I'm on the hunt for a robust observability and governance platform that can handle our Azure, AWS, and hybrid cloud setup. We're looking for a solution that provides deep insights into our resources and helps with governance, security, and optimization. Essentially, I want a virtual cloud advisor to keep everything aligned and under control.
Here's what I'm specifically looking for:
1. **Cloud Inventory & Discovery**: Automatic discovery of all Azure/AWS resources including VMs and storage, a real-time inventory, and tracking of users and app registrations.
2. **Security & Compliance Monitoring**: Continuous monitoring for risks, integration with Microsoft Defender for Cloud, and a consolidated view of our security alerts.
3. **Compliance Framework Support**: Ability to map our resources against frameworks like ISO 27001 and keep track of compliance status with audit-ready reports.
4. **Governance & Policy Enforcement**: Automated checks for policy violations and best-practice assessments.
5. **Snapshot & Change Management**: Ability to take snapshots of our cloud configuration and track changes effectively.
6. **Trend Analysis & Historical Data**: Tools to visualize resource growth and track improvements over time.
7. **Automated Recommendations**: Prioritized recommendations for cost optimization and operational improvements.
8. **Actionable Insights**: Identify issues such as inactive users and configuration drift with customizable views.
9. **Reporting & Data Export**: Detailed reports for compliance audits and easy integration with existing workflows.
10. **Integration & Connectivity**: Compatibility with Azure/AWS and Microsoft 365, with options for custom integrations.
11. **Hybrid & Multi-Cloud Support**: Ability to cover our on-premises infrastructure as well.
We've tried some native tools but found them fragmented and time-consuming. Any suggestions on platforms that might fulfill these needs or experiences shared would be greatly appreciated!
5 Answers
I suggest starting with cloud-native solutions. If you need third-party tools, conduct a proof of concept to compare your options. Tools like Dynatrace and some CloudOps or AIOps platforms are worth exploring, but remember they can complicate your ops down the line. It might be better to develop in-house DevOps practices first.
You should definitely check out Azure Arc! It allows you to align your AWS and on-premises resources with Azure, offering a consistent configuration and inventory management. Plus, you can export your existing configurations as ARM templates or Bicep files for easier redeployment.
Skip the tool-hopping nightmare and go for Orca Security! It delivers on autodiscovery, compliance mapping, and prioritized remediation steps without drowning you in alerts, plus it covers everything you need in your wishlist.
Logic Monitor might fit the bill for your requirements quite well. It's a solid option for cloud monitoring and governance.
Have you looked into CIS Hardened Images? They're pre-hardened VM images that comply with industry standards like PCI DSS and HIPAA. They even provide baseline reports that show your cloud configurations against CIS benchmarks, which can help in monitoring configuration drift.
CIS Hardened Images could be a game changer for security compliance!
That sounds really interesting! Thanks for the tip!