Skip to content

    Latest Posts

    Automating Terraform Security in Scalr Deployments with Regula [Tutorial]

    Aidan O’Connor

    Introduction to Regula and Scalr Integration Regula Regula enables cloud teams to evaluate Terraform, CloudFormation, Azure Resource Manager, and Kubernetes Infrastructure-as-Code (IaC) for security and compliance violations prior to deployment. Regula is an open source implementation of Rego, the query language used by the Open Policy Agent (OPA) project. Where relevant, Regula’s policies have been mapped to the Center for Internet Security (CIS) Amazon Web Services (AWS), Azure, Google Cloud, and Kubernetes Foundation Benchmarks to allow users to enforce these policies on IaC prior to deployment.

    Read More

    Cloud Threats: What Business Executives Need To Know Right Now

    Josh Stella

    The ancient Chinese general Sun Tzu famously wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” That advice is just as relevant today as companies face a constant, never-ending war against hackers attacking their cloud computing infrastructures. Ninety percent of hacking is discovery, and 90% of defending is knowledge. Before you implement any security products or adopt new processes, you must first understand your cloud environment, and the unique threats against it.

    Read More

    To Err Is Human, and That’s What Hackers Are Counting On

    Josh Stella

    It’s understandable if you’ve made thwarting ransomware your top cybersecurity priority for 2022. The number of successful ransomware attacks, which encrypt computers until victims pay the attackers to unlock their data, surged last year. Ransomware payments reported by banks and other financial institutions totaled $590 million for the first six months of 2021, surpassing the $416 million for all of 2020.

    Read More

    An Optimistic Outlook for 2022: Cloud Security Vulnerabilities Are 100% Preventable

    Josh Stella

    Predicting that more enterprises will suffer a cloud data breach in 2022 is not exactly going out on a limb. Migrating IT systems and applications out of the data center to cloud computing platforms is a tenet of an effective digital transformation strategy. But in their rush to the cloud, too many organizations fail to identify the security risks that are unique to cloud computing, primarily misconfigurations.

    Read More

    Checking Terraform IaC security in CI/CD with Regula and Bitbucket Pipelines [Tutorial]

    Aidan O’Connor

    Regula 2.3.0 enables cloud teams to evaluate Terraform, CloudFormation, Azure Resource Manager, and Kubernetes infrastructure as code (IaC) for security and compliance violations prior to deployment. Integrating Regula into continuous integration/continuous delivery (CI/CD) pipelines takes this a step further by automating the secure deployment of cloud infrastructure.

    Read More

    Using Fugue to Protect Against the Apache Log4j Vulnerability on AWS

    Becki Lee

    Richard Park also contributed to this post. The Apache Log4j vulnerability known as Log4Shell (CVE-2021-44228) is a serious vulnerability that allows an attacker to execute arbitrary code on any server running the popular Apache Log4j Java logging library. It has a CVSS score of 10, the highest possible value, and should be addressed immediately.

    Read More

    6 Big AWS IAM Vulnerabilities – and How to Avoid Them

    Becki Lee

    What’s a cloud vulnerability? In the simplest terms, it’s an exploitable weakness in a cloud environment. Vulnerabilities are commonly caused by cloud resource misconfigurations and can lead to breaches and security failures — especially when the vulnerability is related to Identity and Access Management (IAM).

    Read More
    Fugue Developer

    Free Cloud Security for Engineers

    • Visualize your cloud infrastructure
    • Run policy checks and get feedback
    • Detect change and eliminate misconfiguration
    GET STARTED CONTACT SALES