Skip to content

    Latest Posts

    Announcing our Partnership with In-Q-Tel (IQT)

    Drew Wright

    Since its founding, Fugue has set out to transform how cloud infrastructure is kept safe and secure. Today, we’re thrilled to announce our strategic partnership and development agreement with In-Q-Tel (IQT) to help advance its mission for U.S. government agencies. For nearly two decades, the not-for-profit strategic investor IQT has accelerated the development and delivery of innovative technology solutions to support the mission of the U.S. government agencies that keep our nation safe. We are proud to join them in supporting this effort. Fugue can help federal agencies automate security and compliance for cloud infrastructure to identify and eliminate risks stemming from misconfiguration and policy violations. By preventing compliance violations and automatically returning...

    Read More

    Eliminating Cloud Misconfiguration with Baseline Enforcement

    Drew Wright

    As more enterprises adopt the cloud, the issue of cloud security has become a top priority. The cloud is fundamentally different than the datacenter. Just as it requires a shift in how we think about architecture and operations, we need to shift our thinking on cloud security and compliance and bake it into DevOps and CI/CD processes (i.e., DevSecOps) rather than bolt it on later. Failing to do so puts your organization at serious risk of a critical data breach. Infrastructure misconfiguration is the number one cloud risk Fugue recently released its Cloud Infrastructure Misconfiguration Report, which found that 93 percent of IT and security professionals are concerned that their organization is at risk of a major security breach due to misconfiguration, and twenty-seven percent (27%)...

    Read More

    Cloud Misconfiguration Bedevils Enterprises at an Alarming Rate

    Drew Wright

    Last week, Fugue released its Cloud Infrastructure Misconfiguration Report, which presents the results of our survey of more than 300 IT and security professionals from enterprise-level organizations. What surprised many of us at Fugue the most was the steep cost incurred by enterprises in their attempt to manage cloud misconfiguration, which is still largely a complex, manual process in an otherwise automated world of cloud. You can read more about that in The Cost of Cloud Misconfiguration Whack-a-Mole. Today let’s focus on the risk that cloud misconfiguration brings to the enterprise, and what our survey reveals about the severity of the problem. In short, it’s bad. An overwhelming majority (93%) say they are “somewhat concerned” or “highly concerned” that their organization is at...

    Read More

    Modifying Your Code for Unit Testing

    Drew Wright

    If you’ve been looking around for information on unit testing and want to know a bit more, or possibly see an example of how to put it into practice, you’re in the right place. By the end of this blog post, you should be able to: Look over parts of your code where you'd like to add unit tests. Understand how to break your code into smaller functions. Determine what to test. Start creating your tests. We'll also cover rudimentary mocking, which is the practice of writing pretend calls to test your code against predictable values. This blog post uses Python, but these concepts will transfer to other languages as unit testing is the same. Why Do Unit Tests Matter? I'm sure you've heard this before. Unit tests matter because they make sure your code works well in...

    Read More

    Why You Should Care About Cloud Infrastructure Governance

    Drew Wright

    It’s never been easier or faster for companies using the cloud to deploy infrastructure on AWS. That’s the good news. The not-so-good news? You can’t move fast without compromising security, compliance, and control. Well, you can’t unless you automate your cloud infrastructure policies, including compliance and security . Hold that thought for a moment. Here are four common hurdles nearly every organization using the cloud encounters: Inconsistent enforcement of regulatory compliance policies (PCI, HIPAA, NIST 800-53) Uneven use of internal governance policies Uncontrolled shadow IT, ad hoc automation, and tooling sprawl Increased demand for cloud expertise Viewed from a higher level, companies using the cloud need to see all resources running across environments, accounts,...

    Read More

    No Matter How You Built Your Cloud…

    Drew Wright

    No matter how you built your cloud—no matter what tools or services you’ve used to provision an application’s infrastructure—you can migrate existing workloads to Fugue easily and securely with no downtime. At AWS re:Invent this week, November 27 - December 1, test out Fugue’s automated infrastructure governance with our team at booth 1600 or explore Fugue’s new migration and enhanced compliance capabilities at www.fugue.co/migrate . By migrating to Fugue, enterprises, agencies, and DevSecOps teams in any organization centralize their control and visibility of systems running in the cloud, while accelerating secure deployments and updates. Human error—typical with scaled, enterprise infrastructure and costly in dollars and consumer trust—is drastically reduced since Fugue highlights...

    Read More

    Get Your Cloud, See Your Cloud—A Full View with Fugue

    Drew Wright

    One of the most difficult things to understand about the cloud is the shape and extent of your overall application in it, whether you’re manually building your app’s infrastructure using the AWS Console or CLI, or scripting it using CloudFormation or another provisioning tool. Solutions architects, developers, and systems administrators make countless diagrams for customers and internal teams trying to provide a consumable, accurate view of what’s running or what a team would like to deploy. We’ve all learned the hard way that doing this manually is both error prone and quickly out of date. Fugue’s Composer, part of the original vision of Fugue, maps your application’s cloud infrastructure with automated, interactive diagrams that show your whole system in real time and the...

    Read More

    Fugue Addresses Cloud's “Undifferentiated Heavy Lifting”

    Drew Wright

    Twenty minutes or two weeks to spin up your new applications and new product features? Automated care and feeding of infrastructure that requires minimal human intervention or bespoke care and feeding that requires continual attention? The choice seems pretty obvious. Back in 2006, Jeff Bezos was building Amazon Web Services (AWS) to solve a core problem for businesses: undifferentiated heavy lifting. Getting great ideas and applications to market fast is key in holding a competitive edge. If you transform parts of the IT pipeline that require a lot of time, effort, and money—the same parts that every business has to contend with—into fast, easy-to-use, efficient parts, you win. Or, at least, you’re a few laps ahead. Bezos, with foresight to grow AWS into what’s now the largest cloud...

    Read More

    Validations Give Government Agencies Speed and Certainty in the Cloud

    Drew Wright

    Fugue now supports the Amazon Web Services (AWS) GovCloud region, which means federal agencies, like enterprises, can automate operations in the cloud fast, while simultaneously meeting regulatory demands. Fugue deployments start with powerful, but easy-to-understand code declarations in a composition that governs a system’s infrastructure. By including select libraries in that composition with simple import statements, a particular agency’s compliance regime gets integrated from the start. This kind of fully realized policy-as-code provides a scalable protocol for agency cloud ops and increases speed to mission. The Power Behind Policy-as-Code The power behind policy-as-code lies in validations. Fugue ships with some common validations, but also enables agencies and businesses to...

    Read More

    Diagnosing and Fixing Memory Leaks in Python

    Drew Wright

    Fugue uses Python extensively throughout the Conductor and in our support tools, due to its ease-of-use, extensive package library, and powerful language tools. One thing we've learned from building complex software for the cloud is that a language is only as good as its debugging and profiling tools. Logic errors, CPU spikes, and memory leaks are inevitable, but a good debugger, CPU profiler, and memory profiler can make finding these errors significantly easier and faster, letting our developers get back to creating Fugue’s dynamic cloud orchestration and enforcement system. Let’s look at a case in point. In the fall, our metrics reported that a Python component of Fugue called the reflector was experiencing random restarts and instability after a few days of uptime. Looking at...

    Read More
    Fugue Developer

    Free Cloud Security for Engineers

    • Visualize your cloud infrastructure
    • Run policy checks and get feedback
    • Detect change and eliminate misconfiguration
    GET STARTED CONTACT SALES