Nordiq Financial
Consolidated 18 ungoverned AWS accounts into a Control Tower landing zone — PCI-DSS clean and 3× faster deployments.
Six years of organic growth had left Nordiq Financial with 18 AWS accounts, no consistent naming, networking or IAM, and six accounts with no clear owner. A recent audit surfaced PCI-DSS gaps in segmentation, encryption, access control and logging that couldn't be remediated account-by-account, while five platform engineers spent 70% of their week on reactive work and developers waited days for any change.
A Control Tower landing zone with an OU hierarchy mirroring how Nordiq actually works — Security, Infrastructure, Workloads (with a hardened PCI sub-OU) and Sandbox — and SCPs and Config rules at each level. Eighteen accounts were inventoried, dependency-mapped and consolidated to twelve, with IAM Identity Center replacing long-lived credentials, Transit Gateway replacing VPC-peering sprawl, and Security Hub plus GuardDuty enabled organisation-wide with automated PCI evidence collection.
PCI-DSS was achieved on the next assessment, with the auditor calling out the maturity of the automated evidence collection. Account consolidation eliminated $14K/month in orphaned resources, and self-service Terraform modules behind the new guardrails delivered 3× faster deployments and an 80% cut in audit prep time.
Under the hood
“Our AWS environment had grown organically for years and nobody had a complete picture of what existed across all 18 accounts. Remāngu brought structure to the chaos. We went from dreading compliance audits to passing them with confidence, and our teams can now deploy faster because the guardrails are built in rather than bolted on.”
Next case study
Tech4Bet