Today marks a pivotal moment for AllCloud and for organizations grappling with the complexities of securing sensitive workloads in the cloud. We’re excited to announce the launch of TrustStack, powered by AWS – a groundbreaking solution that redefines what’s possible for secure, compliant, and agile deployments in AWS commercial regions.
Prevention-First Philosophy: Detection Isn’t Enough
TrustStack is a prevention-first cybersecurity solution designed to enable highly regulated industries, government agencies, and defense units to securely run sensitive workloads in AWS. The solution uniquely combines military-grade standards with developer agility, ensuring sensitive workloads are protected without compromising the speed of innovation.
TrustStack isn’t just a new offering; it’s the culmination of over 15 years of relentless innovation in cloud security, distilled into a comprehensive platform that never compromises on agility or compliance.
AllCloud embarked on its journey into cloud security long before many of today’s solutions existed, consistently pushing the boundaries of what was achievable in AWS security, innovating to deliver the best. We pioneered Transit VPC solutions and developed Ingress VPC solutions and our foresight led to the creation of the AllCloud Next Generation Landing Zone (NGLZ), the first of its kind, including NGLZ Shield. These years of dedicated service to customers with the most stringent security demands have continuously fueled our solutions development team, leading directly to the creation of TrustStack—a testament to our collaborative innovation with AWS for unparalleled security.
Eran Gil, AllCloud CEO, summarizes the journey perfectly:
“Our security practice has evolved dramatically through the years of solving complex challenges alongside our most innovative customers. Each engagement taught us that in today’s AI-driven world, robust security isn’t just protection, it’s the foundation that enables innovation. This customer-driven journey led us to a solution that embodies everything we’ve learned about balancing extensive security with the agility that modern businesses demand.”
Built on Best Practices
Our journey to TrustStack has been intertwined with key AWS best practices. We’ve worked with teams such as the AWS Identity Services, who defined the critical Data Perimeter framework, and the LZA team, responsible for the official AWS Landing Zone framework.
Ilya Epshteyn, AWS Director, Identity Security & Solutions, affirms this synergy:
“AllCloud translated AWS’s service-specific data perimeter considerations and prescriptive guidance into secure-by-default configurations within their Landing Zone engine. Their implementation helps customers accelerate the adoption of scalable, multi-account environments with stronger data boundary controls aligned to AWS best practices.”
TrustStack’s prevention-first approach delivers a prescriptive data perimeter implementation on top of LZA—including SCP, NCP, RCP, resource policies, CloudFormation hooks, and auto-remediation controls—tailored to industry-specific requirements. This comprehensive framework saves organizations years of work in building strong, compliant boundaries around their AWS environments.
Bo Lechangeur, Principal Architect, AWS LZA, also emphasizes our shared commitment to cloud security:
“The joint development between the Landing Zone Accelerator on (AWS) product team and AllCloud demonstrates our shared commitment to cloud security. AllCloud’s TrustStack solution shows how prevention-first security controls integrate with LZA, helping organizations meet industry security requirements while maintaining operational efficiency.”
Open Source Contribution to the AWS Security Specialists Community
To help the AWS Security specialists community adopt robust data perimeter controls—and specifically to accelerate implementation of AWS’s Service-specific guidance—we are sharing the TrustStack-Data-Perimeter-Security-Packages as an open-source project.
This repository provides ready-to-deploy security configurations that implement AWS data perimeter service-specific guidance and can be seamlessly integrated with AWS Landing Zone Accelerator (LZA). By making these packages open source, we aim to empower organizations and practitioners to more rapidly achieve secure, compliant cloud environments for their most sensitive workloads.
Agility Within the “Walled Garden” Environments
Like every organization, the network perimeter is a critical boundary to set up and maintain. TrustStack provides out-of-the-box, highly structured network blueprints that dramatically reduce the time and complexity of designing and building multi-tier zonal architectures, while leveraging a range of ISV solutions to keep networks secure.
What truly sets TrustStack apart is our commitment to retaining agility within these “walled garden” environments. Historically, balancing innovation and compliance in highly secure environments has been a significant challenge.
At the heart of TrustStack are Guardrails-aware CDK constructs, Terraform modules, and workload blueprints. These are meticulously designed to fit seamlessly within your security guardrails, rather than conflict with them. Our integrated Metadata Service ensures that your CDK constructs and Terraform modules are always aware of the target environment and its guardrails, streamlining secure deployments.
Pre-Provisioned Incident Response Environment
TrustStack goes beyond foundational security by recognizing the real-world challenges organizations face in preparing for incident response. We’ve embedded a robust NIST-based IR framework that includes out-of-the-box SIEM integration, auto-generated enrichment datasets, complete setup of AWS native detective controls, a broad range of remediation playbooks, and a full asset management framework—empowering your IR teams to identify and prioritize signals quickly and effectively.
This is just the beginning—our roadmap extends to additional industries and capabilities, ensuring TrustStack continues to set the pace for secure, agile cloud operations.
Stay tuned for more exciting developments as TrustStack evolves!