run,” approach, planning their implementation of AWS services to prioritize data security in the cloud.
Phase 1 was standing up an AWS Control Tower landing zone for data governance. As an AWS Premier Tier Services Partner, TGS conducted the research and implemented the technology to accomplish their goal.
Building a Best Practices-Based AWS Control Tower Landing Zone
The Science of Meeting Workload Needs
The University of Rochester prioritized optimized data security to ensure that they managed highly sensitive data safely. TGS collaborated with the university to design and deploy a customized LZA using AWS Control Tower. Our team established a production-ready AWS Control Tower landing zone that could serve as a launchpad for future initiatives.
- Immersion Days to align stakeholders and train University of Rochester teams on Control Tower and LZA architecture
- Security-first configurations, including IAM roles, KMS key rotation and MFA enforcement
- Networking setup with VPCs, NAT gateways, VPNs and Route 53 integration across two regions
- Deployment of core AWS services using CloudFormation pipelines
- Customization of seven configuration files to tailor the LZA to the university's healthcare and education needs
- Iterative migration of production accounts with validation and troubleshooting
Interested in a similar solution?
Providing Guidance for New AWS Customers
Discovering a Roadmap for Future Migration
As an emerging AWS customer, the University of Rochester relied on TGS to build a roadmap aligned with their future-state vision. Regular touchpoints ensured transparency and collaboration throughout the engagement. TGS operated within the university’s AWS environment using secure, least-privileged access and deployed all resources remotely with strict data protection protocols.
Real-World Results
With the successful implementation of the AWS Control Tower landing zone, the University of Rochester enabled secure workload migration across multiple environments. The solution supports industry compliance regulations, protects PHI and provides a scalable foundation for future initiatives.