Introduction to Regula and Scalr Integration Regula Regula enables cloud teams to evaluate Terraform, CloudFormation, Azure Resource Manager, and Kubernetes Infrastructure-as-Code (IaC) for security and compliance violations prior to deployment. Regula is an open source implementation of Rego, the query language used by the Open Policy Agent (OPA) project. Where relevant, Regula’s policies have been mapped to the Center for Internet Security (CIS) Amazon Web Services (AWS), Azure, Google Cloud, and Kubernetes Foundation Benchmarks to allow users to enforce these policies on IaC prior to deployment.
The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” That advice is just as relevant today as companies face a constant, never-ending war against hackers attacking their cloud computing infrastructures. Ninety percent of hacking is discovery, and 90% of defending is knowledge. Before you implement any security products or adopt new processes, you must first understand your cloud environment, and the unique threats against it.
It’s understandable if you’ve made thwarting ransomware your top cybersecurity priority for 2022. The number of successful ransomware attacks, which encrypt computers until victims pay the attackers to unlock their data, surged last year. Ransomware payments reported by banks and other financial institutions totaled $590 million for the first six months of 2021, surpassing the $416 million for all of 2020.
Predicting that more enterprises will suffer a cloud data breach in 2022 is not exactly going out on a limb. Migrating IT systems and applications out of the data center to cloud computing platforms is a tenet of an effective digital transformation strategy. But in their rush to the cloud, too many organizations fail to identify the security risks that are unique to cloud computing, primarily misconfigurations.
G2, the world's largest independent software marketplace, released its Winter 2022 report on the cloud security market. Fugue leads in all six customer satisfaction categories among cloud security buyers and users.
Regula 2.3.0 enables cloud teams to evaluate Terraform, CloudFormation, Azure Resource Manager, and Kubernetes infrastructure as code (IaC) for security and compliance violations prior to deployment. Integrating Regula into continuous integration/continuous delivery (CI/CD) pipelines takes this a step further by automating the secure deployment of cloud infrastructure.
Richard Park also contributed to this post. The Apache Log4j vulnerability known as Log4Shell (CVE-2021-44228) is a serious vulnerability that allows an attacker to execute arbitrary code on any server running the popular Apache Log4j Java logging library. It has a CVSS score of 10, the highest possible value, and should be addressed immediately.
Today, Fugue announced powerful new capabilities to help enterprise organizations and managed service providers centrally manage the security of large, complex cloud environments that involve multiple business units—each with its own unique use cases and policy requirements.
We recently announced support in Fugue for the AWS Well-Architected Framework, a set of recommendations Amazon Web Services provides for designing infrastructure for cloud applications and workloads.
What’s a cloud vulnerability? In the simplest terms, it’s an exploitable weakness in a cloud environment. Vulnerabilities are commonly caused by cloud resource misconfigurations and can lead to breaches and security failures — especially when the vulnerability is related to Identity and Access Management (IAM).