Clouds Watching Clouds

Posted on July 01, 2014

Cloud services built to audit other cloud services have recently been gaining momentum. Cloudability is a service that plugs into your existing Amazon Web Services (AWS) account and gives you recommendations on how to lower your AWS bills. monitors your AWS footprint looking for potential security weaknesses and anomalous behavior.

Several years ago we witnessed a first generation of cloud services like Rightscale and Cloudkick that augmented other cloud services by providing a better management interface. The need for such tools was reduced when cloud providers such as Amazon released more robust administrative portals.

As the number and complexity of cloud services has proliferated, we appear to be seeing a second generation of cloud-on-cloud services. As of this post, there are at least 29 distinct AWS services. Each service has its own metering, management and security model and APIs. Even services we imagine to be trivially simple, like file storage with Dropbox or, become complex when we dig into user access rules and externally shared documents. With this complexity comes the need to ensure compliance with organizational polices such as security, data retention, performance and cost management.

AWS Services

Cloud services that audit other cloud services can increase trust and enhance predictability for customers. This, in turn, helps businesses move more complex and business-critical workflows to the cloud. Providers that expose APIs enabling 3rd party audits can make a compelling case to customers that their services are more trustworthy than services that don’t provide such visibility.

A key enabler of this audit model is the availability of read-only API credentials that can be delegated to a 3rd party to enumerate configuration and logs without risk of service-impacting side effects. Amazon’s Identity and Access Management (IAM) is a good example of an API that enables such delegated access and I hope more cloud vendors adopt similar approaches.

I am also hopeful we’ll see more services that audit and provide intelligent recommendations for other services. There is inherent value in having an independent 3rd party attest to the correctness, security and efficiency of another service.

Have at it:
$ whois
Domain is available for purchase