Cloud Transparency & CMDB Governance

• Multi-Source Cloud Discovery Architecture for complex Azure and Kubernetes environments.
• Strategic Security Alignment navigating strict MID server and licensing constraints.
• Automated SBOM and Tag Management for enhanced visibility and compliance.

For a global leader in risk and compliance solutions, maintaining a precise, real-time inventory of cloud assets is foundational to operational security and service mapping. The organization required a comprehensive architectural blueprint to integrate their vast Azure environment and Kubernetes workloads into a unified ServiceNow CMDB. The objective was to move beyond manual tracking by designing an automated discovery pipeline capable of ingesting Software Bill of Materials (SBOM) and cascading subscription-level tags across thousands of resources.To achieve this, a strategic planning and architecture phase was initiated to evaluate competing discovery technologies and design a scalable "single source of truth" that adhered to rigorous internal security protocols.

The enterprise faced significant technical and security hurdles that prevented a standard out-of-the-box discovery implementation:

• Fragmented Visibility: Cloud assets and Kubernetes workloads were managed through disconnected tools, leading to a manual inventory process that was approximately 45% less efficient than automated alternatives.
• Strict Security Constraints: Internal policies prohibited the deployment of MID servers within Azure environments, ruling out several traditional discovery tools and requiring a specialized approach to SBOM ingestion.
• Technical Uncertainty: Evaluating the data coverage of third-party sensors was hindered by documentation barriers, making it difficult to assess the level of effort for integration accurately.
• Kubernetes Complexity: The client required a deep-dive comparison of 39 distinct Kubernetes and OpenShift objects to determine the best approach for real-time workload visibility.

Through a series of high-impact workshops and architectural evaluations, a robust "Multisource Discovery" framework was designed. Key pillars of the strategic solution included:

• Architectural Blueprinting: Conducted seven intensive workshops to define requirements and evaluate five competing discovery components (SGC Azure, KVA, Wiz Runtime Sensor, SGC Wiz, and JFrog Artifactory).
• Multi-Source Logic: Designed a tiered data priority framework using CMDB 360. This architecture utilized SGC Azure for scheduled resource discovery and KVA for real-time Kubernetes visibility, with SGC Wiz serving as a confirmational source.
• Automated Tag Cascading: Engineered a strategy for Azure subscription-level tags to cascade automatically across resources, ensuring consistent metadata for financial and operational reporting.
• SBOM Ingestion Strategy: Developed a secure ingestion path via JFrog Artifactory that bypassed MID server restrictions, ensuring visibility into software components without compromising the client’s security posture.
• Agile Requirements Mapping: Transformed workshop outcomes into detailed user stories and as-built documentation, providing a clear roadmap for implementation while avoiding technical debt.

The architectural phase provided the client with a clear, validated path toward cloud maturity. By replacing manual processes with this strategic blueprint, the organization established a framework for scalable asset management.