When it comes to cloud infrastructure security, two trends emerged in a big way in 2019: headline-producing cloud-native exploits, and the developer movement to address these threats using secure engineering approaches.

 Today, we announced Fugue Developer, a free tier designed for individual engineers to build and maintain secure cloud infrastructure in highly dynamic and regulated cloud environments. Get started here and you'll have a visualization of your AWS or Azure environment in minutes. 

Adopting the Rego policy language and the Open Policy Agent (OPA) engine for Fugue’s cloud security SaaS product has paid real dividends for us and our customers. It enables Fugue users to easily create custom policies for their cloud infrastructure environments using open source tools, and it’s helped us implement out-of-the-box policy as code.

Today we released the Fugue Best Practices Framework to help software engineering teams identify and remediate the kinds of dangerous cloud resource misconfigurations used in recent data breaches that aren’t addressed by common compliance frameworks (see A Technical Analysis of the Capital One Cloud Misconfiguration Breach).

Just like the challenges of managing large cloud infrastructure operations led to the development of infrastructure as code, ensuring the security and compliance of those environments led to policy as code. Cloud infrastructure environments are simply too vast, complex and dynamic to address with traditional security approaches such as manual.

Today we announced that Fugue now supports Microsoft Azure, in addition to Amazon Web Services (AWS). Our customers increasingly use multiple Cloud Service Providers (CSPs), and they want a single Cloud Security Posture Management (CSPM) solution that spans multiple CSPs. Now Fugue for Microsoft Azure is now generally available, and we’re.

We’re thrilled that DeveloperWeek NYC has awarded Fugue a DevProject Award for the work our amazing engineering and product teams delivered to bring our Software as a Service (SaaS) solution for cloud security and compliance to market.

Fugue is excited to announce support for AWS GovCloud. This enables public sector customers to leverage public cloud resources while remaining compliant. Our product supports AWS GovCloud regions which meets specific regulatory and compliance requirements for US government agencies such FedRAMP High and ITAR.

As organizations increase their cloud footprint, gaining visibility into their cloud resources becomes an arduous but essential task. It is critical to understand how your cloud resources are provisioned and configured as well as identifying any misconfigurations. Many security and compliance teams address these needs by working with system.

At Fugue, we are obsessed with infrastructure baselines and especially with how they are utilized to correct cloud resource misconfiguration and drift—the leading cause of cloud-based data breaches. Baselines are a relatively new concept, so we thought an informative blog post about baselines, what they are, why organizations need them, and how.