I’ve spent the past 10 or more years helping lead innovative and fast-growing cloud and SaaS companies such as VisualCV (an early AWS customer) and SparkPost. Before that—at webMethods—I helped leading companies like Dell and Bank of America utilize our pioneering web services software in early cloud applications. One of the common concerns we had at all these companies was ensuring that the infrastructure, databases, and applications we put into the cloud were kept as safe and secure as possible, and adhered to our own policies in addition to external sets of controls like SOC2. While we were fortunate to have highly capable people working hard to keep us and our customers safe, that work has always been exceedingly people-intensive in my view. And there is always the nagging concern of “Have we done everything we need to?” What we were looking for, put simply, was assurance: the assurance that whatever is out there right now hasn’t deviated from what was in place at the time of our last security review or audit.
This assurance is exactly what Fugue provides by ensuring that cloud infrastructure both meets the organization’s security policies and doesn’t drift from the known good state. As I investigated Fugue further, I asked many of my friends in the tech industry and at Fortune 500 companies about governance and compliance across their cloud applications. They all confirmed that governance, compliance and something called “configuration drift” are major concerns for them. Absent Fugue, they are addressing these concerns with far from perfect tooling and “lots of people, and lots of training for lots of people.”
Given my own experience—and that of the friends I consulted—it was pretty clear that Fugue is in a unique position to offer CISOs and CIOs the assurance they are looking for when it comes to maintaining an adequate security posture in the cloud. I found this highly appealing, especially once I saw Fugue’s technology in action. Being able to scan a customer’s AWS or Azure account to discover and visualize everything deployed within it—authorized and unauthorized—and then point out misconfigurations is powerful. The real magic for me, however, was seeing the Fugue Conductor doing its thing. This software robot scans a customer’s cloud environment at regular intervals (as often as every 60 seconds). Then, when it finds something out of compliance, it not only reports and alerts on it, but can immediately fix it by returning the offending item to the known good state. Talk about lowering the Mean Time to Remediation (MTTR, my new favorite metric). There really is nothing else like this on the market today.
Another reason for my joining Fugue is the breadth and depth of vision for cloud computing held by our founder and CTO, Josh Stella. As organizations look to the cloud to deploy computing resources at hyperscale, they need to massively ramp up activities such as provisioning, governance and policy compliance. These are still largely manual activities, so significant automation is required; there simply aren’t enough qualified people in the world to build out, manage and monitor all the necessary infrastructure. A robotic approach, with machines running machines under the guidance and direction of human engineers, is what’s needed. Fugue is turning this vision into reality.
We are in the early innings of a once-in-a-generation shift in how computing gets done. I see Fugue playing a lead role in helping this revolution gain even further momentum. It’s an exciting time to be in our industry, and an exciting time for Fugue. I am delighted to now be a part of it.