Today, we’re excited to announce Drift Cause, a new feature designed to provide key insights for understanding and addressing infrastructure drift. Tackling one of the biggest challenges in cloud management, it offers users the context needed to trace drifts back to their source—revealing the who, when, and how behind each change.

To see how Drift Cause works, check out this video or read the blog post below:

‍

Detection Alone Is Not Enough

Drift detection tools highlight discrepancies between IaC (Infrastructure as Code) configurations and the actual state of cloud resources. However, they often fall short of providing the actionable insights teams need to resolve these discrepancies effectively. As a result, teams face several challenges:

• Understanding how to best address drifts: Detecting drift should almost always lead to action, but automatically reverting changes to match the state file isn't always the best approach. Deciding whether to update the state or reject changes requires proper context. Without it, you risk causing more harm than good.
• Lack of accountability: Changes made through UI, CLI, or APIs are rarely tracked, making it difficult to assign ownership and promote accountability.
• Recurring drift issues: Without addressing the underlying causes of changes, organizations struggle to implement effective preventative measures, leading to repeated governance challenges and ongoing drift problems.

Introducing: Drift Cause

Drift Cause connects codified infrastructure with out-of-code audit logs, unlocking detailed and immediate insights that enable teams to:

• Identify who made the change, when, and how
• Understand the specific event or action responsible for the drift (e.g., automated or scripted procedure via CLI or API, or a human being via cloud provider interface)

Leveraging Cloud Compass, env0’s cloud asset management solution, Drift Cause analyzes cloud provider logs to provide the critical context needed for investigating and resolving infrastructure drift much more efficiently.

Example Scenario

To quickly demonstrate how Drift Cause works, let me walk you through a simple real-world scenario that starts with John, a platform team manager, who is facing an urgent issue involving a logs bucket. 

To resolve the issue quickly, John grants temporary access to one of his developers using the cloud provider’s console. With the access granted, the developer jumps in and quickly addresses the issue, but by the time they’re finished, John is already tied up with another task and doesn’t have time to verify the fix.

Meanwhile, in another office a few time zones away, Dan the DevOps on call received a Slack notification from env0 about the drift between the IaC-defined permissions and the actual state of the cloud resource.

After receiving the alert, Dan quickly jumps to the ‘Environment Details’ page to get more information.

Inside he sees that the logs bucket was flagged as drifted and the details immediately show that its permissions differ from the IaC-defined state.

Without Drift Cause, Dan would be stuck wondering whether the change was intentional or a mistake—unsure if he should apply the code or update the IaC. Now, however, Dan can investigate the drift and gain the context needed to make an informed decision on how to address it, and here’s how:

Hovering over the logs bucket detailed in the ‘Drifted Resources’ list, Dan can now click the eye icon to access additional detailed information about the resource.

Here the ‘Analysis Table’ displays a timeline of events related to the logs bucket, including:

• Event Date: When the temporary access was granted
• Event Resource: The logs bucket in question
• Event Name: The action performed, such as 'PutBucketPolicy'
• User: The team leader who performed the ClickOps action

Zooming in further, Dan’s next step is to click the ‘More Info’ icon, which opens the full event JSON in the cloud provider’s console. 

The logs provide him with additional details such as the IP address from which the change originated–all offering valuable context for the source of the change.

Now, using all of the above information, Dan’s next step is to reach out to John and ask about the reason for the change. Based on John’s answer Dan can now decide how to proceed. 

Connecting the dots from ‘who’ and ‘what’ all the way to the ‘why’, Dan can still decide if he wants to revoke temporary access, redeploying the logs bucket to restore it to its IaC-defined state. However, Dave may also decide that a better course of action is to preserve the developer’s access, by adding the new permissions in the IaC configuration, giving John and his team the time they need to make sure that the fix works as intended.

This is just one simple scenario meant to demonstrate how having additional context can impact drift analysis and remediation, while being considerate of the reader’s time. In real-world situations, however, the stakes are often much higher and decisions far more complex, involving uptime, compute allocation, security risks, and more. In all such cases, having easy access to additional information and understanding the reasons behind the drift—rather than blindly reacting to an alert—can lead to broader implications.

What’s Next

Drift Cause is the first step in demonstrating the value of combining IaC management with insights from cloud asset management. 

This useful integration, powered by Cloud Compass, offers a holistic view of infrastructure changes, bridging gaps that were previously difficult to address.

Here’s how this combination enhances the platform:

• Enhanced automation: With context from real-world changes, Cloud Compass enables Drift Cause to connect IaC workflows with external actions. This added layer of insight, in turn, enables smarter and more efficient automation.
• Better policy enforcement: Guardrails can now be applied consistently across both IaC-managed and non-IaC-managed resources. This reduces governance gaps and ensures comprehensive control over infrastructure changes.
• Stronger security compliance: By providing visibility into changes made outside IaC, Cloud Compass helps organizations identify and mitigate risks, making compliance efforts more effective.

Drift Cause showcases how enriching IaC management with insights from cloud environments transforms infrastructure management. 

Combining the two creates a framework for a more precise, context-driven approach that empowers teams to govern and scale their infrastructure with confidence.

Want to learn more? Schedule a technical demo to see Drift Cause in action.