From Insight to Action, CloudHealth Delivers New Capabilities in Security and Automation, Along With New Integration

From Insight to Action, CloudHealth Delivers New Capabilities in Security and Automation, Along With New Integration

Rachel Dines
Sr. Director of Product Marketing
Aug. 10, 2016
4 minute read

The content in this blog is outdated and we cannot reliably say it is still accurate with the speed in which the cloud industry moves. But don’t worry—below are more recent, up-to-date blogs.

AWS Rightsizing For Cost Optimization

The 5 Best Ways To Reduce AWS Instance Cost

The Ultimate Guide To Amazon EC2 Reserved Instances


Today is a big day for us at CloudHealth Technologies. When your engineering team updates your platform on an almost daily basis, every day is a release day. But today is special because we are announcing major enhancements to the CloudHealth platform that take cloud service management to a new level. With new functionality across security policies, automation, and partner integrations, here is what we’re enabling customers to do.


Automate security best practice policies

We all know that security starts with people. No matter how secure you make your environment, a malicious insider can do more damage than any external hacker. Gartner estimates that by 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities. Which means that proper identity and access management is hugely important when it comes to ensuring cloud security. This is why we are pleased to announce that the CloudHealth platform now has the ability to automatically run policies to help enforce compliance with IAM best practices, and can alert you before issues arise. Specifically, CloudHealth’s Security Policies for AWS -- which are included in the policy engine -- let you run policies that will take action based on conditions, for example:

  • When any Amazon Accounts have Root Account API Access
  • When any Amazon Accounts have Root Account MFA Disabled
  • When any Amazon Users have MFA Disabled
  • When any Amazon Users have No assigned IAM Group
  • When an IAM Server Certificate will expire in less than 30 days
  • And many more!

All of these alerts are configurable, so you can set the severity level, determine what actions are taken when the event occurs, and most importantly, can treat each business unit and group differently depending on their unique security requirements.

Learn more about CloudHealth’s Security Policies for AWS in our solution brief.

CloudHealth security policies for AWS

CloudHealth security violation report

Automate all the things!

Our automation capabilities actually extend far beyond security checks. Policies and actions permeate the entire CloudHealth platform, and now we are taking automation capabilities to the next level, with Automated Actions. This feature gives customers the ability to automate their cloud operations, giving DevOps teams the ability to spend less time on repetitive tasks and and more time on development! By integrating with Lambda functions, the possibilities of what can be automated in the platform are virtually endless. Here are just a few out-of-the-box automated tasks that our beta customers have been taking advantage of:

  • Lights on, lights off: This simple policy can save a massive amount of time and money for customers. Did you know, that by defining a policy that automatically turns off non-production resources at night and on the weekends, you can reduce instance hours up to 592 hours per instance per month? Of course, you can set a “snooze” override for nights and weekends when engineers are working off-hours. What if you could completely automate that without scripting? Pretty cool.
  • Reserved Instance (RI) modifications: Nothing is constant except change...especially in the cloud. So if you bought RIs for certain instance types in specific regions, chances are that your usage patterns have changed. You may not be using 100% of the RI hours you bought. No need to worry, just define a policy in CloudHealth to automatically modify your RI anytime the platform detects an opportunity for cost savings.
  • Identify and terminate zombie instances: Zombie assets are infrastructure components that are running in your cloud environment but aren’t in use. Zombies are more common than you might think, given how easy it is to spin up infrastructure and then forget about it. You can define a policy that hunts down zombie infrastructure and automatically terminates it, or sends it through an approval workflow before termination.

Example of a Lights on, Lights off policy in the CloudHealth platform

Rightsize your assets with analytics from New Relic

After working with hundreds of the largest AWS users, we’ve noticed a pattern: approximately 20-40% of our typical customers’ infrastructure is actually underutilized. Meaning apps are running on oversized EC2 instances, or data is stored on oversized EBS volumes. This often happens by accident -- a developer spins up a new workload, and without knowing in advance what the performance needs will be, they choose a larger instance type than needed.

Best practice would be to revisit the instance type later and resize if needed -- but let’s be honest, this rarely happens. What if you had a tool that could find these underutilized resources and make suggestions? The CloudHealth and New Relic integration makes this happen! Together, New Relic and CloudHealth help you make data-driven decisions to rightsize your cloud infrastructure. When you integrate the  two, you get granular performance data and analysis as well as end-to-end visibility across every dimension of your cloud environment, making  it easy to provision and optimize resources.

CloudHealth Rightsizing data with New Relic

New Relic performance data in CloudHealth

Rightsizing of EC2 instances with New Relic data

That’s all for now, but stay tuned: we will also be posting a few new videos from our experts in these three areas! In the meantime, if you want to try out any of these new capabilities, get in touch.