Skip to content

    Latest Posts

    Tips for Moving Fast and Safely to the Cloud

    Richard Park

    It has never been faster or easier to get something deployed in the cloud. Every day, it seems that cloud service providers like AWS and Azure are delivering a slew of new services that make it easier for enterprises to move their workloads to the cloud. Unfortunately, security and compliance may be left behind. The cloud offers increased efficiencies and scalability, but organizations need to also pay attention to security and compliance requirements or they could put themselves at risk. What does it mean to move both fast and safely to the cloud? You should follow a few fundamental steps: 1) Discover what is running. Most companies have existing environments in the cloud, so it’s important to know what is running and where. The cloud provides APIs for querying what’s in your...

    Read More

    Securing AWS CloudFormation Stacks with Fugue

    Fugue Team

    Launched in 2011, AWS CloudFormation was a game changer because it was one of the first template-based, infrastructure-as-code (IaC) tools that provided the ability to express the full cloud infrastructure stack as configuration files. It wasn’t limited to the OS layer like traditional configuration management tools. However, organizations that operate on AWS under strict security rules and compliance regimes (i.e., HIPAA, PCI, NIST 800-53) need to make sure their infrastructure is created in accordance with the applicable security and regulatory policies—and stays aligned in the face of constant change. The Risk of Cloud Misconfigurations, Drift, and Policy Violations IaC tools like CloudFormation (CF) were not designed to address security and compliance comprehensively, and they...

    Read More

    How Whisker Labs Protects Consumer Data and Streamlines Compliance in the Cloud

    Fugue Team

    For many people, their home is their largest and most valuable investment. However, most do not know how well their home is functioning. With the emerging of Internet of Things (IoT) technologies, any device can be put on your home network and be at your command. A home automation system can control lighting, climate, entertainment systems and appliances. A “connected” or smart home provides a wealth of information that can be used to save the homeowner money, time and frustration. One company, Whisker Labs, is leveraging data analytics from energy IoT devices to deliver home intelligence via energy savings and greater peace of mind. The company’s sensing and software technology mines the electrical network of the home, detecting electrical fire hazards. Energy management services...

    Read More

    Why Maintaining Continuous PCI Compliance on AWS Matters to GlobalGiving

    Fugue Team

    One of the most common regulations out there is PCI, which helps ensure the security of financial and personal information for payment card transactions. Any organization that accepts credit card payments, or stores, processes and transmits cardholder data, must be PCI compliant. That means most organizations, from not-for-profits to small businesses to large corporations, must comply. Non-compliance can result in costly fines or worse: data breaches, a loss of customer trust, and lasting brand damage. For organizations adopting cloud, maintaining PCI compliance brings new challenges. PCI governs how IT infrastructure--such as servers, networks, and databases--must be configured to ensure data is protected at all times. But in the cloud, infrastructure is programmable and...

    Read More

    Announcing our Partnership with In-Q-Tel (IQT)

    Drew Wright

    Since its founding, Fugue has set out to transform how cloud infrastructure is kept safe and secure. Today, we’re thrilled to announce our strategic partnership and development agreement with In-Q-Tel (IQT) to help advance its mission for U.S. government agencies. For nearly two decades, the not-for-profit strategic investor IQT has accelerated the development and delivery of innovative technology solutions to support the mission of the U.S. government agencies that keep our nation safe. We are proud to join them in supporting this effort. Fugue can help federal agencies automate security and compliance for cloud infrastructure to identify and eliminate risks stemming from misconfiguration and policy violations. By preventing compliance violations and automatically returning...

    Read More

    Introducing Fugue Compliance Suite: Stay Compliant in the Cloud

    Diem Shin

    We are thrilled to announce that the Fugue Compliance Suite is available today. The Compliance Suite is a set of validation libraries for provisioning and orchestrating infrastructure with Fugue. The prepackaged libraries help to enforce security and regulatory controls specified in compliance frameworks such as NIST 800-53, HIPAA, and GDPR, as well as best practices such as the AWS CIS Benchmarks. As a reminder, a validation is a type of “policy as code” that tests your infrastructure. If a validation fails, such as determining that an S3 bucket has been defined in an unpermitted AWS region, then the infrastructure code will not compile and cannot be deployed. Our Compliance Suite validations ensure that infrastructure does not violate controls specified in a compliance framework. For...

    Read More

    Eliminating Cloud Misconfiguration with Baseline Enforcement

    Drew Wright

    As more enterprises adopt the cloud, the issue of cloud security has become a top priority. The cloud is fundamentally different than the datacenter. Just as it requires a shift in how we think about architecture and operations, we need to shift our thinking on cloud security and compliance and bake it into DevOps and CI/CD processes (i.e., DevSecOps) rather than bolt it on later. Failing to do so puts your organization at serious risk of a critical data breach. Infrastructure misconfiguration is the number one cloud risk Fugue recently released its Cloud Infrastructure Misconfiguration Report, which found that 93 percent of IT and security professionals are concerned that their organization is at risk of a major security breach due to misconfiguration, and twenty-seven percent (27%)...

    Read More

    Cloud Misconfiguration Bedevils Enterprises at an Alarming Rate

    Drew Wright

    Last week, Fugue released its Cloud Infrastructure Misconfiguration Report, which presents the results of our survey of more than 300 IT and security professionals from enterprise-level organizations. What surprised many of us at Fugue the most was the steep cost incurred by enterprises in their attempt to manage cloud misconfiguration, which is still largely a complex, manual process in an otherwise automated world of cloud. You can read more about that in The Cost of Cloud Misconfiguration Whack-a-Mole. Today let’s focus on the risk that cloud misconfiguration brings to the enterprise, and what our survey reveals about the severity of the problem. In short, it’s bad. An overwhelming majority (93%) say they are “somewhat concerned” or “highly concerned” that their organization is at...

    Read More

    Why You Should Care About Cloud Infrastructure Governance

    Drew Wright

    It’s never been easier or faster for companies using the cloud to deploy infrastructure on AWS. That’s the good news. The not-so-good news? You can’t move fast without compromising security, compliance, and control. Well, you can’t unless you automate your cloud infrastructure policies, including compliance and security . Hold that thought for a moment. Here are four common hurdles nearly every organization using the cloud encounters: Inconsistent enforcement of regulatory compliance policies (PCI, HIPAA, NIST 800-53) Uneven use of internal governance policies Uncontrolled shadow IT, ad hoc automation, and tooling sprawl Increased demand for cloud expertise Viewed from a higher level, companies using the cloud need to see all resources running across environments, accounts,...

    Read More

    No Matter How You Built Your Cloud…

    Drew Wright

    No matter how you built your cloud—no matter what tools or services you’ve used to provision an application’s infrastructure—you can migrate existing workloads to Fugue easily and securely with no downtime. At AWS re:Invent this week, November 27 - December 1, test out Fugue’s automated infrastructure governance with our team at booth 1600 or explore Fugue’s new migration and enhanced compliance capabilities at www.fugue.co/migrate . By migrating to Fugue, enterprises, agencies, and DevSecOps teams in any organization centralize their control and visibility of systems running in the cloud, while accelerating secure deployments and updates. Human error—typical with scaled, enterprise infrastructure and costly in dollars and consumer trust—is drastically reduced since Fugue highlights...

    Read More
    Fugue Developer

    Free Cloud Security for Engineers

    • Visualize your cloud infrastructure
    • Run policy checks and get feedback
    • Detect change and eliminate misconfiguration
    GET STARTED CONTACT SALES