Here's the second episode of CoreStack's NextGen Cloud Governance podcast – CloudBrew. In this episode, CoreStack's Chief Digital Officer, Sridhar Chandrashekar, will dive into a discussion on the importance of having a single system of record for all cloud resources.
Discover how our NextGen Cloud Governance platform brings together FinOps, SecOps, and CloudOps solutions so you can Cloud with Confidence.
[0:21] We believe that all groups digital lead to and from the cloud. It is basically the centre of gravity for all things digital …
[0:48] Let me use CoreStack as an example of how this is implemented. When a customer account is onboarded, we go about discovering all the cloud resources that belong to …
[1:09] So then, once you get all the data and it's inventoried, what happens next? …
[2:41] What are the advantages of CR360 to a customer? …
[3:31] I presume, you probably seeing a lot of different implementations of this, what makes one particular platform standards above the others and its implementations with CR360 …
[5:07] CR360 is not limited to data from the hyperscalers …
[6:01] A single system of record is not a new concept, for example …
[8:22] Why is this becoming so important right now? So, digital transformation is happening across all enterprises …
[9:23] So I think, you know, this is really interesting – we've three key takeaways so far …
Listen to Full Episode
Chris: Hey, Sri! Welcome to this episode of Cloud Brew. This is going to be a really exciting topic. CR 360 or otherwise known as Cloud Resource 360. Before we kick things off stream, maybe you can explain it a little bit to us.
Sridhar: Absolutely, Chris, we believe with all routes digital lead to and from the cloud, it is basically the center of gravity for all things digital. But at the center of all this is indeed a cloud resource, actually multiple cloud resources. Kernel of cloud governance is the cloud resource. As such it is super important you have a complete perspective of everything and anything associated with that cloud resource or what we would like to call 360 degree perspective. Hence the term CR 360. Let me use CoreStack. As an example of how this is implemented, when a customer account is onboarded, we go about discovering all the cloud resources that belong to particular customer account and bring about that information into our database. This step is what we call building the inventory of all such cloud resources.
Chris: Got it! OK. So then once you get all the data and it's inventoried, what happens next?
Sridhar: So that's a simple, right! Once we on board all the cloud resources into our database. We go deeper to build a 360-degree view of each of such resource across multiple different angles, operations angle, where we get the activity, the monitoring, the backup, the patching, the remediation and so on. The security angle, what are the threats, what are the vulnerabilities, the compliance, the cost angle, what's the daily cost, monthly cost? If there are any discounts, how do we optimize that cloud resource? What is the unit rate? Are there any reservations that can be made all of that, then the access angle which is? What is utilization? Who has visibility into this resource, or any security or policies violated already? If so, which ones are those? And then finally the resource angle, which is what are the tags associated with the resource? Are the resources locked for the right people and allowed for the right other people? What are the relationship between resources and so on. So, we call this Oscar – operations, security, cost, access and resource. This gives a holistic view of all the cloud resources. From cost compliance, security policy, operations assessments and so on. Meaning we can provide different products like FinOps, SecOps, CloudOps, Well-Architected Assessments and so on with these cloud resources.
Chris: Got it. OK. So, it's a single source of record for every cloud resource?
Chris: So, I guess I would go like why do you see this so important and what are the advantages of CR 360 to a customer?
Sridhar: That's an excellent question. Chris, CR360 eliminates the need for multiple functional silo tools, which we replace through a platform. Instead of having a smorgasbord of tools, CR 360 enables future proofing of implementing advances in technology associated with the resource and at a faster pace. It also allows us to extend cloud governance into every facet of the cloud as the need arises or the technology permits. Most importantly, the cloud resource 360 allows us to holistically optimize. Cloud conscious of the cloud resource interdependencies, for example, as I said earlier Finop, Secops, CloudOps and soon GreenOps versus in isolation and having suboptimal overall impact using silo tools.
Chris: OK. And I presume you've probably seen a lot of different implementations of this. What makes one particular platform stand out above the others and its implementation of CR 360?
Sridhar: So, think about enterprise who is getting. Either FinOps or SecOps or CloudOps or well architected framework or any such product delivered as a single product all by itself. Each such product can provide cost or security or operations or assessments very well. I'm sure. However, there is no holistic 360-degree view of all of the cloud risks from each of such tools. For such a provider who provides each of those tools to give you a 360-degree view of every cloud resource it requires them to synchronize stitch together all the data from different systems and try to bring about a seamless single pane of glass. It's not only painful to do but also not efficient or accurate most of the time, primarily because of the way in which each success captures the cloud resource information and they all have to be consolidated and normalized to get a holistic view. On the other hand, course tax platform supports all these products at the same time since all these products leverage the data from the exact same cloud resource. From different viewpoints, though. So that is cost, security, operations, assessments, policies, compliance and so on. So, the other positive side effect of this is that we also get to associate the cloud resource with workloads, the dependencies, the hierarchies, the projects so that we can provide customers with a complete view of each cloud resource from different angles. Guess what, on top of all this, CR 360 is not limited to data from the hyperscalers today, we can actually get the data from other third-party tools such as monitoring vulnerability and so on and bring it in and make the cloud resource even richer more than what the hyper scaler offers themselves. So that's why we built it, built the platform in such a cloud resource at the center of it and its future proofed in the sense that when we offer other products tomorrow, we are working on a new product called green cloud or sustainability related value that we can provide to our customers. The exact same cloud resource will be used to provide views into sustainability that we don't do today, but we will soon.
Chris: I'm actually looking forward to talking about the green cloud and GreenOps in future episodes. I'm starting to hear that come up quite a bit. But as far as this, do you have any like a good example of such a single system of record that's used somewhere else?
Sridhar: A single system of record is not a new concept. For example, when I worked at ServiceNow earlier, we did the exact same thing. We built a CMDB or a configuration management database that provided different views and purposes for each record in the system, whether it was for ITSM, ITOM, HRM, or any such product that ServiceNow offered, which was a big differentiator against the competitors. Because competitors could not provide a holistic view of a single resource across all these different products, they had to stitch the data together and normalize the data. So ServiceNow later called this a single system of engagement because it was more than a single system of record. So, there are other companies that have provided this as well. So, the important thing is the single system of record that provides abuse into different aspects, whether it's cost compliance, security policy assessments and so on, without having to build different databases if you will and siloed tools if you will. So, there you have it.
Chris: I think that makes a lot of sense and we keep coming back to this whole vicious circle, if you will. Well, we're not doing something new to the cloud here. This is not new just for the cloud. These are reiterations of things we've done in our past lives. We've seen this in a number of topics we've been talking about here at cloud Group and many more. Let's dive in a little deeper into like what types of information should go into that CR 360 system.
Sridhar: Actually, anything and everything associated with the cloud resource should be captured, whether it is from a hyper scaler or from a third-party tool, so that you get different views into the same cloud resource. And we can analyze that information, provide visibility through a single pane of glass, provide analysis, recommendations, remediations and insights to our customers for whatever it is, whether it's cost or whether it's compliance. As I mentioned, security operations, policy and so on. The beauty of such a platform is that it continuously evolves and adapts as each of the hyperscalers add newer and newer capabilities to their respective clouds. For example, AWS or Azure or GCP or OCI did not provide sustainability related APIs 2 years ago. Now they have started providing that one by one. So, we can take advantage of that with the same exact cloud resource. How is it more green than it was before. How is it adding value to the customer by being more responsible in the way they go about doing things. So that's what it is.
Chris: You know, why is this becoming so important right now?
Sridhar: Digital transformation is happening across all enterprise, right, whether it's small, medium or large. And pretty much as I mentioned earlier, every one of them is trying to do something to their workloads by taking it to the cloud and making it more efficient, secure, compliant. And ideally cost effective. So, and most of these hyperscalers, enterprises who use data from hyperscalers don't use just one, most of them have multiple hyperscalers as well. So, this typically makes it even harder as migrating workloads to the cloud itself is a bigger challenge. And once you migrate, how do you make it run securely with compliance in a cost-effective manner and so on. So, what a company like CoreStack does is to help such enterprise customers directly or through our partner ecosystem to go through that journey with confidence that CoreStack is providing a complete and holistic view of their hyper scalar cloud usage with CR 360.
Chris: And confidence has been another recurring theme here in our conversations at CloudBrew. So, I think you know this is really interesting. We have three you know key takeaways so far that I've
picked up on CR 360 improves the visibility of your cloud resources that enables companies and enterprises to make. Better, more informed decisions, yes. And whenever you get CR360A view of this across all the cloud accounts because we know that everybody's using more than one, we see it all the time It's getting more complex versus less. You know, you get this along with the business context and you avoid the shadow IT to a great extent. And then the third one if I go in there is that if it can be done by cobbling together multiple technologies, it has to be done purposely and deliberately.
Sridhar: And it's very hard to do that. The third point, if you cobble together multiple technologies, it's somewhat painful if you will and there has not been very successful attempts of that,
Chris: Right! And that's why they some of these implementations are more and more important and you know this is this is fascinating. It truly is. You know, companies are really missing out when they don't have this view. It amazes me when I personally go talk to customers and they haven't taken this into perspective and then you open up their eyes and that they're wide open at that point to the things you're able to show them. But I want to hear a little bit in in your mind. Like if there's one thing, we didn't talk about a lot right now was a justification for people to do something right now to get up right after this and say, OK, I need to be concerned with this 360-degree view. I bet you could even give us a quick example of that.
Sridhar: I could absolutely. But let me start by saying that that is a subject for another episode. And I would love to bring on one of our customers or partners who has gone through this journey with us and let them also tell you exactly what they have done, and you can hear it in their own words as well instead of just me telling you about it. So, it's very much a part of the next episode and you will even hear from them, most of them at least, that it they have saved about 3X or more, working with CoreStack and have done it securely and in compliance with their policies and guidelines that they have set up themselves. So, we'll go through all the math. As I said, it should be in the next episode with another person with us. It'll be fun.
Chris: Fair enough. And I would agree. I definitely want to hear why. How you know, we can explain to others that you know they're going to see a 3X gain right when you first get it started. And there's and I do agree, you're right. Again, it goes back to their eyes become wide open to where they thought they were open before. It's a whole different perspective. Well, that concludes our time for today. I do appreciate all your time, Sri, and look forward to doing that follow on episode. That sounds like a really fun one. Thank you again for your time
Sridhar: Chris, I'm looking forward to it. Thank you for taking time to meet with me. I appreciate the opportunity.