Let’s face it, keeping on top of it assets is a pain. The standard way of static reporting seems to be a team and a spreadsheet, or maybe Power BI, or customised reports written in Shiny. This misses the point. IT Asset Management, compliance reporting, and threat modelling all require some automated way of creating and continuously updating their models. When you add multi-cloud to the mix it gets even more complicated.
I’ve seen different approaches to this. One way is to define infrastructure in code, Terraform for example. Another is to build a central asset management database (we sell Axonius for this purpose), and/or connect your threat modelling platform (we sell Threatmodeler) to the various cloud services. In any case, the risks tend to come from the newly implemented instances on whatever cloud platform so dynamic updates are the only way to go.
According to this report from Dynatrace that’s not what’s happening at the moment…:
[…] “To build a complete picture, teams are forced to manually extract insights from each solution and then piece these together with data from other dashboards. Organizations must find a way to help these teams reduce the time they spend on manual tasks and refocus on strategic work that delivers new, high-quality services for customers.”