Yesterday Fugue announced some new features that make it easier than ever to bring cloud infrastructure environments into compliance, make sure they stay that way, and demonstrate it at any time. Let’s take a look.
Why Cloud Upended Traditional Compliance
The dynamism and scale of cloud has created significant new challenges for compliance teams and risks for the enterprise. The self-service nature of cloud means developers make their own infrastructure decisions, and they change their decisions daily as they iterate on systems and applications. This is great for innovation, but since developers often (and understandably) lack an awareness of how compliance standards apply to the work they do, this can lead to violations and create security risks. And when new cloud-native services are used, the compliance posture of cloud environments can change significantly.
Traditional cloud infrastructure audits are often obsolete before they’re even finished because developers and application teams are iterating and moving fast. Compliance teams need to ensure cloud environments adhere to regulatory and internal policy and demonstrate it at any time. This creates tension between teams.
That’s why we built Fugue. Within minutes, Fugue can assess the compliance posture of a cloud infrastructure environment and provide actionable information to address violations. Teams can then, with the push of a button, establish known-good cloud infrastructure baselines from which they can all operate safely and at speed.
Baselines: A Single Source of Trust for Shifting Left on Cloud Compliance
Fugue is the only cloud infrastructure solution that uses infrastructure baselining for security and compliance. The baseline serves as a contract between cloud stakeholders: developers, operations, compliance, and security teams all operate from a single shared source of trust for cloud computing. This is impossible to achieve with design documents, checklists, and post-deployment scanning and alerting.
Baselines are the mechanism for detecting and understanding infrastructure change, protecting sensitive data with self-healing infrastructure, and “shifting left” on cloud compliance and security. Shifting left is the practice of moving security and compliance functions earlier in the software development lifecycle (SDLC), rather than later, when making corrective changes becomes more expensive and slows things down.
Developers now have simple tools for ensuring cloud infrastructure compliance that work the way they work—without requiring compliance expertise.
Out-of-the-Box Cloud Compliance Assurance and Reporting
Fugue provides turnkey libraries for compliance for a number of standards, including PCI, GDPR, HIPAA, NIST 800-53, SOC 2, ISO 27001, and CIS AWS Foundations Benchmark. Fugue does not require cloud infrastructure compliance expertise in order to bring cloud environments into compliance.
Getting up and running with Fugue with continuous compliance reporting across your entire enterprise cloud footprint can take less than an hour.
Learn more about Fugue and schedule a free compliance audit of your cloud infrastructure environment.