Asset Ownership

About

Asset ownership refers to the individual or business unit responsible for an asset's management, security, and lifecycle decisions. 

Problem statement - Broken ownership = no control, no accountability, higher risk, and higher cost. It makes cloud environments messy, insecure, and expensive.

Terminology

Asset - Insight Object a copy of Cloud Provider Objects metadata of so-called Cloud Resources, Cloud Resource Containers, Billing items like tenants/organizations/subscriptions/projects/accounts, configuration items and others. Asset can be a Virtual Machine, Public IP address assigned to VM or even a configuration entry for VM like Firewall rule, Recommendation discovery item and others.

Asset Parent - All assets have a parent. AWS Account is parent for all AWS assets that are deployed under that Account, same with Google Project. Azure assets must have 'Resource Group' type as parent and 'Resource Groups' have parents which are Subscriptions.

• Azure: Cloud Tenant - Subscription - Resource Group - Resource

• AWS: Cloud Organization - Account - Resource

• Google: Cloud Organization - Project - Resource

Asset Groups (AG) - allocated assets are logically grouped and visible for delegated Users.

Delegation - User assignment to Asset Group.

Allocation - Asset assignment to Asset Group. 

Main features and use cases

Ownership management

Use case: Setup Asset Ownership

Allocate assets to asset owners using middle point: Asset Group.

Accountability

Use case: Contact Owner

Provide resource ownership information for operations, internal automations and systems. 

Security

Use case: Control Access

Enable (or restrict) Users to access/view owned resources and respective recommendations.

Economics

Use case: Cost Allocation

Cost View per Asset Group, for asset owners and managers to understand business cost.

Quick Start 

General Recommendations

Use automatic AG creation.

Use tag allocation, fix issues in cloud if possible.

Asset Group creation and Asset Allocation.

Ownership Menu will be found under Administration. Ownership Configuration is available for role ' Company - Ownership Manager'. Here are main use cases of Ownership:

• Automatic Setup (Recommended) 

  • • Automatic Group creation - Setup tag-key for company and enable automatic AG creation. This will enable Asset Group allocation to Assets using tag-key:value pairs, which will automatically assign Assets to Asset Groups. Rename Asset Group as desired. Initial name would be equal to tag value.

• Semi/Manual Setup (Alternative) 

  • • Create groups manually - Allocate assets automatically by adding tag-key:values pair.

• Manual errors fixing:

  • • Allocate assets directly to Asset Group. This can be done on any scenario. Direct allocation brakes inheritance and overrides tag allocation.

• Inheritance (Hidden/backend)

  • • Automatic rules will execute asset allocation to AG as per parent allocation, if asset do not have other allocations.

User Delegation to Asset Group

After creating 'Asset Group's you will have enabled views and filters per 'Asset Group's.

If you want to provide access to Asset owners to see their Assets: 

1. Delegate User to Asset Group 

2. Ensure that User have at least 'Company User' and relevant 'X Service User' roles.

Note: Users with Managers and Analyst roles have read only visibility of all Asset Groups.

Feature Description

How Assets are allocated