Stacklet Governance-as-Code Platform

I used Stacklet during my experience at Xgrid, particularly in the last year when we were optimizing cloud costs for SleepIQ Tech for different clients. One thing we were proud of was the Cloud Custodian configurations, which were YAML-provided manifest files where we could provision the infrastructure and then access custom pre-built dashboards that provided governance as a code. This was really helpful.

We used Stacklet for cloud optimizations and were able to save around 40,000 US dollars per annum. We identified exactly where we were burning costs. After identification, we took remediation steps to cut down the extra costs due to overcommitted resources, underutilized resources, and identifying EIPs. We also re-architected some of the architectural components and moved to serverless. This is how we achieved around 40,000 US dollars per annum in savings.

Stacklet's dashboards helped us identify cost-saving opportunities. They were really helpful because Stacklet uses Cloud Custodian under the hood, and Cloud Custodian retrieves all of those metrics from the different dashboards of services from AWS cloud, since we were using AWS. This enabled us to get everything in a centralized dashboard, which provided out-of-the-box policy packs and visual reporting for all of our different AWS accounts.

Recently, Stacklet has introduced remediation and workflows that perform intelligent, multi-step workflows with native integrations to Jira, ServiceNow, and Slack. At that time, we used these with some custom wrappers, but now they are available within Stacklet.

The best features that Stacklet offers are the dashboard and the UI, the remediation and the workflows, and the asset visibility. Stacklet has an Asset DB that unifies all cloud resources in real-time with history tracking. For deployment and maintenance, it is a totally managed SaaS, and it is scalable as well. These are some of the features which I really love.

One thing which was really helpful about the asset visibility and Asset DB was real-time monitoring. We did not need to run or click on a button to sync and then look at the dashboards. Our dashboards were never old or outdated. They were always in sync with the current status. If our costs were going down after we took an action, we did not need to wait for a week or for days. We were able to see everything from the console, showing exactly how it would look at that very point.

The one metric which showed everything is the 40,000 US dollars per annum cost that we saved, and we pay very little to Stacklet.

One area for improvement is visual policy builders. Stacklet features natural language query tools, but newer users face a steep learning curve when building complex multi-step automated remediation workflows. There could be runbooks to help with this.

When we were using Stacklet, we did not have complete ownership of what was happening under the hood. For example, improvements in IaC enhancements and improving real-time risk assessment before deployment are something which should be achievable.

I have been working in my current field since 2001, and it has been more than five years.

I have not tested Stacklet at a much higher scale. It appears to be good. As it is a SaaS solution, it will scale on higher loads.

Customer support was cooperative.

We did not switch from a previous solution. We directly tried using Cloud Custodian, but that did not provide dashboards and other features.

We were able to invest this money in other areas and were able to focus on delivering the same quality with fewer resources and lower costs. When we pruned and terminated a lot of resources, our engineering efforts to manage all of those resources also reduced because we needed to manage a smaller number of resources.

If you want to exactly govern your cloud, then you should go towards Stacklet. It does not only help in saving costs, it helps in governance as well. It shows how you should organize resources, allocate costs, and then identify any loopholes. Stacklet is a solid choice for this purpose. There is nothing you need to change. I would rate this review seven out of ten.

Public Cloud

Amazon Web Services (AWS)

What do you like best about the product?

Real time enforcement of security policies across all the cloud environments. Provides the security by reducing the risks by centralizing the governance. Also, provide the historical revisions and dashboards for tracking purposes.

What do you dislike about the product?

I think the biggest missing part from Stacklet platform has been lack of compliance frameworks. Whenever we talk about data governance, there's always talk about different compliance frameworks but it looks like there are not many frameworks currently available at this time.

What problems is the product solving and how is that benefiting you?

1. Real time business security policies.
2. Achieving data governance across all the platforms.
3. With different laws coming out, it helps in achieving CCPA and GDPR.

What do you like best about the product?

Reasons why I like Stacklet

-Open-source policy language - Our engineers already use Cloud Custodian (c7n). Hence, they can easily add their own policies or adapt the pre-written c7n policies provided by Stacklet.
-Scalable - Stacklet makes it easy to deploy across hundreds of accounts
-Connect to Jira - Policy violations can be posted to Jira (or Slack) which our Engineers use to manage their work
-Cloud asset database - SQL-friendly cloud asset database makes it easy for our engineers to query resources or user visualize them with BI tools

What do you dislike about the product?

The user interface could be more user-friendly.

What problems is the product solving and how is that benefiting you?

Stacklet is helping manage our cloud policies, monitor cloud resources and identify savings opportunities at scale (across hundreds of accounts).

What do you like best about the product?

Stacklet brings the best of Cloud Custodian compliance policies within manageable reach of even the most disparate and large organizations. With Stacklet, we can automate compliance checks for any of our cloud environments, along with auto-remediate any of our findings without requiring any human interaction. Compliance checks are easy to create and are well documented. Actions taken upon findings can range from as simple as record findings in a database, to sending notifications (email, IM bot messaging, ticket generation), to making a cloud provider API call to correct the setting, to custom calls to fit your unique desires. Stacklet also provides access to a database of most cloud resources defined, allowing for answers to most cloud platform questions easy to answer, as long as you can envision the SQL query. In addition to the above product portfolio, I truly love the fact that Stacklet is tightly bound with the cloud custodian community, with each team improving core aspects of the compliance policy execution framework. Stacklet's add-on of management tools and assetdb make the community offering something which is manageable with minimal effort, no matter how complicated out environment may be.

What do you dislike about the product?

Stacklet is a younger company that is still maturing their offerings. This has meant that I may need a newer feature which has not yet been coded up. In my experience, this had meant that I may need to wait a few months for most of my new feature requests. On the flip side, this has been beneficial for me in the long run as more established/older companies have a track history of equating lack of current features with a lack of desire to address my new requirements on any timeline.

What problems is the product solving and how is that benefiting you?

Stacklet provides an easy framework to take audit requirements in the morning, have policies and remediation actions in place by lunch, and immediately turn over to my operations team. When operational questions come up, Stacklet's assetdb allow us to immediately provide the answers we're looking for so we don't need to waste time assessing our environment.

What do you like best about the product?

Constant addition of features.
AssetDB for querying
Great support team.

What do you dislike about the product?

Have not found any issues in working with the stacklet platform.

What problems is the product solving and how is that benefiting you?

The Stacklet Platform is a simple solution to our multi-cloud governance and compliance needs.

What do you like best about the product?

Policy management is flexible and customizable so we can enable what is correct for our needs. The APIs are easy to use so integrating to our other tooling is straight forward.
The Stacklet team's support is very good. They are collaborative and very interested in our success.

What do you dislike about the product?

The platform is still evolving, so there are some nice-to-have features yet to be implemented.

What problems is the product solving and how is that benefiting you?

Our organizational governance needs to mature. Additionally, we are transitioning from a vendor-supported operational model. Stacklet is enabling us to take control of the cloud security compliance in-house and make it better.

What do you like best about the product?

It was easy to set up, provides good reporting and analysis of resources, and has granular policy configurations. The staff is very helpful and friendly.

What do you dislike about the product?

We are having issues getting Azure reporting

What problems is the product solving and how is that benefiting you?

The platform is helping us resolve audit and compliance issues.

What do you like best about the product?

The ability to create custom rules in addition to the compliance packages out of the box that they provide for you. In addition to the ability to customize rules checks is their support team. Very knowledgeable and extremely helpful! And they help your team by teaching them how to use the product when working to solve problems, not just provide a canned KB article.

What do you dislike about the product?

My biggest dislike is the lack of compliance frameworks currently available out of the box for their product. I know they are adding additional frameworks at this point, and we can work around that aspect due to the ability to customize our rule checks at an extremely high level.

What problems is the product solving and how is that benefiting you?

Near real-time cloud inventory collection that includes those resources meta-data attributes that enables us to understand the security related to that asset. This capability has helped us to do this across many cloud accounts and tenants using a centralized console to report and take action from.

What do you like best about the product?

Governance as Code - Standardizing code that is consistent, and easy to use for developing cost savings, compliance, and security policies. Before we had teams and individuals using an assortment of code, bash, python, etc, and deploying them using VMs and other serverless compute services, which created issues in troubleshooting, updating, and locating the different policy scripts.

AssetDB - This allows our IT and Security teams to search (using SQL queries) across all regions and accounts, instead of having to log in to each account to search for a resource. Having the ability to generate inventory reports across accounts has also improved our ability to meet different compliance initiatives.

Notifications - Having the ability to notify users of both policy rules and reports has helped to limit the amount of pushback and increased user buy-in and adoption.

Cost - All of the above at a fraction of using native tools to attempt the same functions. This is also cost-saving in staff hours required to code and maintain all of the different policies.

What do you dislike about the product?

I feel like the product needs more work on login roles and policies, but would still recommend it without hesitation. The Stacklet team is very responsive and eager to help with any issues that we have had.

What problems is the product solving and how is that benefiting you?

One of the biggest issues of having a multi-organization/team environment is adoption. Stacklet has helped us manage and actually get our tagging policies off the ground and gain acceptance from teams across the board for the first time after trying for years to get buy-in. Stacklet and the Assetdb have also greatly enhanced our ability to meet various compliance initiatives by providing reports and artifacts for auditors.

What do you like best about the product?

The ability to customize the compliance policies to meet our specific needs, and the rich set of APIs to integrate with our automation and DevOps tools. Many other off-the-shelf compliance products have very limited customization features which lead to false positives and false negatives, and also requires more complicated exception handling processes.

Additionally, the Stacklet team has been outstanding in taking our feedback and quickly incorporating improvements in their platform.

What do you dislike about the product?

The administrative and reporting user-interfaces are still evolving, though we primarily use the APIs so it is not a big issue for us.

What problems is the product solving and how is that benefiting you?

It gives us a single platform for multi-cloud compliance and Cloud Security Posture Management, replacing at least 4 different tools that were previously used. This greatly improves the efficiency of our compliance and engineering teams, and gives us a common set of processes and nomenclature across all of our cloud estates.