Software is eating the world. In the age of cloud computing, developers now own the security posture of your enterprise because the cloud is fully software-defined and programmable. If that scares you, it's because you haven't given your developers the tools to create secure systems. The good news is that you can, but you need to change how you think about security.

In the past, we thought about a "perimeter" that could be defended, but just reading the news for the last three decades or so shows that there was never really was a perimeter, and it could never be defended. Truly resilient systems are resilient all the way through, and the security perimeter was always a sort of Maginot Line, except vastly more expensive and even less effective.

A lot of people think that programmers are wild cards⁠—that we like to break rules and play fast and loose. Simultaneously, many folks think we're masterminds who build a complete picture of the system we're creating in our minds and then sit down and write code. Both are false.

Programmers live in a world of constant experimentation and failure. Our compilers and tests tell us where we're wrong, most of the day, every day. We're good at responding to this by correcting our errors and getting our programs to work. In fact, we developers love overcoming the intrinsic complexity of our chosen profession and delivering working code back to our customers, peers, and bosses (in that order). Developers are experimenters and problem solvers, and security is just another problem. Sadly, to date it's largely been one that has been sequestered away from those most capable of solving it, but that's changing.

Traditional IT security has been about limiting and containing the work of developers and the behavior of users. Neither of these are effective, because unless developers have tools for building in security equal to the ones they have for building functionality the systems we're creating will be intrinsically insecure. When we try to contain users, the “users” we're most afraid of are themselves black hat programmers who are intent on attacking the system. Remember that programmers spend all day solving complex logic puzzles—your perimeter isn't going to be as complex as many other challenges we face. Unless we empower developers to solve security, we're fighting special forces with entrenchments and guard towers.

With cloud, for the first time in the history of computing, developers are in control of the computing infrastructure itself. It used to take a budget process, a large team, and months to build a complex network. I built three this morning, in a few minutes. This is because the cloud is fully software defined, and programmers automate things for a living. This is the opportunity in front of us—by giving programmers tools that live in our world and provide us the same feedback for solving security problems that our compilers and tests provide for functionality, we can leverage all that creativity to being secure and resilient as well as productive.

While you’re here…

Fugue is cloud security for developers, by developers. We make tools that bake security into the entire system lifecycle on the cloud. We’d love to show you how.

With Fugue, you can:

Validate cloud infrastructure compliance for a number of policy frameworks like CIS Foundations Benchmark, HIPAA, PCI, SOC 2, NIST 800-53, ISO 27001, and GDPR.
Get complete visibility into your cloud environment and configurations with dynamic visualization tools.
Protect against cloud misconfiguration with baseline enforcement to make security critical cloud infrastructure self-healing.
Shift Left on cloud security and compliance with CI/CD integration to help your developers move fast and safely.
Get continuous compliance visibility and reporting across your entire enterprise cloud footprint.

Give Fugue a try with a free trial or schedule a free half-hour workshop to learn how Fugue can help you manage your cloud security posture.

Developers Now Own Security, and That's a Good Thing

While you’re here…

Categorized Under

Search

Related posts

Popular Categories

Featured Posts

Get Started with Fugue Today

Trending Topics

Cloud Security Posture Management

Infrastructure as Code and Security

AWS Cloud Security

Azure Cloud Security

Cloud Security for Google Cloud Platform

DevSecOps for Cloud Infrastructure Security

CIS AWS Foundations Benchmark

CIS Azure Foundations Benchmark

Fugue Best Practices Policy Framework

GDPR

HIPAA

ISO 27001

NIST 800-53

PCI

SOC 2 Cloud Compliance

Popular Blogs

Five Steps to a Secure Cloud Architecture

An Introduction to Cloud Security for Infosec Professionals

9 Questions You Should Ask About Your Cloud Security

Events

News

Fugue Extends Cloud Security Market Dominance in Customer Satisfaction, According to G2 Report

Snyk Acquires Fugue, Enters Cloud Security Market

Fugue Achieves AWS Security Competency Status

Fugue Leads Cloud Compliance Market in Customer Satisfaction, According to G2 Report

Fugue Leads Cloud Security Market in Customer Satisfaction, According to G2 Report

Fugue Adds Centralized Multicloud Security Visibility and Policy-Based Governance Capabilities

Fugue Adds AWS Well-Architected Framework to Its Policy as Code Engine for Full Life Cycle Cloud Security

Fugue and CWS Team Up to Close Enterprise Cloud Security Gaps with End-to-End Policy as Code Enforcement

Fugue Adds Kubernetes Security Checks to its SaaS Platform and Open Source Regula Project

Fugue Announces Unified Infrastructure as Code and Cloud Runtime Security

Resources

Submit a Ticket

Documentation

Pricing

API

Guarantee

Login

Contact Us

Security

Privacy Policy

Careers

Schedule Demo

Product Videos

Press

Events

Library