Multi-Cloud Landing Zone for Pharmaceutical R&D

BioGenova's R&D teams were spinning up cloud resources ad-hoc across personal AWS accounts and Azure subscriptions. There was no centralised governance, no network segmentation, and no audit trail — all critical gaps for GxP (Good Practice) compliance required by the EMA. The CIO needed a governed multi-cloud platform that researchers could self-service without compromising compliance.

We implemented a dual-cloud landing zone:

• AWS: Control Tower with custom SCPs, centralised logging to S3/CloudTrail, and VPC architecture with Transit Gateway
• Azure: Azure Landing Zone Accelerator with Management Groups, Azure Policy, and Hub-Spoke VNet topology
• Cross-cloud: Dedicated interconnect between AWS eu-south-1 and Azure West Europe via Equinix Fabric
• GxP controls: Immutable audit logs, encryption at rest (CMK), and automated compliance checks via AWS Config and Azure Policy
• Self-service portal: Terraform Cloud workspaces with pre-approved modules that researchers can deploy via ServiceNow catalogue

BioGenova passed their EMA GxP audit. Researchers now provision compliant environments in 45 minutes instead of 3 weeks. Cloud spend is tracked per project with automated budget alerts and tagging enforcement.