How VMware Aria Automation for Secure Clouds works

This document is written to give readers an understanding of VMware Aria Automation for Secure Clouds’s security controls with a general overview of the key mechanisms and processes used to manage information and provides insight on how the service interfaces between the customer and the cloud provider to support the shared responsibility for providing security in a modern cloud computing environment.

VMware Aria Automation for Secure Clouds runs on Amazon Web Services (AWS) infrastructure. A user can access VMware Aria Automation for Secure Clouds features through a browser-based dashboard which provides a user-friendly interface over calls to public APIs. Users can also access these APIs directly, and VMware Aria Automation for Secure Clouds maintains and publishes a comprehensive list of the APIs that allow customers to integrate with the product.

Identity and access management for VMware Aria Automation for Secure Clouds is handled through VMware Cloud Services Platform (CSP). Customers must provide IAM credentials for each cloud account they want to connect to the service. These credentials are required to collect the cloud account data needed to operate the service. To follow least-privilege principles, all credentials must be configured with read-only access. When onboarded through the service dashboard, each credential is associated to a cloud account.

The findings module then searches the data for findings by querying the databases and storing the results in Elasticsearch. When findings are generated, the customer can optionally create alerts and integrate them with several third-party services like Slack, Email, or Splunk.

VMware Aria Automation for Secure Clouds also offers a unique approach to remediating findings, allowing customers to configure automated remediation actions across AWS and Azure cloud environments. This feature is governed by the cloud permissions control policy, which enables the customer to manage and remediate misconfigurations, while retaining read-only access (least privileges) by the service to their cloud accounts.

VMware Aria Automation for Secure Clouds acts as the control plane for any configured remediation actions, and sends event triggers to one or more remediation worker groups, which can run remediation workers on physical or virtual servers. The worker group is deployed and managed by the customer in their environment. All connections between the service and the worker groups are encrypted.