At Aembit, we often see clients initiate their journey with us when they face specific challenges in securing workload-to-workload access.

Common starting points include safeguarding CI/CD workflow; managing access to a sensitive datastore like Snowflake; or policy-based access to their vault. 

• Operations teams are only alerted about new workloads when they’re nearing production –typically via a Slack message as deployment approaches.
• Developers are required to complete a form when starting a new project. Once logged, the team can allocate production resources.
• “If it isn’t broken, don’t fix it.” Some teams only take notice of workloads if issues arise during operations.

However, it gets even more challenging when you are trying to map the access relationships among these workloads. For example, what databases does this workload access? Does this workload touch sensitive customer records? Financial information? If so, how secure and closely managed is that access?

Aembit’s Approach to Workload Discovery

Based on our research with customers, we designed Workload Discovery around three main principles:

1) Transparency: DevSecOps teams should be able to access workload information seamlessly, without requiring developers to provide workload information out-of-band or add code to their workloads solely for discovery purposes.

2) Dynamic: Our system is designed to continuously and proactively identify new workloads as they are deployed, ensuring that no asset goes unnoticed.

3) Actionable: We prioritize ease of integration. Once a workload is identified, the process of bringing it under the governance of Aembit’s Workload IAM is straightforward, enhancing overall security management without adding complexity.