New: Brownfield onboarding
Learn more
Connect your existing AWS, Azure, GCP and VMware accounts
Introducing brownfield onboarding for emma: connect your AWS, Azure, GCP and VMware accounts, discover what's running - instances and Kubernetes clusters, and bring it under unified governance from day one.
The reality of enterprise cloud
Most enterprises don't start from scratch. They have years of accumulated infrastructure—workloads running across your cloud and on-premise VMware environments, spun up by different teams, tracked in different tools, governed (or not) by different policies.
The result is a governance gap that grows quietly in the background. Resources exist that no one has full visibility over. Cloud spend accumulates outside any unified cost model. Compliance teams work from incomplete inventories. Security teams can't enforce policies over infrastructure they can't see.
The problem is that resources often exist outside the perimeter of newly adopted tools and governance frameworks. Sometimes, it's because the tools don't support certain environments, for example, cloud native tooling may bypass existing on-premise resources. Or, it can be because there are general visibility gaps in disconnected hybrid and multi-cloud environments.
"You can't optimize cost, enforce compliance, or reduce risk on resources you don't know exist."
Today, emma extends its platform with brownfield onboarding—the capability to connect existing cloud accounts (AWS, Azure, GCP, VMware, and multi-cloud Kubernetes clusters), discover every resource running inside them, and selectively import those resources into emma's governed Project Groups.
Nothing changes in your cloud. emma wraps a governance layer around what's already there—giving FinOps, security, and platform teams a single source of truth over their entire estate, not just the slice that was provisioned through emma.
This is a category-expanding moment. emma moves from a greenfield provisioning platform to a full-estate governance solution—one that meets enterprises exactly where they already are.
The workflow is intentional, and the sequence matters.
Connect your cloud account via BYOA (Bring Your Own Account)—provide scoped credentials for AWS, Azure, GCP and VMware at whatever access level you're comfortable with.
Discover — run a Discovery Job to inventory every resource in the connected account. You see the full picture before making any decisions.
Import selectively — review the inventory and choose which resources to bring into specific projects within a Project Group. You control what enters your governance perimeter—and what doesn't.
Audit continuously — run audits periodically. Any resource that exists in your account but isn't mapped to a project gets flagged, so nothing slips through as your estate evolves.
The sequence is deliberate. Nothing enters the governance perimeter without explicit action. You decide what's governed, when, and at what level of granularity.
There's an important distinction in how emma approaches ongoing visibility—and it's worth being precise about it.
With emma's periodic audits any resource that exists in a connected account but isn't mapped to a project gets flagged automatically. This surfaces shadow infrastructure—workloads running outside the governance perimeter that represent cost leaks, compliance gaps, and security blind spots—not just drift in what's already managed.
For compliance teams, this is the difference between a point-in-time snapshot and continuous evidence of governance. Auditors don't ask what your cloud looked like six months ago. They ask what it looks like now, and whether you can prove it's governed. And this is where emma makes a difference compared to tools that rely on manual synchronizations.
A single Project Group can now hold both BYOA accounts (your existing infrastructure) and emma-provisioned accounts (new deployments)—under the same governance model, in the same project structure.
This means organizations don't face a "phase 1 / phase 2" problem. Existing workloads come under governance today. New infrastructure gets provisioned through emma tomorrow. Same policies, same visibility, same cost management—from the start.
That's how real-world adoption works. You start with what you have, and grow from there.
Connecting existing cloud accounts to any platform is a decision that security and procurement teams scrutinize carefully—and rightly so.
emma is SOC 2 and ISO 27001 certified. BYOA credentials are scoped, audited, and fully within customer control. You decide what access level to provide. Removing a BYOA connection instantly removes those resources from emma's view—but nothing is ever deleted from your cloud. The same account can be reconnected to the same or a different Project Group at any time.
The design is non-destructive by default. That's not a feature—it's a guarantee.
Brownfield onboarding is available now. Connect your first cloud account, run a discovery job, and see your full resource inventory in virtually no time.
