Guardrails for Cloud & Container Governance

Automate Governance of Your Cloud and Container Infrastructure

Take control with a single pane of glass and quickly improve cloud governance by automating your resource tagging strategy and cost control policies.

See 10 Example Policies

Guardrails for Cloud & Container Compliance

Automate Governance of Your Cloud and Container Infrastructure

Take control with a single pane of glass and quickly improve cloud governance by automating your resource tagging strategy and cost control policies.

See 10 Example Policies

Improve governance with automation across clouds and containers

Amazon

Microsoft

Google

Alibaba

Kubernetes

Improve governance with automation across clouds and containers

Amazon

Microsoft

Google

Alibaba

Kubernetes

DivvyCloud Helps You Solve Key Governance Challenges

Asset Inventory / Visibility (Single Pane Of Glass)

Global Tagging Strategy

Unified Control Plane

165 out-of-the-box policies that quickly improve governance: See 10 example policies

Stay Compliant with Standards and Regulations

Asset Inventory / Visibility (Single Pane Of Glass)

Global Tagging Strategy

Unified Control Plane

165 out-of-the-box policies that quickly improve governance: See 10 example policies

Take control – gain visibility, control cost, and enforce tagging!

Install DivvyCloud today to quickly improve governance of cloud and container infrastructure

Customers Love and Trust DivvyCloud

“DivvyCloud is a way to deploy policy, minimize blast radius and give developers the freedom to operate within the guide rails of safety.”

Thomas Martin

Head of Application Modernization, GE Digital

Improve Governance Quickly: 10 Examples of Our 165 Out-of-the-Box Policies

Resource Tagging

A resource tagging policy is critical to effective cloud administration. While you will likely leverage tags for more than just for ‘Name’, ‘Environment’ and ‘Owner’ keys, they should be considered a bare minimum tagging strategy before attempting to scale. Moreover, an effective tagging policy can be used to stack with other insights, adding context to other insights and bot actions. This insight accepts parameters, including a list, ‘tag_keys’, and the boolean parameter ‘match_all’. For ‘tag_keys’, the default option mandates that ‘Name’, ‘Owner’, and ‘Environment’ are present, but if you have other tags defined, this insight is appropriate for identifying instances missing those tags. Automation can then be added to enforce tagging based on this policy. Maps to Standards:

  • SOC 2: CC6.2
  • FedRAMP CCM 3.0.1: DSI-01, IVS-08
Network Interface Orphaned

Identify network interfaces that are not in use. Network interfaces may be attached to an instance, detached, and then attached to another one. If you need to utilize a network interface, it is helpful to know which ones are available. Orphaned network interfaces also count against soft quotas for many cloud providers, so judicious maintenance of your network interfaces is advised and can be automated with DivvyCloud Bots.

Access List Orphaned

Find security groups that do not belong to any cloud resources. This is problematic because it increases the likelihood of human error in security group selection when launching new resources, and could lead to resources being attached to security policies that were not intended, which may either compromise security or result in denial of intended service.

Internet Gateway Orphaned

Find Internet Gateways that are not in use.  Internet Gateways provide a point of communication between instances within a VPC and the Internet generally. There are usually a limited number of gateways that can be associated with a given VPN, so you want to make sure the ones you have are in use. You also want to prevent potential human error when setting up new instances to make sure they point to correct gateways.

Volume Orphaned

Identify volumes that are not attached to instances.  This can be used to identify volumes that may be candidates for deletion.  When paired with a tagging strategy that includes the owner, a DivvyCloud Bot can be configured to stop, snapshot and delete the volume after alerting the owner and providing them time to confirm if the volume is still in use and ask for an exemption.

Services Exceeding Cost Allowance

Identify services whose current spend exceed a configurable threshold parameter.  This is of particular use for new or novel cloud services that an organization may not want developers to use, or to use judiciously.

Databases Without Connections

Identify databases with zero connections over a user-defined period of days.  The time in days period can be adjusted when configuring the policy if none is defined the default of 14 days will be used.   This is a particularly useful policy to use in governing development or sandbox environments where it is easy for database instances to be created and abandoned but not stopped or deleted.  Automation can be used to enforce a limit on max cores allowed in certain cloud accounts or subscriptions.

Max Cores

Identify instances exceeding a defined number of CPU cores that you define.  This is a particularly useful policy to use in governing development or sandbox environments where it is easy for compute instances to be overprovisioned and create substantial spending waste. Automation can be used in combination with this policy to enforce a limit on.

Resource High Cost

By default, this instance will be triggered when it detects instances costing more than $1,000 per month. Typically, these types of expensive instances are used for more temporary workloads, and often represent an instance that someone forgot to terminate after use. This insight does accept a configuration parameter of ‘maximum_monthly_cost’, in whole dollars, so you can act on more or less expensive instances if you desire. Paired with an effective tagging strategy, this insight can be used to exclude appropriate instances, such as those tagged with the “Production” value for “Environment”. This will ensure that production or mission-critical instances are not terminated, while perhaps “Development” or “QA” instances may be subject to termination by bot activity.

Services Costing More than Last Month

Identify cloud services where the projected cost for the current month will exceed the last month.  

 

Tagging Strategies:

Importance and Utility of Tagging Cloud Resources