New World Group

New World Group

New World Group faces significant IT governance challenges due to its diverse operations and stringent security needs. Prior to migrating to the cloud, they required a comprehensive cloud governance framework to manage and optimize their cloud resources. Huawei Cloud spent a month creating a secure and scalable IT governance system, enabling the company to smoothly and effectively migrate their services to the cloud.

New World Group faces significant IT governance challenges due to its diverse operations and stringent security needs. Prior to migrating to the cloud, they required a comprehensive cloud governance framework to manage and optimize their cloud resources. Huawei Cloud spent a month creating a secure and scalable IT governance system, enabling the company to smoothly and effectively migrate their services to the cloud.

Huawei Cloud improved New World Group's IT management efficiency by 80% and reduced cloud migration time from monthly to weekly.

Huawei Cloud Landing Zone for New World Group was the first professional service project of its kind to be successfully delivered and generating revenue. Huawei Cloud quickly analyzed the pain points and requirements of New World Group and provided Landing Zone design and implementation services for basic scenarios. These services cover a multi-account organization, identities and permissions, network planning, security protection, compliance audit, and more. Huawei Cloud built a secure and compliant multi-account cloud environment for resource sharing across accounts and unified management of people, finances, resources, permissions, and security compliance. This helped the company smoothly migrate services to the cloud ahead of schedule.

Efficient Governance

IT management efficiency increased by over 80%, and only 2 people are needed for cloud operations and maintenance.

Faster Cloud Migration

Services migrated to the cloud ahead of schedule,

Faster service rollout: Months►Weeks

Agile Services

Product development cycle: Half a year►Months

Challenges

  • How do you unify management and avoid repeated work?

    X0+ service systems and an O&M team of XX persons.

    X0+ service systems and an O&M team of XX persons.

  • How do you speed up cloud migration with a large complex system?

    XXX+ organization, identity, and network information that need to be manually configured.

    XXX+ organization, identity, and network information that need to be manually configured.

  • How do you isolate accounts and ensure flexible rollout?

    XX+ service accounts.

    XX+ service accounts.

Key Solution 1: Multi-Account and Organizational Unit Planning

  • 1) Management Departments: Unified, Efficient Management

    • Unified multi-account management

    • Multi-account network interworking

    • Multi-account resource sharing


    2) Business Departments: Agility and Autonomy

    • Custom account baselines for cloud services, guardrails, and change rules

    • Custom computing environments, data platforms, and AI models

    • Agile and efficient cloud migration of application systems and data

    • Innovative use of cloud native technologies in service accounts

Key Solution 2: Network Architecture Design Framework

  • 1) Public Network Access Zone

    • Network access resources and resources for protecting boundaries are deployed.


    2) Backbone Interconnection Zone

    • Network services are deployed for communications between VPCs on the cloud, between on-premises and cloud networks, and between clouds.


    3) Service Application Deployment Zone

    • The network operations account creates and manages the VPCs, subnets, and network ACLs for service accounts.

Key Solution 3: Security Design Framework

  • 1) Boundary Protection

    • Security services, such as north-south CFW, Anti-DDoS, and WAF, are used to protect Internet boundaries, boundaries between the cloud and the on-premises data center, and boundaries between clouds.


    2) Intranet Isolation

    • A VPC border firewall can control traffic between VPCs. VPCs are protected in different zones.

    • Traffic between 2 VPCs is detected and controlled.