I’ve now been in the role of CEO here at Fugue for a number of weeks, and thought it might be worthwhile to lay out my reasons for joining this fantastic company. First off, I’d like to say a big “thank you” to the wonderful staff and customers of Fugue who have given me a very warm and enthusiastic welcome. Not only that, they have graciously and patiently entertained my many, many questions. I’ve spent the past 10 or more years helping lead innovative and fast-growing cloud and SaaS companies such as VisualCV (an early AWS customer) and SparkPost. Before that—at webMethods—I helped leading companies like Dell and Bank of America utilize our pioneering web services software in early cloud applications. One of the common concerns we had at all these companies was ensuring that the...
DevOps provides IT enterprises with the ability to rapidly iterate on smart, fast software deployments. Relying on powerful version control and build tools like Github and Jenkins enables DevOps teams to save time and money by including development and operations in a single automated pipeline. However, in some DevOps environments, security is often neglected or avoided because of the perception that the security team will introduce inefficiencies and dramatically slow the pace of development. Bypass the unnecessary risks of this approach by integrating security directly into your DevOps pipeline. DevSecOps Provides Agile Security DevSecOps is established by placing security controls in every phase of your pipeline. Common best practices include: Training: Educate engineers to...
In late November of 2017, I informed Fugue's Board that I intended to lead a search for a new CEO. We had a substantial amount of money on the balance sheet, some really impressive customers, a solid product, and a highly motivated team - many of the things needed to attract a world class CEO. My passion has always been for technology and team building, and it's been an amazing 4 years at the helm through the R&D and engineering phases of the company and well into the go-to-market execution phase, but I've known since founding Fugue that someday I'd look for a partner to fulfill Fugue's potential, and the time is right. Growing Fugue is now about execution in the market, building out great sales and marketing functions, and scaling the business. We've put together great teams to...
My previous blog post, Python Mocking 101: Fake It Before You Make It, discussed the basic mechanics of mocking and unit testing in Python. This post covers some higher-level software engineering principles demonstrated in my experience with Python testing over the past year and half. In particular, I want to revisit the idea of patching mock objects in unit tests. Patching External Clients Clients in this post refer to any objects that create side effects, such as disk or network I/O. Consider a class, CloudCreator, that receives messages over HTTP, generates some side effects by creating cloud infrastructure, and sends messages over HTTP in response: import http_client class CloudCreator : def __init__(self) : self.network_client =...
Launched in 2011, AWS CloudFormation was a game changer because it was one of the first template-based, infrastructure-as-code (IaC) tools that provided the ability to express the full cloud infrastructure stack as configuration files. It wasn’t limited to the OS layer like traditional configuration management tools. However, organizations that operate on AWS under strict security rules and compliance regimes (i.e., HIPAA, PCI, NIST 800-53) need to make sure their infrastructure is created in accordance with the applicable security and regulatory policies—and stays aligned in the face of constant change. The Risk of Cloud Misconfigurations, Drift, and Policy Violations IaC tools like CloudFormation (CF) were not designed to address security and compliance comprehensively, and they...
Since its founding, Fugue has set out to transform how cloud infrastructure is kept safe and secure. Today, we’re thrilled to announce our strategic partnership and development agreement with In-Q-Tel (IQT) to help advance its mission for U.S. government agencies. For nearly two decades, the not-for-profit strategic investor IQT has accelerated the development and delivery of innovative technology solutions to support the mission of the U.S. government agencies that keep our nation safe. We are proud to join them in supporting this effort. Fugue can help federal agencies automate security and compliance for cloud infrastructure to identify and eliminate risks stemming from misconfiguration and policy violations. By preventing compliance violations and automatically returning...
We are thrilled to announce that the Fugue Compliance Suite is available today. The Compliance Suite is a set of validation libraries for provisioning and orchestrating infrastructure with Fugue. The prepackaged libraries help to enforce security and regulatory controls specified in compliance frameworks such as NIST 800-53, HIPAA, and GDPR, as well as best practices such as the AWS CIS Benchmarks. As a reminder, a validation is a type of “policy as code” that tests your infrastructure. If a validation fails, such as determining that an S3 bucket has been defined in an unpermitted AWS region, then the infrastructure code will not compile and cannot be deployed. Our Compliance Suite validations ensure that infrastructure does not violate controls specified in a compliance framework. For...
No matter how you built your cloud—no matter what tools or services you’ve used to provision an application’s infrastructure—you can migrate existing workloads to Fugue easily and securely with no downtime. At AWS re:Invent this week, November 27 - December 1, test out Fugue’s automated infrastructure governance with our team at booth 1600 or explore Fugue’s new migration and enhanced compliance capabilities at www.fugue.co/migrate. By migrating to Fugue, enterprises, agencies, and DevSecOps teams in any organization centralize their control and visibility of systems running in the cloud, while accelerating secure deployments and updates. Human error—typical with scaled, enterprise infrastructure and costly in dollars and consumer trust—is drastically reduced since Fugue highlights...
One of the most difficult things to understand about the cloud is the shape and extent of your overall application in it, whether you’re manually building your app’s infrastructure using the AWS Console or CLI, or scripting it using CloudFormation or another provisioning tool. Solutions architects, developers, and systems administrators make countless diagrams for customers and internal teams trying to provide a consumable, accurate view of what’s running or what a team would like to deploy. We’ve all learned the hard way that doing this manually is both error prone and quickly out of date. Fugue’s Composer, part of the original vision of Fugue, maps your application’s cloud infrastructure with automated, interactive diagrams that show your whole system in real time and the...
Twenty minutes or two weeks to spin up your new applications and new product features? Automated care and feeding of infrastructure that requires minimal human intervention or bespoke care and feeding that requires continual attention? The choice seems pretty obvious. Back in 2006, Jeff Bezos was building Amazon Web Services (AWS) to solve a core problem for businesses: undifferentiated heavy lifting. Getting great ideas and applications to market fast is key in holding a competitive edge. If you transform parts of the IT pipeline that require a lot of time, effort, and money—the same parts that every business has to contend with—into fast, easy-to-use, efficient parts, you win. Or, at least, you’re a few laps ahead. Bezos, with foresight to grow AWS into what’s now the largest cloud...
.png?width=36&height=36&name=linkedin%20(1).png){kind=small}
.png?width=36&height=36&name=twitter%20(1).png){kind=small}
