Challenges with resource management at scale
With the growing scale of AquaSec’s operations, they were facing challenges with visibility and ownership of resources, which ultimately has cost implications, across their entire cloud inventory.
As many different teams began owning different accounts and services while deploying different resources, getting a good understanding of who owns which resource, their version history, and even which are actually required, and those that are ghost and zombie resources that can be deleted, started to become a tangible pain. Aqua Security's team uses cost management tools, but they are specialized for specific domains such as cost per resource.
The Cloud Asset Management solution
Amit Liberman leads the SRE and SaaS Platform Infrastructure team at Aqua Security (aka AquaSec) that are responsible for managing the entire SaaS infrastructure and deployments for the engineering organization. It became apparent to Amit that in order to create greater alignment for managing their cloud inventory and resources, the first step would be to codify all of their existing and manually provisioned resources as code. This would provide them with governance they required, through GitOps and other policy enforcement practices, to ensure that teams were maintaining the required guidelines for configuration and deployment. If teams are deploying resources that don’t have the correct labels, or environment information (which is critical for compliance), then the team would not receive the necessary alerts.
This is where Firefly came in. Firefly’s Cloud Asset Management enabled the AquaSec team to transform all of their manually configured resources to IaC best practices, and have the visibility and governance in place to apply the relevant policies for each resource.
For Aqua Security, this effort and complexity was compounded by working in a multi-cloud environment where they develop on all the major clouds their offering supports––AWS, GCP and Azure. Having this level of control and governance across clouds is invaluable to the AquaSec team.
Once all the assets were codified, it became easy to identify cloud waste, and start taking it one step further to clean up their many SaaS applications cloud operations. A good example was with their DataDog SaaS app. It had synthetic checks running (that are a costly operation), which weren’t connected to any configuration. With Firefly they managed to quickly discover this waste and disable them. There were plenty of other examples where Firefly enabled greater efficiencies and easy cleanup and control of unnecessary resources that were running.
Everything as code as a game-changer
A lot of SRE discussions today center on challenges around cost and ownership. Yet visibility is key to effectively and efficiently manage your entire cloud inventory. Firefly provides this end-to-end visibility for all of AquaSec’s clouds as well as the cloud environments of their SaaS applications. Now AquaSec can manage SaaS app configurations as easily as other cloud infrastructure, ensuring change management and best practices across their cloud footprint.
t’s no longer possible to manage clouds manually due to compliance, policy and governance requirements today. With the complexity and scale AquaSec was experiencing, Firefly made it possible to transition all of their resources to as code rapidly, with additional visibility and actionability, that provided the level of control and cost efficiencies they needed.
About Aqua Security
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle.
Watch the interview