en_us

What is Cloud Asset Management (CAM)?

What is cloud asset management (CAM)?

Cloud Asset Management (CAM), as the name suggests, refers to the practice of tracking and managing any resource that can or does contribute to the delivery of cloud services. Examples of assets include: virtual or physical storage, virtual or physical servers, software licenses, and staff knowledge that may not yet be documented.

Cloud asset management is a nontechnical aspect of cloud service delivery that stems from traditional asset management and aligns with popular IT management frameworks, such as the ITIL service lifecycle. Asset management is an essential aspect of any effective business management plan, that aims at systematically understanding how assets are procured, maintained, upgraded, and disposed of cost-effectively. For native cloud companies, tracking cloud assets is a must, as many of the assets are non-tangible.

While the basic tenets of tracking assets can be done by spreadsheet, this approach is only helpful for the smaller companies, as it is error-prone and can quickly become cumbersome. At the enterprise level, with the sheer number of devices connected to their vast networks, using specialized asset tracking software is essential for managing asset life cycles. A variety of software are available for asset management.

  • Asset Performance Management Software — For tracking the performance and extending the life of fixed assets, sometimes delivered as part of a larger package, such as EAM or BI software.
  • Enterprise Asset Management (EAM) Software — For tracking physical assets in large scale cases, typically including performance and costing capabilities.
  • IT Asset Management (ITAM) Software — For documenting IT software and hardware inventory.
  • SaaS Operations Management Software — For tracking and managing SaaS products.
  • Software Asset Management (SAM) Software — For tracking software licenses.
Asset management in cloud environments

Asset management is highly adaptable for cloud environments. The major cloud providers also provide native frameworks and tools for their platforms.

Google’s Cloud Asset Inventory is designed to give real-time information, pulled from Google Cloud resources and policies, on the current state of your cloud assets throughout the organization. Integrated automation tools can then use this information, or snapshot, to monitor for any security or policy violations and take corrective action if directed. For further analysis, the asset inventory’s metadata history can be exported. Google also plays well with others, by integrating with other Security Information and Event Management (SIEM) tools organizations can create a unified, comprehensive view of all their resources throughout all environments.

AWS offers a similar set of tools, the AWS Systems Manager Inventory. The AWS SMI collects metadata from assets, and if connected can save it to an Amazon S3 bucket where analysis can reveal their state. AWS promotes this process as a one-click procedure. AWS is customizable, allowing the collection of custom parameters, as well as scheduling collecting items.

As well, and beyond simply creating an inventory, IBM offers their IBM Multicloud Management Platform (MCMP) Cost and Asset Management (CAM) that analyzes costing and performance, continuously informing leadership of wastage and cost savings opportunities, effectively answering, what does it cost to run the business, to provide IT services? What resources and how much are being consumed? Where are the best areas to make trade-offs, or shed unused services? And how can IT align more closely with future goals.

Benefits of cloud asset management

Asset management boils down to tracking and logging company assets, like counting inventory on shelves. But in the cloud, it’s made complicated by the number of physical as well as virtual assets that are being created and utilized in cloud configurations. To alleviate these pains cloud asset management software provides the following benefits.

  • Centralized Cloud Inventory — The primary benefit of tracking cloud assets is full visibility of all assets that deliver the cloud service. This allows for accurate life cycle management. For organizations with service level expectations, ensuring that critical service delivery assets don’t bring down the system is key to delivering service levels.
  • Cloud and Process Automations — Automations are essential to cloud computing, and so it makes sense to extend these properties into cloud asset management. In fact, automation is also what allows modern cloud inventory to be so efficient. With automations, new assets can be discovered as they are added, and asset costs can be tracked in real-time.
  • Security Assurance & Compliance — Inventory visibility is key to security assurance, however, cloud asset management software may need to be integrated alongside, or as a third-party integration. More than simply inventorying assets, software can ensure cloud compliance in and environment increasingly regulated and expanding.
  • Reduced Capital and Maintenance Costs — The combination of a centralized cloud inventory, automations, and a higher level insight into asset life cycle coupled with a preventative maintenance strategy helps organizations reduce their capital and maintenance costs.
Cloud asset management best practices

Luckily, asset management software for the cloud is effective. The following are asset management best practices that can further set organizations up for success.

  • Seek Operational Excellence — Operational excellence means developing a foundation of observability, automation, and scalability. This can mean setting up automation, monitoring, alerting, logging, cloud support, capacity and quota management, understanding peak traffic times, and promoting a culture of reliability.
  • Design System Reliability — Reliability is shared by everyone in the process of developing and delivering services. While no single best practice can fully address system reliability, understanding that reliability is not a goal to achieve but rather a state to maintain can shine light on how to proceed. Reliability does not need a costly 100% uptime, reliability is supported by rapid innovation and development, and reliability is usually a top feature.
  • Optimize Costs — Every aspect of the network, and cloud environment should be monitored and watched to determine how to optimize costs. By making costs visible, encouraging cost responsibilities in staff, enabling collaborative optimizations, harboring a culture that seeks innovation over blame, and focusing on business value, companies can optimize their costs with more control and insight.
  • Optimize Performance — Performance should be optimized through autoscaling and data processing, using GPUs and TPUs, and accurately identifying apps to be tuned up.
Cloud asset management software

Mentioned above are several types of asset management software, including EAM, ITAM, and SAM software for tracking assets. The features these packages provide for Cloud Asset Management Software can include:

  • Audit Management
  • Compliance Tracking
  • Configuration Management
  • Contract/License Management
  • Cost Tracking
  • Inventory Management
  • Maintenance Management
  • Procurement Management
  • Requisition Management
  • Supplier Management
Container orchestration platforms

Container orchestration platforms can be found for every major cloud provider. However, many of them are based on the popular open-source container orchestration software Kubernetes. The following are some of the most familiar names in container cloud services.

  • Amazon Elastic Container Service (Amazon ECS) — Amazon ECS is their home-grown version that runs and manages Docker containers. It's a fully managed service that integrates very well into the Amazon suite of services, while essentially offering consumers a serverless experience.
  • Amazon Elastic Kubernetes Service (Amazon EKS) — Amazon EKS is Amazon's Kubernetes solution, which is also a managed platform for Kubernetes in an AWS services subscription. This setup allows for hybrid and multicloud environments, whereas ECS does not.
  • Kubernetes — The de facto container orchestration software, and it’s open-source.
  • Mirantis Kubernetes Engine (formerly Docker Enterprise) — Docker enterprise is a set of advanced enterprise development features that work with Docker and Kubernetes to provide a shared platform across dev and ops in the context of deploying to containers. For developers and enterprises, this is the industry-leading DevOps platform for building and running modern containerized applications.
  • Google Kubernetes Engine (GKE) — Google promotes their powerful cloud technology running a Kubernetes engine.
  • Red Hat OpenShift Container Platform — An open-source, out-of-the-box container orchestration solution for Linux.
  • Azure Kubernetes Service (AKS) — Popular Kubernetes container orchestration on the Azure platform.
Kubernetes vs. Docker container orchestration

Kubernetes is open-source, and largely considered the gold standard for container orchestration, though, as stated above, and because it is highly portable, there are many vendors to choose from that can accommodate it. Kubernetes is highly flexible and used in the delivery of complex applications. Docker container orchestration, or Docker Swarm, is Docker’s flavor of orchestration software that is included with Docker. Both are solid and effective solutions for massively scaling deployments, as well as implementation and management.

  • Kubernetes focus on high demand use cases with complex configurations,
  • ocker Swarm prompts ease of use and simple and quick deployed use cases

    The following table highlights several comparisons between the two.

    Docker Swarm

    Kubernetes

    App Definition & Deployment

    Desired state definition in YAML file

    Desired State definition

    Autoscaling

    No autoscaling possible

    Cluster autoscaling, horizontal pod autoscaling

    Availability

    Service replication at Swarm Node level

    Stacked Control Plane node with load balancing either inside or outside the cluster

    Cloud Support

    Azure

    AWS, Azure, Google

    Graphic User Interface (Gui)

    GUI not available; must use 3rd party tools

    GUI is available; web interface

    Load Balancing

    No auto load balancing, but port exposure for external load balance services

    Horizontal scaling & load balancing

    Networking

    Multi-layered overlay network with peer-to-peer distribution among hosts

    Flat peer-to-peer connections between pods and nodes

    Storage Volume Sharing

    Shares storage with other containers

    Shares storage within the same Pod

    Updates & Rollbacks

    Rolling updates and service health monitoring

    Automated rollouts & rollbacks

Cloud security best practices

Companies securing their part of cloud operations need to consider four areas of concern, how the cloud security approach is designed, how security will be implemented and governed, how to protect the property and data, and how to respond when attacks are successful.

  • Cloud Security EngineeringCloud security engineering attempts to design and develop systems that protect the reliability, integrity, usability, and safety of cloud data, and protect users legitimately accessing those systems. In this pursuit, engineers deploy layered security, protection against availability attacks (e.g. DDoS, ping of death, etc.), least privilege security principles, separation of duties, and security automation.
  • Security Governance — Technology is not enough to prevent attacks, or secure data, which affect security governance is a company culture must. Practices to consider are: developing company-wide security policies, documenting security procedures, performing routine assessments and audits, developing account management policies, leveraging industry standards, using platform-specific security standards, assigning roles and responsibilities, keeping software tools up to date, and classifying data.
  • Vulnerability Management — More than ever, vulnerability testing and management are necessary. The cloud has stretched the threat surface, so that extensive testing methods need to be explored, including black-box, gray-box, and white-box testing. A constant vulnerability scanning must be diligently adhered to, which reveals weaknesses in configurations, or application design. Many of these tasks can be automated.
  • Incident Response — Incident response covers when a cybersecurity incident occurs. The event happens, the damage is done, and now the company must mitigate the damage and respond and fix the issue. Contrary to the name, incident response is best prepared beforehand through contingencies and self-healing systems. These contingencies need to respond to different incident types, internal vs external, whether it is a data breach, criminal act, denial of service, or malware attempt.
en