Case Studies

SentinelOne implemented AllCloud’s Next-Generation Landing Zone solution to enforce security and compliance across a new multi-account AWS organization, while improving cost-efficiency and governance.

About SentinelOne

SentinelOne is a pioneer in delivering autonomous security for endpoints, data centers and cloud environments, to help organizations secure their assets with speed and simplicity. SentinelOne unifies prevention, detection, response, remediation and forensics in a single platform powered by artificial intelligence.


Cybersecurity platform, SentinelOne, partners with AllCloud to implement the Next-Generation Landing Zone solution to harden and enforce security and compliance across a new multi-account AWS organization, while improving AWS cost-efficiency and governance.


As a cybersecurity company utilizing advanced AI to deliver autonomous security to cloud environments and data centers, SentinelOne heavily relies on AWS to serve its customers. As part of a comprehensive cloud modernization project, SentinelOne approached AllCloud to optimize its cloud environment to support better separation between production and non-production environments, automate account management and consolidate security in one centralized location while aligning with AWS best practices. 

To adapt its cloud security to its organizational needs, SentinelOne sought to integrate its identity and access management provider with AWS, utilize VPC sharing for network management and support customers in multiple regions. As part of its modernization project, SentinelOne also wanted to improve and fully optimize the cost-efficiency of its environments.    


To quickly set up the required account structure, establish security baselines and configure networks according to AWS best practices, AllCloud established a new AWS Organization for SentinelOne, utilizing its Next-Gen Landing Zone (NGLZ) solution. The AllCloud Next-Gen Landing Zone is a fully automated enterprise-scale governance and security solution that configures and updates multi-account, multi-region AWS Organizations based on native AWS services and the Well-Architected Framework.

The new, NGLZ-supported architecture, in conjunction with AWS Control Tower, enabled SentinelOne to apply security policies across a multi-account structure, spanning production, development and staging accounts to achieve secured and isolated environments. This configuration allows SentinelOne to separate production from non-production environments while managing permissions according to the principle of least privilege. 

To further enhance the security provided by SentinelOne’s application layer, the new solution provides full traceability, monitoring, auditing, and alerting of changes to the environment in real-time. Security control and guardrails are applied at the Organization level and are automatically deployed on all child accounts using Service Control Policies (SCP), while access to the environment is granted over a secure VPN tunnel. By using Control Tower and AllCloud’s extension tools, security best practices are automatically deployed across the environment and centrally managed by infrastructure-as-code.

On the cost optimization front, AllCloud’s NAT Gateway Analyzer was used to pinpoint abnormally high traffic passing through Nat Gateway. AllCloud was able to make a small but significant adjustment to the architecture using a VPC endpoint to reduce data transfer costs. CloudHealth was implemented to continuously analyze EBS PIOPs for all volumes, while resource utilization, size and payment plans have been optimized to meet SentinelOne’s actual usage and requirements.    

“SentinelOne has gained granular visibility, understanding and control over our AWS spend since partnering with AllCloud’s FinOps team. Since using the AllCloud custom-made solution, NAT Gateway Analyzer, we have been able to better pinpoint which services are sending data through NAT Gateway and optimize our architecture accordingly. In addition, this has allowed our team to invest those cost savings into growing our cloud environments.” 

Yaron Avior, Head of Infrastructure, SentinelOne


SentinelOne’s new Landing Zone solution provides a separated account structure, with the security, compliance and governance necessary to meet SentinelOne’s strict requirements. The cloud environment has been fully future-proofed, operating under a framework that will enforce best practices going forward, ensuring SentinelOne’s continuous operational efficiency, cost optimization and business agility. 

In addition, the ongoing support of AllCloud’s FinOps team has already saved SentinelOne tens of thousands of US Dollars in operational costs, while ensuring that cloud spend and governance are continuously adapting to SentinelOne’s changing needs.

Download the full PDF