• +(44) 7444 833 783
Get Free Consultation
Omnescode

Touch Surgery

Software Development Center

Touch Surgery – Software Development Center

Touch Surgery is a leading healthcare technology company that develops surgical training and simulation platforms used by medical professionals worldwide. As their AWS usage expanded across teams and regions, they needed a centralized approach to manage cloud environments securely, enforce governance, and streamline user access across multiple business units.

Green-Field Solutions

Customer Challenges

Managing multiple AWS accounts with inconsistent configurations and limited visibility

Difficulty enforcing security standards and governance across environments

Lack of centralized identity management, increasing risk of over-permissioned access

Manual account creation and inconsistent resource provisioning across teams

Needed scalable, compliant architecture to meet industry and data protection standards

Required clear separation of workloads while maintaining centralized control

 

Customer Deliverables

Our Solutions

CloudiQS partnered with Touch Surgery to implement a secure, scalable multi-account AWS environment using AWS Control Tower and AWS Organizations. This solution established a standardized, automated, and compliant cloud foundation to support future growth.

We structured their AWS Organization using Organizational Units (OUs) for staging, production, R&D, and sandbox environments — ensuring clear boundaries between workloads. AWS Control Tower was deployed to automate account provisioning with built-in security guardrails, centralized logging, and baseline configurations.

To manage user access, we integrated AWS IAM Identity Center (formerly AWS SSO) with their corporate Microsoft Entra ID, enabling federated login and role-based access control across all AWS accounts.

We enhanced security posture through:

Secure networking and logging routed to a centralized logging account for audit and visibility

Service Control Policies (SCPs) to enforce organizational boundaries and restrict risky services

CloudTrail, AWS Config, and GuardDuty for unified monitoring, compliance, and threat detection

IAM Access Analyzer and permission boundaries to detect and prevent overly permissive roles

Improvements

The Results

  • Successfully deployed a multi-account AWS Organization aligned with AWS best practices
  • Enabled secure and automated account provisioning through AWS Control Tower
  • Centralized identity and access management with federated SSO across all teams
  • Strengthened compliance and visibility using unified audit, monitoring, and threat detection
  • Reduced risk through role-based access control, SCPs, and IAM hardening
  • Simplified onboarding for new projects and teams while maintaining security standards
  • Positioned Touch Surgery to scale globally with a secure, governed AWS foundation