Enterprises operating at scale on clouds like Amazon Web Services (AWS) need assurance that their cloud infrastructure always adheres to compliance policy and never drifts. But unlike the datacenter, today’s cloud environments are API-driven and highly dynamic. When change is the only constant, enforcing continuous compliance is a major challenge. Failure here can result in costly fines, or worse—a critical data breach.
What better way to shake off the Thanksgiving food coma than the annual tradition of heading to Las Vegas forAWS re:Invent; which just keeps getting significantly bigger every year! Of course Fugue will be there again this year showcasing how our customers are ensuring the security and compliance of their AWS infrastructure andautomatically remediating cloud misconfigurationto prevent data breaches and system downtime events.
We are thrilled to announce that the Fugue Compliance Suite is available today. The Compliance Suite is a set of validation libraries for provisioning and orchestrating infrastructure with Fugue. The prepackaged libraries help to enforce security and regulatory controls specified in compliance frameworks such as NIST 800-53, HIPAA, and GDPR, as well as best practices such as the AWS CIS Benchmarks.
Cloud infrastructure misconfiguration has emerged as the number one cause of data breaches in the cloud. Rather than application software vulnerabilities, it’s actually misconfigured network settings, firewall rules, storage access policies, and other cloud resources that put our data at most risk. We’ve talked a lot about the risk of cloud misconfiguration and why it’s critically important to have a Mean Time to Remediation (MTTR) for cloud infrastructure misconfiguration that’s measured in minutes, not hours or days. But why are cloud misconfiguration MTTRs more often measured in hours or days? And how many man-hours are teams wasting in their attempts to manage this problem? We work with a wide variety of enterprises using cloud at scale—from federal agencies to Fortune 500...
Launched in 2011, AWS CloudFormation was a game changer because it was one of the first template-based, infrastructure-as-code (IaC) tools that provided the ability to express the full cloud infrastructure stack as configuration files. It wasn’t limited to the OS layer like traditional configuration management tools. However, organizations that operate on AWS under strict security rules and compliance regimes (i.e., HIPAA, PCI, NIST 800-53) need to make sure their infrastructure is created in accordance with the applicable security and regulatory policies—and stays aligned in the face of constant change. The Risk of Cloud Misconfigurations, Drift, and Policy Violations IaC tools like CloudFormation (CF) were not designed to address security and compliance comprehensively, and they...
We are thrilled to announce that the Fugue Compliance Suite is available today. The Compliance Suite is a set of validation libraries for provisioning and orchestrating infrastructure with Fugue. The prepackaged libraries help to enforce security and regulatory controls specified in compliance frameworks such as NIST 800-53, HIPAA, and GDPR, as well as best practices such as the AWS CIS Benchmarks. As a reminder, a validation is a type of “policy as code” that tests your infrastructure. If a validation fails, such as determining that an S3 bucket has been defined in an unpermitted AWS region, then the infrastructure code will not compile and cannot be deployed. Our Compliance Suite validations ensure that infrastructure does not violate controls specified in a compliance framework. For...
It’s never been easier or faster for companies using the cloud to deploy infrastructure on AWS. That’s the good news. The not-so-good news? You can’t move fast without compromising security, compliance, and control. Well, you can’t unless you automate your cloud infrastructure policies, including compliance and security. Hold that thought for a moment. Here are four common hurdles nearly every organization using the cloud encounters: Inconsistent enforcement of regulatory compliance policies (PCI, HIPAA, NIST 800-53) Uneven use of internal governance policies Uncontrolled shadow IT, ad hoc automation, and tooling sprawl Increased demand for cloud expertise Viewed from a higher level, companies using the cloud need to see all resources running across environments, accounts,...
No matter how you built your cloud—no matter what tools or services you’ve used to provision an application’s infrastructure—you can migrate existing workloads to Fugue easily and securely with no downtime. At AWS re:Invent this week, November 27 - December 1, test out Fugue’s automated infrastructure governance with our team at booth 1600 or explore Fugue’s new migration and enhanced compliance capabilities at www.fugue.co/migrate. By migrating to Fugue, enterprises, agencies, and DevSecOps teams in any organization centralize their control and visibility of systems running in the cloud, while accelerating secure deployments and updates. Human error—typical with scaled, enterprise infrastructure and costly in dollars and consumer trust—is drastically reduced since Fugue highlights...
One of the most difficult things to understand about the cloud is the shape and extent of your overall application in it, whether you’re manually building your app’s infrastructure using the AWS Console or CLI, or scripting it using CloudFormation or another provisioning tool. Solutions architects, developers, and systems administrators make countless diagrams for customers and internal teams trying to provide a consumable, accurate view of what’s running or what a team would like to deploy. We’ve all learned the hard way that doing this manually is both error prone and quickly out of date. Fugue’s Composer, part of the original vision of Fugue, maps your application’s cloud infrastructure with automated, interactive diagrams that show your whole system in real time and the...
We’re a couple of weeks out of re:Invent and its dizzying buzz—the slew of service and feature announcements, the industry tracks and community meetings, the Mini Cons, the integration and how-to session deep dives, the intensive networking, the mall of sponsors with every manner of product presentation … even festive bling from the ever-present registration DJ. We’ve had some time to digest what we saw and learned this time around and to think about a few of the more compelling offerings. In this post, we’re not going to recap the full laundry list of new services introduced or feature enhancements (many especially targeted at enterprise). Good overviews are abundant; here are ones from InfoQ, VentureBeat, and Rackspace. Instead, let’s zero in on a handful of provocative...
.png?width=36&height=36&name=linkedin%20(1).png){kind=small}
.png?width=36&height=36&name=twitter%20(1).png){kind=small}
