The page has been translated by Gen AI.

Overview

Service Overview

Cloud Control service is a managed service that supports building, operating, and managing a multi-account environment easily and securely on the Samsung Cloud Platform.
Cloud Control service automates an organization’s cloud governance (security, compliance, standardization, etc.) and provides consistent centralized account and resource management based on Samsung Cloud Platform best practices.

Features

Cloud Control service provides the following special features.

  • Landing Zone Automatic Setup: Samsung Cloud Platform accounts, organizational units (OU), guardrails, logging, etc. are automatically configured. In a standardized environment, new account creation and invitation of existing accounts are possible.
  • Centralized Governance and Policy Enforcement: Automatically applies security, compliance, and operational policies (guardrails) across the organization. Provides policy violation detection and monitoring capabilities.
  • Multi-Region and Scalability: You can apply the same governance and policies across multiple Samsung Cloud Platform regions.

Provided Features

Cloud Control service provides the following features.

  • Automated Landing Zone (Landing Zone) Construction: Security, logging, and account structure based on Samsung Cloud Platform best practices are automatically set.
  • Guardrail applied
    • Preventive guardrail : block the creation of policy-violating resources itself
    • Detective Guardrail : Automatically detect policy-violating resources and notify
    • Integration with Samsung Cloud Platform Organization’s ACP, Samsung Cloud Platform Config Inspection, etc.
  • Dashboard Provision: You can visually monitor the accounts, OUs, guardrail implementation status, and compliance status of the entire organization.
  • Centralized logging and auditing
    • Logging&Audit, Object Storage, Config Inspection through which provide centralized log storage for all accounts and an audit account
  • ID and Permission Management Integration: By integrating with Samsung Cloud Platform ID Center, you can manage account-based access control and permission groups.
  • Monitoring and Notification (Notification) Feature: Provides real-time alerts for policy violations, Cloud Control setting changes, etc.
Information
Detection Guardrail, Config Inspection integration feature is scheduled for March 2026, Monitoring and Alerting feature is scheduled for July 2026.

Components

Landing Zone(Landing Zone)

Governance, security, network, logging, etc. The basic structure of the standardized Samsung Cloud Platform environment is as follows.

CategoryDetailed description
Management Account
  • Organization and account structure management, policy (SCP) application, new account creation automation
  • Highest authority across the organization, governance-focused operation
Log Account
  • Central collection and storage of all account logs, log integrity and long-term retention
  • Independent account operation, strict access control and encryption
Audit Account
  • Organization-wide security and compliance monitoring and audit, automated security checks
  • Apply principle of least privilege, cross-account role assumption
Table. Cloud Control Landing Zone

Guardrails(Guardrails)

The guardrails that automatically apply policy violation detection and prevention (detection/prevention type) rules, security and compliance standards are as follows.

CategoryDetailed description
Preventive GuardrailRole of preemptively blocking to prevent policy violations
  • Implementation method: Using Access Control Policy(ACP) to prohibit or limit the scope of actions on specific Samsung Cloud Platform services
  • Example:
    • Prohibit creation of root user access keys
    • Block resource creation in specific regions
    • Block public read/write on S3 buckets
  • Feature: Fundamentally prevent the violation act itself, preemptively block policy violations
Detection GuardrailContinuously monitor for policy violations or abnormal configurations, and provide alerts when violations occur
  • Implementation Method: Based on the Samsung Cloud Platform Config Inspection checklist, evaluate resource status and notify via dashboard or alerts when violations are found
  • Example:
    • Detect S3 bucket encryption not applied
    • Detect CloudTrail disabled
    • Detect whether EBS volume encryption is enabled
  • Feature: Detect violating resources in real-time and deliver to the administrator
Table. Cloud Control Guardrail
Notice
Detection Guardrails will be provided in March 2026.

Baseline(Baseline)

The essential resources and configuration sets, such as security, logging, and network, automatically deployed per account, are as follows.

CategoryDetailed description
AuditBaseline
  • Configure security and audit roles, policies on the central audit account
  • Check the security status and compliance status of all accounts centrally
LogArchiveBaseline
  • Aggregate logs of all accounts’ Trail to a central bucket
  • Used for log integrity, long-term storage, and audit tracing
IDCenterBaseline
  • Automatic configuration of resources linked with ID Center
  • Integrate user/group/permission management within the organization
Table. Cloud Control Baseline
Guide
AuditBaseline is scheduled to be provided in July 2026.

Region-specific provision status

Cloud Control service is available in the following environments.

RegionAvailability
Korea West 1 (kr-west1)Provided
Korea East1 (kr-east1)Provided
Korea South1(kr-south1)Provided
South Korea 2(kr-south2)Provided
South Korea South 3(kr-south3)Provided
Table. Cloud Control Region-wise Provision Status

Pre-service

This is a list of services that must be pre-configured before creating the service. For detailed information, please refer to the guide provided for each service and prepare in advance.

Service CategoryServiceDetailed Description
StorageObject StorageObject storage that facilitates data storage and retrieval
ManagementLoggin&AuditA service that collects and analyzes user activity history
ManagementOrganizationA service that organizes accounts by organizational units, manages them hierarchically, and controls resource access permissions.
ManagementID CenterA service that allows you to easily manage access permissions for resources per account centrally.
Table. Cloud Control Preceding Service
Release Note
How-to guides