Launch Week Day 1: Multi-cloud inventory
Multi-cloud infrastructure is now a reality for many companies, from small to large. The flexibility to pick the best service from each platform and the leverage you get in discount negotiations with the cloud platforms is great for the business. But multi-cloud environments often lead to siloed views of each cloud platform, making it difficult to maintain consistent security standards across the entire infrastructure.
A bird's eye view for your entire infrastructure
We started Fix with support for AWS. Our inventory for AWS consolidates configuration data for resources from multiple accounts into a single place, in a normalized format. Searching and finding AWS resources across regions and cloud accounts, and maybe also filtering for common properties such as tags can be really tedious, and our inventory solves that problem.
It didn't take long for users to ask for the same capability for the other cloud platforms. Today we're expanding our inventory to also support Google Cloud and Azure.
Our inventory is now a true multi-cloud asset inventory that shows all your cloud resources in one place, no matter if they're in AWS, Azure, or Google Cloud. With data for all clouds, accounts (projects, subscriptions for Google Cloud and Azure respectively) and resources in a single place, you can now get a bird's eye view across your entire infrastructure.
For example, the screenshot below has an account-level view of the number of compute instances, and their corresponding number of cores and memory for each account, and the cloud it's running in.
Some of the things you can do with that bird's eye view:
See and secure everything. Spot risks across all your clouds at once, with a unified view of resource configurations.
Follow the rules. Check if you are meeting security and compliance standards in all your cloud environments.
Break down silos. Create a common understanding between security and development teams of what's running in your cloud(s).
By seeing everything together, you can better protect your whole cloud setup, avoid missing important security issues.
How does this work?
Fix is agentless, and takes a periodic snapshot of your cloud - usually on an hourly basis. We then normalize the cloud provider data models into a single unified data model and create common properties for every resource, such as ID, age, or tags.
With each snapshot, we also capture the dependencies between resources and create our inventory graph. The inventory graph is e.g. the foundation for visualizing resources in their context with our neighborhood view.
Unifying data into a single graph is what gives us the bird's eye view across any cloud, region and cloud account. With our normalized data, we've also created base kinds, which are abstractions for common services that exit in every cloud, such as account
, bucket
, database
or instance
.
For example, in a multi-cloud infrastructure with all three platforms, a search for instance
will result in a list with AWS EC2 Instances, Google Compute Engine and Azure Virtual Machines.
And all of this is from a single place, without switching consoles or data models.
Use cases and customer examples
Here are two use case examples where our multi-cloud inventory has already come in handy.
Shadow IT detection
dltHub is a data infrastructure start-up based in Berlin that runs on AWS, Google Cloud and Azure. For proof-of-concepts with potential customers, dltHub's solution engineers deploy storage buckets and cloud warehouses. dltHub's co-founder and CTO Marcin Rudolf uses our multi-cloud inventory to detect and get notified about any public storage buckets and databases that shouldn't be public.
Cloud resource discovery
CloudZone is a Multi-cloud Solution Provider based in Tel Aviv. Rotem Levi is a cloud security architect at CloudZone and uses our inventory for resource discovery with first-time clients. The baseline inventory is the foundation for discussions around security posture, asset management and even cloud cost.
Start now
We're excited about this new capability and hope you are too! If you want to give it a spin, just sign up for a free trial with unlimited cloud accounts and follow the instructions in workspace settings to deploy Fix in AWS, Google Cloud, and Azure.
This blog post is part of our Launch Week 1 announcements running from July 29th to August 2nd.
Subscribe to my newsletter
Read articles from Lars Kamp directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by