Palo Alto Networks is excited to announce the powerful combination of our next-generation software firewalls with the AWS Landing Zone Accelerator (LZA). This integrated solution empowers Public Sector customers by accelerating their secure cloud adoption, establishing compliant cloud foundations, and delivering consistent, advanced threat protection across their multiaccount and hybrid environments.

Public Sector customers face unique challenges, including stringent compliance requirements, data residency mandates and the constant threat of sophisticated cyberattacks. Our joint solution directly addresses these critical needs, offering a streamlined and highly secure path to the cloud.

The Mandate for Cloud in the Public Sector

US Government agencies are in the midst of a significant digital transformation, driven by Executive Order 14028 ("Improving the Nation’s Cybersecurity") and OMB Memorandum M-22-09. These directives mandate specific zero trust security goals, making cloud migration a federal imperative. This shift is crucial not only for bolstering cybersecurity but also for improving efficiency, reducing costs and enhancing service delivery across the public sector.

The Traditional Cloud Adoption Journey vs. Government Reality

Organizations typically start their cloud journey with experimentation, then build a business case, and finally establish a cloud foundation—an operating model and a secure, scalable AWS landing zone. However, highly regulated sectors like government must first establish a secure, compliant cloud foundation, including a landing zone, before any experimentation, due to strict requirements like FedRAMP and DoD CC SRG.

Introducing the Landing Zone Accelerator with Palo Alto Networks Software Firewalls

The Landing Zone Accelerator on AWS (LZA) is designed to tackle the complexities public sector organizations face when adopting and scaling in AWS, especially in launching a secure multiaccount environment. It addresses challenges like managing multiple accounts, ensuring consistent security and compliance, and overcoming scalability and operational overhead.

Palo Alto Networks enhances LZA by integrating with its software firewall offerings. This powerful combination helps ensure workloads are robustly protected, monitored and adhere to relevant regulatory and compliance frameworks.

Palo Alto Networks Software Firewalls on Landing Zone Accelerator

Fortify Your Cloud: Unleashing the Power of Palo Alto Networks Software Firewalls on AWS

The Palo Alto Networks software firewalls on AWS offers a virtualized Next-Generation Firewall (NGFW) with advanced threat protection and consistent policy management across AWS and hybrid environments. Deploying software firewalls on AWS offers the following advantages:

AI/ML-powered Threat Protection

Our best-in-class solution leverages AI/ML and the latest threat research to safeguard your workloads from both zero-day and known threats, providing deep application-layer 7 visibility.

Seamless Integration for Dynamic Deployments

We integrate with Gateway Load Balancer, AWS Auto Scaling and Transit VPC with AWS Transit Gateway, enabling you to secure traffic across diverse, large-scale and dynamic deployments.

Dynamic Policy Application

Our policy definitions automatically adapt to your cloud assets, based on AWS tags, Application IDs, User IDs, geographies or zones, ensuring consistent and relevant security.

Combining Palo Alto Networks’ software firewalls with LZA enables organizations to build secure, compliant and scalable multiaccount environments, accelerating their cloud journey with confidence.

Unlocking the Power of LZA: Accelerating Cloud Adoption with the AWS Best Practices

LZA aligns with AWS best practices and global compliance frameworks, providing a simplified way to set up a baseline security architecture and automate administrative tasks. This reduction in "undifferentiated heavy lifting" allows agencies to focus on critical areas such as operating models and developer agility.

LZA offers sample configurations for various regions and regulated industries, including AWS GovCloud (US) aligning with FedRAMP High, DoD CC SRG Impact Level 4 & 5, and CMMC Readiness.

The sample configurations are based on authorized patterns and guidelines provided in the AWS Prescriptive Guidance Security Reference Architecture (SRA). The solution is a fully automated implementation of the AWS SRA and provides you flexibility to customize your landing zone to suit your organizational security, networking and compliance requirements.

The solution also supports nonstandard AWS partitions, including AWS GovCloud (US), and the US Secret and Top Secret clouds.

Key benefits of LZA include:

• Accelerate Experimentation and Innovation: Build a secure, compliant AWS environment in days, not months.
• Drive Velocity: Focus on migration, transformation and innovation by automating the compliant landing zone build.
• Foundation for Compliance: Establish a robust infrastructure for mission-critical workloads in a centrally governed multiaccount environment.
• Consistent Security: Automated account provisioning, security guardrails and standardized network architecture.
• Extensibility: Open-source project built with AWS Cloud Development Kit (CDK) for customization.

The Power of the Combined Solution

Palo Alto Networks software firewalls on AWS Landing Zone Accelerator (LZA) provide public sector customers with enhanced security through microsegmentation, advanced threat prevention and comprehensive AI security features. At the same time, the LZA framework simplifies deployment and ensures consistent policy enforcement across multiaccount environments.

The integration allows for efficient security policy management, simplified operational overhead and the ability to confidently secure modern, containerized and AI-powered applications against a wide range of threats, including:

Standardized Security & Automated Deployment

Consistent security controls across AWS accounts and regions, adhering to best practices, with reduced manual effort for multiaccount environments.

Enhanced & Scalable Network Security

Advanced threat prevention, Layer 7 visibility, URL filtering, antimalware capabilities and easy expansion to new AWS accounts and regions with automatic scaling.

Compliance, Governance & AWS Integration

Automated security baselines, comprehensive logging and auditing, and seamless deployment of foundational AWS security services for United States (US) Federal and Department of Defense (DoD).

Zero Trust & AI Protection

Identity-based policies for continuous user validation for critical applications and protection for AI applications, models and agents across AWS services.

A Secure Path to Cloud Innovation

By implementing this solution, agencies can confidently move beyond a simple "lift and shift" approach. They can truly leverage cloud-native capabilities for innovation, knowing that their security and compliance needs are addressed from the ground up. This standardized, repeatable framework allows agencies to focus on their mission-critical objectives while adhering to the highest security standards mandated by federal regulations.

Ready to get started? There are no additional charges or upfront commitments for Landing Zone Accelerator on AWS; you only pay for AWS services used. Palo Alto Networks VM-Series firewalls and Prisma^Ⓡ AIRS are available in the AWS Marketplace for simplified procurement. Connect with AWS and Palo Alto Networks sellers today to discuss your agency's cloud journey.

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this blog, including, without limitation: developments and changes in general market, political, economic, and business conditions; risks associated with managing our growth; risks associated with new products and subscription and support offerings; shifts in priorities or delays in the development or release of new offerings, or the failure to timely develop, release and achieve market acceptance of new products and subscriptions as well as existing products and subscription and support offerings; failure of our business strategies; rapidly evolving technological developments in the market for security products and subscription and support offerings; our customers’ purchasing decisions and the length of sales cycles; our competition; our ability to attract and retain new customers; and our ability to acquire and integrate other companies, products, or technologies. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.