Landing Zones: A strategic pillar of the MTP IT 2025

The 2025 IT Medium-Term Plan set the goal of facilitating, controlling and securing the use of the public cloud for all Crédit Agricole Group entities. This ambition has resulted in the establishment of robust foundations to fully exploit the potential of the Public Cloud.

Among these foundations, Landing Zones (LZs) are a central element of our Cloud strategy, particularly to meet the strategic direction of the PMT which foresaw the use of hyperscalers* for our IaaS/PaaS developments.

The 2025 IT Medium-Term Plan set the goal of facilitating, controlling and securing the use of the public cloud for all Crédit Agricole Group entities. This ambition has resulted in the establishment of robust foundations to fully exploit the potential of the Public Cloud.

Among these foundations, Landing Zones (LZs) are a central element of our Cloud strategy, particularly to meet the strategic direction of the PMT which foresaw the use of hyperscalers* for our IaaS/PaaS developments.

Landing Zones in practice

A Landing Zone is a pre-configured and secure environment that allows the applications we develop to be deployed on the public cloud (for example at AWS (Amazon) or GCP (Google)).

The key objective of a landing zone is to be able to leverage the full power of public cloud providers and the richness of their service catalogues, while benefiting from a secure foundation, through a common security framework for all cloud projects.

It is a real accelerator for projects, allowing them to benefit from immediately available pre-configured or managed services, interoperability capabilities with the internal IS to cover more use cases, and simplified contracting, as the supplier's capabilities (such as certifications) have already been verified.

For example, a project team can deploy a complete architecture (network, storage, computing) that meets Group standards in a few clicks on a Landing Zone thanks to the preconfigured services provided, thus considerably reducing the implementation time.

The benefits in terms of safety are also very important. Many security rules are implemented natively by the Landing Zone. Each of them is validated at Group level, thus guaranteeing a homogeneous level of security in line with our Information Systems Security Policies (ISSP) and our regulatory requirements.

For example, when a project team wants to deploy a new data analytics application to AWS, they don't have to manually configure firewalls, IAM policies, or audit logs. The Landing Zone already provides all these pre-configured elements according to Group standards.

For all these reasons, Landing Zones are now widely adopted by hyperscaler customers who want to develop their use of the public cloud in a secure and standardised way.

Shared responsibilities

However, it is important to understand that the Landing Zone alone does not guarantee the complete security of your application. The secure configuration of managed services and resource management (updates, patches) remain the responsibility of each project.

Thus, even if an application is deployed on a natively secure Landing Zone, if a database is configured with a default password or access rights that are too permissive, it will remain vulnerable.

Similarly, application resilience is not supported by the Landing Zone: the cloud provider offers capabilities to cover the needs, which then need to be implemented.

Landing Zones are therefore a necessary but not sufficient condition for the complete security of your cloud applications.

Landing Zones in the Group: a gradual roll-out aligned with the 2025 IT MTP

The implementation of Landing Zones within the Group was part of the roadmap for the 2025 IT MTP, first through CAGIP to serve its client entities, then by the Group’s other production operators from 2024, demonstrating the Group’s ability to extend this approach to all its entities.

The Group currently has several Landing Zones, supported by 8 internal operators (including CAGIP, the main one, but also Azqore for "Indosuez", "Italia"…). These Landing Zones cover the main cloud providers and several European regions, thus making it possible to meet the diversity of the needs of the Group’s entities, one of the ambitions of the Cloud component of the PMT IT 2025.

The choice of a Landing Zone, or a region within a Landing Zone, depends on several factors such as regulatory constraints, the necessary cloud services, their costs, performance needs, resilience needs, environmental footprint, interconnection needs with our data centres… which will vary according to the entities and the projects.

_{The operators of Landing Zones within the Group, their client entities and the regions available}

A concrete response to the Group’s public cloud ambitions

This strategy of using Landing Zones, which is at the heart of the Cloud component of the 2025 IT MTP, has already had a significant impact on the Group’s Cloud transformation: the number of IaaS/PaaS assets increased by 113% between the end of 2023 and the first half of 2025.

Their implementation has enabled them to respond directly and indirectly to several major challenges of the MTP IT 2025: Security and compliance, Agility and innovation, Industrialisation and cost control.

In line with the PMT IT 2025, Landing Zones will continue to evolve to meet the Group’s growing cloud needs. The continuous enrichment of the normative framework will also allow us to adapt our approach to regulatory and technological developments, thus ensuring the sustainability of our public cloud strategy.

To learn more about the Landing Zones available within the Group, do not hesitate to consult the choice guide produced by the Design Authority Cloud available at this location

_{*A hyperscaler refers to a company specialising in providing highly scalable cloud infrastructure services. These players, such as AWS or Google Cloud, offer IT resources that can dynamically adapt to business needs.}