In an earlier blog post, we discussed at a high level how security can shift left regarding cloud infrastructure. In this post, we'll drill in with more detail on how this can be done through the discrete phases of the Software Development Life Cycle (SDLC), beginning with the development phase, and extending through testing, and ultimately all.

We're hearing a lot about “shifting left” these days in the industry, and like most popular terms the meaning can be hard to pin down, and some of the implications buried. This post will focus on how to shift security and compliance left in cloud computing. These two functions are closely related, but the operational aspect of each is quite.

There is a lot of talk about DevSecOps these days, and we've been working in the area for years now and have learned some things that work and some that don't. First, we'll give you our view on what DevSecOps is, and then we'll make a few recommendations on how to start doing it and get real results in an hour or two!

A lot of folks have realized that manually fixing cloud infrastructure to correct security and compliance issues is just too slow and error prone to handle the threat landscape on the cloud. An increasingly common approach to speeding up remediation these days is to use cloud functions, such as AWS Lambda or Azure Functions, connected to a.

Yesterday, we showed you how you can use Fugue to scan your AWS infrastructure, discover what resources you have running, and identify any policy violations for compliance frameworks like HIPAA, GDPR, NIST 800-53, and the AWS CIS Benchmarks.

We’re thrilled to announce that Fugue is now offering a Software-as-a-Service solution for enforcing continuous cloud infrastructure compliance, is now available (start your free trial here). We’re at AWS re:Invent 2018 all week, so stop by booth 2305 to learn more.

Last week, Fugue released its Cloud Infrastructure Misconfiguration Report, which presents the results of our survey of more than 300 IT and security professionals from enterprise-level organizations. What surprised many of us at Fugue the most was the steep cost incurred by enterprises in their attempt to manage cloud misconfiguration, which is.