Case Study:
AWS Control Tower –Rego SaaS

The Organization:

Rego SaaS: The Premier Clarity by Broadcom SaaS Provider on AWS

Rego SaaS is the only Clarity by Broadcom SaaS provider on AWS and the #1 global reseller, delivering unparalleled expertise in implementing and maintaining some of the most complex AWS environments.
Rego’s AWS-Certified engineers bring 10+ years of hands-on AWS experience, and industry-leading best practices to every client, ensuring secure, scalable, and high-performing solutions.

Rego deploys and maintains some of the most complex AWS environments for their clients, including a highly automated SaaS solution used by some of the largest financial, healthcare, and retail firms in the
world. They also build and manage their own internal AWS infrastructure.

The Challenge:

Rego needed an AWS solution that provided efficiency, security, and centralized governance — all while maintaining agility in a rapidly evolving cloud environment.

Rego was faced with the challenge to rapidly migrate and modernize more than 150 Clarity PPM customer environments from an aging data center to AWS. These were live production environments for high-profile clients, including major financial institutions and Fortune 500 companies, meaning the migration had to be seamless, secure, and fully compliant from day one.

The core challenges included

  • Speed and Scale – Migrate and modernize 150+ clients within an extremely accelerated timeline (just 6 months!) while maintaining
    uninterrupted service.

  • Global Governance – Establish centralized management of security and compliance controls across five geographic regions (Australia, US, Canada, UK, Europe).

  • Custom AWS Control Tower Deployment – At the time, AWS Control Tower did not support all required regions. This meant that a customized deployment would be required.

  • Automated Account Provisioning – Create new AWS accounts rapidly, apply governance policies, and ensure secure configuration before data migration.

  • SOC Compliance from Day One – Ensure all customer environments met SOC 2 security and governance standards immediately upon migration.

The Solution:

Rego implemented AWS Control Tower to establish a secure, multi-account AWS environment, customizing it to meet each organization’s unique needs.

  • Rapid Migration and Modernization
    Rego executed a structured migration plan, working in parallel teams to accelerate onboarding. A “factory model” approach enabled different teams to simultaneously work in parallel for efficient account creation, customer onboarding, and security configuration. This effective approach resulted in multiple clients migrating daily.

  • Custom AWS Control Tower Deployment
    To accommodate unsupported regions, Rego implemented Custom Control Tower (CFCT), extending AWS best practices across all five geographic regions. A centralized Landing Zone was established to manage security, logging, and workload governance from a single control point.

  • Automated Account Provisioning and Security
    Rego leveraged AWS Account Factory to automate the creation of new AWS accounts, ensuring that each one was provisioned with the correct security guardrails, compliance controls, and governance policies before any data was migrated.

    AWS Single Sign-On (SSO) was integrated within Control Tower to provide seamless identity management across multiple accounts, ensuring controlled access for authorized users only.

    AWS CloudTrail service ensured that all account activities, including account creation, are logged and monitored. This enables organizations to track and review account creation events for compliance and governance purposes.

  • Security and Compliance from Day One
    Using AWS Control Tower’s Guardrails (now called Controls), Rego enforced compliance policies across all accounts, ensuring security logs and access permissions were continuously monitored. For example, controls were configured to mitigate unauthorized access risks.

    Also, Rego enabled AWS Control Tower integration with AWS Security Hub through a feature called the Service-Managed Standard: AWS Control Tower. This integration allowed the Rego team to monitor their AWS environment for compliance with security best practices and industry standards. Security Hub offers detective controls to identify noncompliance or misconfigurations in clients’ resources. Security Hub findings and controls are visible in both the AWS Control Tower and Security Hub consoles, enabling centralized monitoring and management.

The Results

Project Results:

  • 100% Governance and Compliance – Every AWS account maintained full security compliance from day one, ensuring SOC 1 and SOC 2 standards were met. This provided customers with immediate assurance that their data was secure.

  • Accelerated Migrations – 150+ customer environments were successfully migrated within 6 months, a process that typically takes 12-14 months.

  • Automated Account Provisioning – Rego’s custom Control Tower pipeline enabled fast and secure AWS account creation, reducing the team’s manual effort and shifting the focus from account setup to deploying high-value solutions.

  • Seamless Security and Visibility – A centralized dashboard provided a single view to monitor security posture and compliance across all accounts.

  • Security Audits Supported – AWS Control Tower assisted client security audits by providing centralized governance, enforcing compliance through preventive and detective guardrails, and maintaining transparent, auditable logs via AWS CloudTrail. Its integration with AWS Security Hub ensured continuous security monitoring, making it easy to demonstrate adherence to security best practices and regulatory standards. These secure measures resulted in the highest levels of client confidence.

  • Cost Efficiency and Optimization – Rego’s in-house expertise and automation efforts helped complete the migration efficiently, reducing manual efforts in account provisioning, cutting migration timelines by over 50%, and enabling the team to onboard up to 5+ clients per day.

Global Impact:

  • The solution worked so well that AWS asked Rego to share their use cases in order to develop better AWS functionality, including features that are live today!

  • Additionally, AWS invited Rego to share their expertise and experiences with user groups.

The Road Ahead:

By leveraging AWS best-in-class methodologies, Rego enables enterprises to efficiently manage their cloud environments while driving innovation and maximizing value.

Rego continues to expand its AWS SaaS hosting practice, providing Clarity PPM and other PPM solutions on a fully native AWS architecture.

Beyond SaaS, Rego’s AWS consulting practice now specializes in DevOps, security, and governance, leveraging its deep expertise in Control Tower to help other organizations establish scalable, compliant, and cost-effective AWS environments.

With 10+ years of hands-on experience managing AWS Control Tower at scale, Rego remains a trusted partner for enterprises navigating their cloud transformation journeys.

About Rego Consulting

Rego Consulting is one of the world’s largest Project Portfolio Management (PPM), AWS, FinOps, TBM and Agile consulting firms. We’ve guided 700+ organizations through their AWS, PPM, FinOps, and Work Management journeys, including 60% of Fortune 100 companies.

Rego holds several AWS specializations including being an Advanced Tier Services partner, a Well-Architected Partner Program Partner, as well as having Digital Workplace Software and Qualified Software competencies. They are the only Clarity by Broadcom SaaS provider on AWS, as well as the #1 global reseller, and they implement and maintain some of the most complex AWS environments. With 10+ years of AWS experience, Rego brings industry-leading best practices to every client.

Rego Consulting has worked with 60% of Fortune 100 Companies.

Receive personal, one-on-one attention from an expert guide with a FREE Digital Ecosystem Assessment.