CR360: A Single System of Intelligence for Cloud Governance
In episode 2 of CloudBrew, CoreStack's Chief Digital Officer, Sridhar C, shares the importance of having a unified view of all cloud resources.
All digital roads lead to and from the cloud. At CoreStack, that’s what our terabytes of data have revealed to us.
However, the challenge comes from multiple cloud resources. In terms of cloud governance among these resources, it’s critical to have a complete perspective—a 360-degree view. That’s why CoreStack introduced CR360™ (Cloud Resource 360), the single system of record and intelligence assigned to every cloud resource managed by the CoreStack NextGen Cloud Governance platform.
CR360 gives organizations a complete view of their cloud infrastructure, including assets that are not currently in use, and enables the CoreStack platform to provide continuous compliance, cost, and security posture as well as remediations and recommendations that optimize resources.
In Episode 2 of CloudBrew, CoreStack's NextGen Cloud Governance podcast, our Chief Digital Officer, Sridhar Chandrashekar, breaks down CR360 and the importance of having a single system of record and intelligence for all cloud infrastructure.
Building the inventory
How does the process begin? “As an example of how this is implemented, when a customer account is onboarded at CoreStack, we discover all the cloud resources that belong to particular accounts and bring that information into our database,” says Chandrashekar. “This step is what we call building the inventory. So, once you get all the data and it's inventoried, what happens next?”
360-degree view
As Chandrashekar explains, “Then, we go deeper to build a 360-degree view of each resource across multiple operational angles. We get the activity, monitoring, backup, patching, remediation and so on. As for the security angle—what are the threats, vulnerabilities, compliance, and daily and monthly cost angle?”
To get a holistic view of all cloud resources, key inquiries in the process include:
Who has visibility into this resource?
Are any security or policies violated? If so, which ones?
What’s the resource angle and which tags associated with it?
Are the resources locked for the wrong people and allowed for the right people?
What’s the relationship between resources?
Elevating cloud resources
“We can provide different products like FinOps, SecOps, CloudOps, and Well Architected Assessments,” explains Chandrashekar. “It's a single system for every cloud resource. CR360 eliminates the need for multiple, functional siloed tools, which we replace through a platform. Instead of having a smorgasbord of tools, CR360 enables future-proofing of implementing advances in technology associated with the resource, and at a faster pace. It also allows us to extend cloud governance into every facet of the cloud, as the need arises or the technology permits. Most importantly, CR360 allows us to holistically optimize cloud consciousness.”
Why is it so difficult to succeed with multiple products in cloud?
“Think about an enterprise that’s getting either FinOps, SecOps, CloudOps, or Well Architected Framework—or any such solution delivered as a single product by itself. Each product can provide cost or security or operations or assessments,” says Chandrashekar. “However, there’s no holistic, 360-degree view of all cloud risks from each of these tools. For a provider who has each of those tools, in order to get a 360-degree view of every cloud resource, it requires them to synchronize. They must stitch together all the data from different systems and try to produce a seamless, single pane of glass.”
According Chandrashekar, it’s not only painful to do this, but it’s also not efficient or accurate most of the time. This is because of the way in which each success captures the cloud resource information, and they all must be consolidated and normalized to get a holistic view.
Why is CR360 different?
“CoreStack’s platform supports all these products at the same time, since we leverage data from the exact same cloud resource—from different viewpoints,” reports Chandrashekar. “So that is cost, security, operations, assessments, policies, compliance, and so on. Other positive side effects of this include associating the cloud resource with workloads—the dependencies, hierarchies, and projects—so that we can provide customers with a complete view of each cloud resource from different angles.”
Also, CR360 is not limited to data from the hyperscalers. CoreStack can get data from third-party tools, such as monitoring and vulnerability, and make the cloud resource even richer, beyond what the hyperscalers offer themselves.
“That's why we built the platform with cloud resources at the center. It’s future-proofed, so when we offer the products of tomorrow—such as sustainability and GreenOps—the exact same cloud resource will be used.”