cloudtamer.io is a unique all-in-one solution for your cloud governance needs. Our software helps you to manage your cloud accounts, enforce your budgets to prevent cost overruns, and automate compliance, helping align your organization with best practices and standards such as HIPAA or NIST. We work across multiple accounts and cloud service providers for enhanced visibility and control in one intuitive interface.
FAQs
Overview
If you want to simplify cloud account management, prevent blown budgets, and ensure your cloud complies with established security standards, then you need cloud governance. You could spend hundreds or even thousands of hours establishing and tracking these activities manually. A cloud governance solution helps you reduce cost and risk by automating these ongoing tasks.
cloudtamer.io minimizes labor costs associated with manual cloud governance and the potential costs of zero governance. Based on customer experience, we've typically seen 1-2 full-time personnel needed to perform each of the following activities manually: building and managing user and group structures, monitoring accounts, and managing and enforcing policies. cloudtamer.io does all of this for you, and much more. In addition, if you neglect governance, there can be massive costs associated with budget overruns and policy/compliance violations.
cloudtamer.io supports Amazon Web Services (AWS) and Azure, including AWS GovCloud, AWS air-gapped partitions, and Azure Government. Support for the Google Cloud Platform (GCP) is planned for late 2020. If you'd like to be notified when cloudtamer.io supports GCP, please contact us.
No. cloudtamer.io is not a SaaS product. Our application and back-end database are installed in your environment, specifically in one of your AWS or Azure accounts, so your account info remains private and you have full control. We took this approach because we value your privacy and understand that many organizations do not want to share their cloud data with third parties.
What Sets Our Software Apart
cloudtamer.io provides native access to the cloud service provider (CSP) consoles and APIs. This means that once you log into cloudtamer.io, you can manage your cloud accounts directly within AWS/Azure. With a cloud broker, you access the CSP from their interface, so you must wait for the cloud broker to support any new AWS/Azure features and APIs before they're available to you. With cloudtamer.io, you get new features right away, all within a familiar interface. cloudtamer.io also includes additional features to help you plan, track, and control cloud access, manage cost, and enforce continuous compliance.
Cloud reporting tools help you analyze and visualize your cost and usage data with reports. cloudtamer.io provides this type of cost-based reporting as well, but we also offer additional tools, such as budget enforcement and management to help you plan, track, and control cloud access based on current spending. We also offer tools beyond your financial needs, such as continuous compliance enforcement and remediation.
Conceptually, both cloudtamer.io and AWS Organizations provide mechanisms to manage a set of AWS accounts hierarchically. Here are the substantive differences in capabilities between the two offerings:
- cloudtamer.io supports both AWS and Azure, so if you use both, you can manage both within our software. AWS Organizations does not allow you to manage Azure accounts.
- cloudtamer.io supports multiple payer accounts. AWS Organizations supports only one payer account. This means companies or resellers that have multiple groups paying AWS monthly invoices can't use AWS Organizations to get a single view of their cloud presence.
- cloudtamer.io supports hierarchical applications of cloud rules (a combination of AWS IAM policies, Azure role definitions, CloudFormation templates [CFTs], ARM templates, and additional scripts and executables). AWS Organizations does not have workflows that allow users to request changes to their account policies.
- cloudtamer.io supports approved exceptions to cloud rules. AWS Organizations' SCPs have limited overrides.
- cloudtamer.io includes granular budget enforcement actions. AWS Organizations only aggregates costs.
- cloudtamer.io includes multi-cloud compliance checks, a compliance dashboard, and automatic compliance remediation, which AWS Organizations does not. AWS does provide Security Hub and Config, but it requires custom code and is not multi-cloud.
- cloudtamer.io provides continuous cost estimates. AWS Organizations provides cost estimates every 12 hours, and the data in these reports may be up to 24 hours old.
- cloudtamer.io supports an unlimited depth of Organization Units in a hierarchy. AWS Organizations only support a depth of five Organization Units.
AWS Control Tower is a tool for setting up and managing multi-account AWS environments. It comes with 40 mandatory, strongly-recommended, and elective service control policies (SCPs) that you can enforce in your AWS environments. cloudtamer.io offers Control Tower integration within our software, which allows you to take advantage of everything Control Tower has to offer, with the added benefits of cloudtamer.io's features, including:
- cloudtamer.io supports both AWS and Azure, so if you use both, you can manage both within our software.
- cloudtamer.io supports hierarchical applications of cloud rules (a combination of AWS IAM policies, CloudFormation templates [CFTs], and additional scripts and executables), as opposed to SCPs, which are limited in features compared to IAM policies and role definitions. Control Tower does not have workflows that allow users to request changes to their account policies.
- cloudtamer.io supports approved exceptions to cloud rules, which SCPs do not.
- cloudtamer.io includes budget enforcement features.
- cloudtamer.io includes compliance checks and automatic compliance remediation.
License & Pricing
cloudtamer.io licensing has two parts: 1) an annual base subscription fee, and 2) a percentage of the cloud service provider (CSP) usage that cloudtamer.io manages, purchased as "usage units." Usage units allow you to buy licenses based on your anticipated cloud spend. CSP usage units do not expire provided you maintain an active subscription where the CSP usage unit is applied. You can have an unlimited number of cloudtamer.io user accounts and CSP accounts.
No. You can have an unlimited number of cloudtamer.io user accounts and cloud service provider accounts or subscriptions, including accounts across CSPs.
Please contact us for a quote or to discuss enterprise licensing options.
cloudtamer.io is designed as a cloud-native application that can scale based on your requirements. The cost to run cloudtamer.io in your account can vary depending on your organization's performance and security requirements, as well as the number of cloud accounts and the amount of spend data. The average monthly cloud service provider cost to run cloudtamer.io starts as low as $300. Contact us for a more detailed estimate based on your organization's requirements.
Yes. cloudtamer.io is in the AWS Marketplace and the Azure Marketplace.
Technical
cloudtamer.io is a collection of microservices that are deployed in your CSP account; it is not a SaaS offering. cloudtamer.io runs on a load-balanced series of instances with an RDS Aurora back end for AWS and an Azure Database for MySQL back end for Azure. We leverage a variety of cloud-native services for the database and the application. In AWS, we use CloudFormation templates to deploy the software. In Azure, we use Azure Resource Manager (ARM) templates.
Nope! cloudtamer.io is architected to install once and use everywhere. From one installation of cloudtamer.io in a customer-owned/managed AWS account or Azure subscription, you can easily manage and control costs, security, identity, and access across AWS Commercial, AWS GovCloud (IL4 and IL5), and Microsoft Azure EA, CSP, MCA (coming soon!) within the commercial regions as well as the Microsoft Azure for Government (MAG) region.
Yes. cloudtamer.io can manage AWS GovCloud (U.S.) accounts and Azure Government (U.S.) accounts.
Absolutely! As cloudtamer.io is a cloud-native solution hosted within your environment, the installation uses services readily available in the AWS C2S and S-C2S regions to give you and your users the same cloudtamer.io experience - from soup to nuts. Our customers who span these regions as well as AWS Commercial and GovCloud (IL4 and IL5) love the "train once, use everywhere" approach that cloudtamer.io takes with identical functionality available in the air-gapped regions.
Soon! cloudtamer.io is in active development to operate on the Azure Secret region and will be launching this functionality in 2021. Contact us to be notified at launch!
cloudtamer.io can be configured to authenticate to active directory (AD) by adding an identity provider to the cloudtamer.io system. You must provide some basic information (such as the service account that can be used to query the AD LDAP database for users and groups) to pre-populate the cloudtamer.io system.
Yes. cloudtamer.io supports both Azure CSP and Azure EA.
cloudtamer.io can be configured to authenticate using an Integrated Database Management System (IDMS) by adding an identity provider to the cloudtamer.io system. This can include an internal IDMS, an Active Directory/LDAP, or a SAML IDMS. For SAML IDMS, cloudtamer.io is the service provider that would use your identity provider (such as Google, Azure AD, Okta, OneLogin, PingFederate, and others) to authenticate login credentials.
Via APIs and webhooks, cloudtamer.io can be extended to integrate with other services and applications within your environment. Using SAML IDMS, it can use your identity provider (such as Google, Azure AD, Okta, OneLogin, PingFederate, etc.) to authenticate login credentials. Additionally, we integrate with AWS Control Tower, a free AWS service. Integrations with Tenable and AWS Security Hub are coming soon.
Yes. cloudtamer.io currently integrates with the following multi-factor authentication (MFA) solutions: Google Authenticator, YubiKey tokens, and PKI-based smart cards. Additional MFA support can be added through a professional services engagement.
No, cloudtamer.io does not depend on AWS Organizations for its account management, budget enforcement, and continuous compliance features. In commercial AWS regions, cloudtamer.io can leverage the AWS Organizations service to create AWS accounts programmatically. In isolated regions and other environments where access to AWS Organizations is not available, cloudtamer.io still provides customers the ability to cache pre-created accounts that can be used when required.
cloudtamer.io offers a comprehensive compliance solution using a variety of tools. We help you prevent compliance violations with our cloud rules, which set proactive, organizationally defined boundaries in the cloud (including a vast collection of no-coding-required plug-and-play cloud rules). Then we allow you to create automated, reactive compliance checks for near real-time views of policy violations. Finally, we offer detailed reporting via a compliance dashboard and automatic compliance remediation to fix issues without manual intervention.
Compliance with regulations like HIPAA, FedRAMP, and PCI require collaborative efforts between your CSP, your cloud governance software, and your organization. We make this process easier by offering a solution to help you align with your security goals, including documentation to show which security controls are met by your CSP, cloudtamer.io, or your organization.
cloudtamer.io gathers billing data on fixed intervals from cloud provider-generated billing reports. Because the data contained within these reports may be up to 24 hours old, we also calculate the current costs for selected services in near real-time. This allows customers to have a more accurate view of their current cloud spending and enables cloudtamer.io to take action when spending exceeds the thresholds defined on each project.
cloudtamer.io runs on a load-balanced series of EC2 instances. The AWS services required to install cloudtamer.io are:
- EC2
- S3
- IAM
- KMS
- VPC
- RDS (Aurora MySQL)
- CloudFormation
- CloudWatch
- Billing (Monthly Reports and Cost and Usage Reports)
cloudtamer.io is a collection of microservices that run in a cluster on Azure. The Azure services required to install cloudtamer.io are:
- 2-3 Virtual Machines, each in a separate availability zone
- Azure Database for MySQL
- Application Gateway
- Load Balancer
- Storage Accounts
- Virtual Network (VNET, Public/ Private IPs, etc.)
- Key Vault (optional; for storing SSL certificate and other secrets)
Refer to the Microsoft documentation for more information on each of these services.
Support
Basic email support (2-business-day response time), software updates, and access to our support portal and community forums are provided during the license term.
Premium Support can be purchased on an annual basis and provides you with phone support (4-hour response time from 9 AM to 4 PM, Monday through Friday, except for U.S. federal holidays) and an assigned Technical Account Manager to assist with answering questions and troubleshooting issues. Premium Support contracts are purchased on an annual basis based on the total license amount purchased.
We have onboarding packages available as a fixed-price service to assist with your installation and setup of cloudtamer.io. In addition, we offer professional services to help with design, implementation, configuration, testing, training, troubleshooting, and support of cloudtamer.io. Review our license agreement.
Help documentation is available from directly within the cloudtamer.io application. In addition, customers who have purchased a license can access our support center to submit a question and search our knowledge base.
Let's talk! Drop us a line on our Contact form. We'd love to hear from you.