Skip to content

    Latest Posts

    Using Open Policy Agent (OPA) for Cloud Security and Compliance

    Drew Wright

    Just like the challenges of managing large cloud infrastructure operations led to the development of infrastructure as code, ensuring the security and compliance of those environments led to policy as code. Cloud infrastructure environments are simply too vast, complex and dynamic to address with traditional security approaches such as manual audits and checklists.

    Read More

    Cloud Security Posture Management: Benefits and Uses

    Diem Shin

    Cloud Security Posture Management (CSPM) is a category defined by Gartner to address the growing needs of public cloud IaaS and PaaS services to address the challenges of misconfiguration. According to Gartner, nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. A single misconfiguration can expose hundreds of thousands of systems or highly sensitive data to the public internet.

    Read More

    Zombie Cloud Infrastructure is a Major Security Risk

    Drew Wright

    One aspect of cloud computing platforms like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) is that it’s easier to create infrastructure resources than it is to destroy them. Even more challenging is maintaining full visibility over all of your cloud resources. Corey Quinn once said, and I’m paraphrasing, “the only way to see everything you have running in your AWS account is to look at your AWS bill.”

    Read More

    Developers Now Own Security, and That's a Good Thing

    Josh Stella

    Software is eating the world. In the age of cloud computing, developers now own the security posture of your enterprise because the cloud is fully software-defined and programmable. If that scares you, it's because you haven't given your developers the tools to create secure systems. The good news is that you can, but you need to change how you think about security.

    Read More

    Cloud Network Security 101: AWS Security Groups vs NACLs

    Becki Lee

    In part two of the Cloud Network Security blog series, we will discuss two methods of securing your network within Amazon Web Services: security groups and network access control lists (NACLs). Both resource types act as a virtual firewall to protect your network, and they have some similarities. For example, security groups and NACLs both use sets of inbound and outbound rules to control traffic to and from resources in a VPC.

    Read More

    Cloud Network Security 101: AWS VPC Endpoints

    Becki Lee

    Network security is critical to operating in the cloud. There are many different ways you can secure your network, but the best approach is to layer multiple methods. The more layers implemented in your security, the harder it is for malicious actors to access your network.

    Read More

    A Technical Analysis of the Capital One Cloud Misconfiguration Breach

    Josh Stella

    UPDATE: August 26, 2019Since posting this, AWS has made some public statements regarding the breach that shed some light on what likely happened. From their response to Senator Ron Wyden, AWS stated:"As Capital One outlined in their public announcement, the attack occurred due to a misconfiguration error at the application layer of a firewall installed by Capital One, exacerbated by permissions set by Capital One that were likely broader than intended. After gaining access through the misconfigured firewall and having broader permission to access resources, we believe a SSRF attack was used (which is one of several ways an attacker could have potentially gotten access to data once they got in through the misconfigured firewall." "As discussed above, SSRF was not the primary factor in...

    Read More
    Fugue Developer

    Free Cloud Security for Engineers

    • Visualize your cloud infrastructure
    • Run policy checks and get feedback
    • Detect change and eliminate misconfiguration
    GET STARTED CONTACT SALES