Establishing Data Perimeter within AWS Organizations for Midaxo Cloud
Oredia, Omoghomion (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025121637328
https://urn.fi/URN:NBN:fi:amk-2025121637328
Tiivistelmä
This thesis examines the design and implementation of a secure data perimeter in Amazon Web Services (AWS) for Midaxo Cloud, adhering to the principles of Zero-Trust Architecture (ZTA). It addresses the growing challenge of safeguarding sensitive data in cloud-based mergers and acquisitions (M&A) environments, where traditional perimeter security models are insufficient to prevent unauthorized access and data exfiltration. A qualitative case study approach was applied, using Midaxo Cloud as a representative M&A platform and employing AWS-native security services—including Identity and Access Management (IAM), Service Control Policies (SCPs), Resource Control Policies (RCPs), and Virtual Private Cloud (VPC) endpoints—to construct a multilayered Zero-Trust framework.
Continuous monitoring and configuration analysis were described to illustrate how the effectiveness of the implemented data-perimeter controls could be evaluated. Through AWS CloudTrail, GuardDuty, and CloudWatch, it was outlined how authentication events, API calls, and network interactions can be examined across all accounts. This approach demonstrates how unauthorized requests can be blocked by IAM, SCP, and VPC endpoint restrictions, while legitimate operations can execute without policy conflicts. It also shows how integrating IAM, SCPs, RCPs, and endpoint policies within a Zero-Trust framework can enhance governance, strengthen traceability, and support proactive detection of anomalous activity. In addition, ongoing validation through AWS monitoring tools can improve visibility and auditability across the environment.
This research provides a pragmatic methodology for the implementation of Zero-Trust principles within AWS cloud infrastructures, delivering strategic insights for businesses managing sensitive transactional data. The presented model illustrates how Zero-Trust alignment can enhance governance, resilience, and operational reliability in dynamic cloud environments.
Continuous monitoring and configuration analysis were described to illustrate how the effectiveness of the implemented data-perimeter controls could be evaluated. Through AWS CloudTrail, GuardDuty, and CloudWatch, it was outlined how authentication events, API calls, and network interactions can be examined across all accounts. This approach demonstrates how unauthorized requests can be blocked by IAM, SCP, and VPC endpoint restrictions, while legitimate operations can execute without policy conflicts. It also shows how integrating IAM, SCPs, RCPs, and endpoint policies within a Zero-Trust framework can enhance governance, strengthen traceability, and support proactive detection of anomalous activity. In addition, ongoing validation through AWS monitoring tools can improve visibility and auditability across the environment.
This research provides a pragmatic methodology for the implementation of Zero-Trust principles within AWS cloud infrastructures, delivering strategic insights for businesses managing sensitive transactional data. The presented model illustrates how Zero-Trust alignment can enhance governance, resilience, and operational reliability in dynamic cloud environments.