Platform Architecture

An open architecture built for enterprise-grade data flows.

CloudTwyst is designed as a layered platform — each tier independently capable, and together forming a governed data pipeline from raw cloud signals to executive-ready output. No black boxes. No proprietary lock-in.

Six-layer platform design

From data ingestion to executive insight — every layer explained.

CloudTwyst processes cloud environment data through six structured layers, each with defined responsibilities, clear interfaces, and independent extensibility.

Layer 1
Data Sources
CloudTwyst connects to your cloud environment data sources via API-first integrations. No agents are installed in your environment — all connections use standard cloud provider APIs and OAuth-based authentication.
  • AWS (Cost Explorer, CloudTrail, IAM, Config)
  • Azure (Cost Management, Entra ID, Defender)
  • GCP (Billing, Cloud Asset, IAM)
  • Identity providers (Okta, Azure AD, Google Workspace)
  • ServiceNow (CMDB, Incidents, Change)
  • Jira and Jira Service Management
  • Custom CMDB via REST API
Layer 2
Ingestion Layer
Raw cloud data is normalised into a unified schema before it enters the platform. This layer handles provider-specific format differences, deduplication, and schema validation — ensuring consistent data quality downstream.
  • Schema normalisation across providers
  • Deduplication and delta processing
  • Field validation and enrichment
  • Change event streaming for real-time updates
Layer 3
Rules Engine
The policy engine evaluates normalised data continuously against configured rules — cost thresholds, access entitlements, compliance controls, and custom governance logic. Rules are expressed in a declarative policy language and versioned.
  • Declarative policy evaluation engine
  • Compliance framework control mapping
  • Custom rule authoring and versioning
  • Posture scoring and drift calculation
Layer 4
Workflow Orchestration
When the rules engine surfaces violations or anomalies, the orchestration layer routes them to the appropriate response — automated remediation, human approval workflows, or escalation chains — based on configured severity and action policies.
  • Event-driven trigger processing
  • Approval workflow routing with SLA tracking
  • Automated remediation execution
  • Job scheduling and cron execution
Layer 5
Dashboards
Each platform module — Cost Control, Identity Governance, Policy Engine, Automation Studio, Insights — has a dedicated operational frontend. Real-time data streams from the orchestration layer into module UIs with live posture scoring and contextual action panels.
  • Module-specific operational interfaces
  • Real-time data streaming to UI
  • Contextual action and approval panels
  • RBAC-enforced view filtering
Layer 6
Reports & Exports
The reporting layer aggregates signals from all five platform modules and produces scheduled reports, on-demand exports, board-ready scorecards, audit evidence packages, and CSRD-compliant carbon output — structured for both internal use and external audit.
  • Scheduled report generation and delivery
  • Audit evidence package export
  • Board-level scorecard generation
  • CSRD-ready carbon and energy reporting
Integrations

Connects to the tools your teams already use.

CloudTwyst integrates across your cloud estate using standard APIs — no proprietary connectors, no agents, no lock-in.

AWS
Cost Explorer, CloudTrail, IAM, Config, GuardDuty
Azure
Cost Management, Entra ID, Sentinel, Defender
GCP
Billing, Cloud Asset, IAM, Security Command Center
Okta / Entra ID
Identity federation, SSO, SCIM provisioning
ServiceNow
CMDB sync, incident creation, change management
Slack / Teams
Alert delivery, approval notifications, workflow triggers
Jira / Linear
Issue creation from policy violations and exceptions
Custom APIs
REST webhooks and event streaming for custom integrations
Ready to go deeper?

See how CloudTwyst fits your architecture.

Book a technical discovery session with the CloudTwyst team — we'll walk through your environment and show how each layer maps to your infrastructure.

Book a Technical Demo Security architecture