As more enterprises adopt the cloud, the issue of cloud security has become a top priority. The cloud is fundamentally different than the datacenter. Just as it requires a shift in how we think about architecture and operations, we need to shift our thinking on cloud security and compliance and bake it into DevOps and CI/CD processes (i.e.,DevSecOps) rather than bolt it on later. Failing to do so puts your organization at serious risk of a critical data breach.
We are thrilled to announce that the Fugue Compliance Suite is available today. The Compliance Suite is a set of validation libraries for provisioning and orchestrating infrastructure with Fugue. The prepackaged libraries help to enforce security and regulatory controls specified in compliance frameworks such as NIST 800-53, HIPAA, and GDPR, as well as best practices such as the AWS CIS Benchmarks.
Last week, Fugue released its Cloud Infrastructure Misconfiguration Report, which presents the results of our survey of more than 300 IT and security professionals from enterprise-level organizations. What surprised many of us at Fugue the most was the steep cost incurred by enterprises in their attempt to manage cloud misconfiguration, which is still largely a complex, manual process in an otherwise automated world of cloud. You can read more about that in The Cost of Cloud Misconfiguration Whack-a-Mole.
Today, Fugue released its Cloud Infrastructure Misconfiguration Report, which presents the results of our survey of IT and security professionals from more than 300 enterprise organizations. At Fugue we’re out to solve cloud misconfiguration, so we live and breathe this stuff every day. But even we were surprised by the survey’s findings. The risks due to cloud misconfiguration are generally acknowledged. 92 percent of respondents are concerned about these risks, and 82 percent reported security and compliance incidents resulting from them. The problem is so big, Gartner’s Neil MacDonald estimates that, by 2020, 80 percent of cloud breaches will be due to misconfiguration and human error. Yes, cloud misconfiguration risk is real. But what's the cost of managing it? That said, I’d...
Cloud infrastructure misconfiguration has emerged as the number one cause of data breaches in the cloud. Rather than application software vulnerabilities, it’s actually misconfigured network settings, firewall rules, storage access policies, and other cloud resources that put our data at most risk. We’ve talked a lot about the risk of cloud misconfiguration and why it’s critically important to have a Mean Time to Remediation (MTTR) for cloud infrastructure misconfiguration that’s measured in minutes, not hours or days. But why are cloud misconfiguration MTTRs more often measured in hours or days? And how many man-hours are teams wasting in their attempts to manage this problem? We work with a wide variety of enterprises using cloud at scale—from federal agencies to Fortune 500...
As more organizations accelerate adoption of cloud infrastructure for increased efficiencies and scalability, they are faced with the challenge of identifying and correcting misconfiguration. Cloud infrastructure misconfiguration can occur anywhere in your infrastructure. If not corrected immediately after discovery, it can expose organizations to unforeseen risks. The longer misconfiguration is left unattended, the higher the risk of a critical security breach. Below are some of the most common kinds of cloud infrastructure misconfiguration and the resulting data breaches. Download the Cloud Infrastructure Misconfiguration ebook for more detailed information on misconfiguration and best practices on how to prevent it. Related Posts Cloud Infrastructure...
In last week’s blog post, we discussed the seriousness of cloud misconfigurations and the impact they can have on organizations as they move to the cloud. The fallout from cloud misconfigurations can be severe: steep regulatory fines, loss of customer data, damage to your reputation, or loss of customer trust. In this post, we address some of the most common cloud infrastructure misconfigurations and consequences resulting from the misconfiguration. AWS Security Group Misconfigurations AWS security groups are associated with EC2 server instances and provide security at the port and protocol access level. A security group misconfiguration can allow an attacker to access your cloud-based servers and exfiltrate data. A common security group misconfiguration is to make a server...
It has never been faster or easier to get something deployed in the cloud. Every day, it seems that cloud service providers like AWS and Azure are delivering a slew of new services that make it easier for enterprises to move their workloads to the cloud. Unfortunately, security and compliance may be left behind. The cloud offers increased efficiencies and scalability, but organizations need to also pay attention to security and compliance requirements or they could put themselves at risk. What does it mean to move both fast and safely to the cloud? You should follow a few fundamental steps: 1) Discover what is running. Most companies have existing environments in the cloud, so it’s important to know what is running and where. The cloud provides APIs for querying what’s in your...
Launched in 2011, AWS CloudFormation was a game changer because it was one of the first template-based, infrastructure-as-code (IaC) tools that provided the ability to express the full cloud infrastructure stack as configuration files. It wasn’t limited to the OS layer like traditional configuration management tools. However, organizations that operate on AWS under strict security rules and compliance regimes (i.e., HIPAA, PCI, NIST 800-53) need to make sure their infrastructure is created in accordance with the applicable security and regulatory policies—and stays aligned in the face of constant change. The Risk of Cloud Misconfigurations, Drift, and Policy Violations IaC tools like CloudFormation (CF) were not designed to address security and compliance comprehensively, and they...
For many people, their home is their largest and most valuable investment. However, most do not know how well their home is functioning. With the emerging of Internet of Things (IoT) technologies, any device can be put on your home network and be at your command. A home automation system can control lighting, climate, entertainment systems and appliances. A “connected” or smart home provides a wealth of information that can be used to save the homeowner money, time and frustration. One company, Whisker Labs, is leveraging data analytics from energy IoT devices to deliver home intelligence via energy savings and greater peace of mind. The company’s sensing and software technology mines the electrical network of the home, detecting electrical fire hazards. Energy management services...
.png?width=36&height=36&name=linkedin%20(1).png){kind=small}
.png?width=36&height=36&name=twitter%20(1).png){kind=small}
