As more enterprises adopt the cloud, the issue of cloud security has become a top priority. The cloud is fundamentally different than the datacenter. Just as it requires a shift in how we think about architecture and operations, we need to shift our thinking on cloud security and compliance and bake it into DevOps and CI/CD processes (i.e., DevSecOps) rather than bolt it on later. Failing to do so puts your organization at serious risk of a critical data breach. Infrastructure misconfiguration is the number one cloud risk Fugue recently released its Cloud Infrastructure Misconfiguration Report, which found that 93 percent of IT and security professionals are concerned that their organization is at risk of a major security breach due to misconfiguration, and twenty-seven percent (27%)...
Last week, Fugue released its Cloud Infrastructure Misconfiguration Report, which presents the results of our survey of more than 300 IT and security professionals from enterprise-level organizations. What surprised many of us at Fugue the most was the steep cost incurred by enterprises in their attempt to manage cloud misconfiguration, which is still largely a complex, manual process in an otherwise automated world of cloud. You can read more about that in The Cost of Cloud Misconfiguration Whack-a-Mole. Today let’s focus on the risk that cloud misconfiguration brings to the enterprise, and what our survey reveals about the severity of the problem. In short, it’s bad. An overwhelming majority (93%) say they are “somewhat concerned” or “highly concerned” that their organization is at...
It’s never been easier or faster for companies using the cloud to deploy infrastructure on AWS. That’s the good news. The not-so-good news? You can’t move fast without compromising security, compliance, and control. Well, you can’t unless you automate your cloud infrastructure policies, including compliance and security. Hold that thought for a moment. Here are four common hurdles nearly every organization using the cloud encounters: Inconsistent enforcement of regulatory compliance policies (PCI, HIPAA, NIST 800-53) Uneven use of internal governance policies Uncontrolled shadow IT, ad hoc automation, and tooling sprawl Increased demand for cloud expertise Viewed from a higher level, companies using the cloud need to see all resources running across environments, accounts,...
No matter how you built your cloud—no matter what tools or services you’ve used to provision an application’s infrastructure—you can migrate existing workloads to Fugue easily and securely with no downtime. At AWS re:Invent this week, November 27 - December 1, test out Fugue’s automated infrastructure governance with our team at booth 1600 or explore Fugue’s new migration and enhanced compliance capabilities at www.fugue.co/migrate. By migrating to Fugue, enterprises, agencies, and DevSecOps teams in any organization centralize their control and visibility of systems running in the cloud, while accelerating secure deployments and updates. Human error—typical with scaled, enterprise infrastructure and costly in dollars and consumer trust—is drastically reduced since Fugue highlights...
One of the most difficult things to understand about the cloud is the shape and extent of your overall application in it, whether you’re manually building your app’s infrastructure using the AWS Console or CLI, or scripting it using CloudFormation or another provisioning tool. Solutions architects, developers, and systems administrators make countless diagrams for customers and internal teams trying to provide a consumable, accurate view of what’s running or what a team would like to deploy. We’ve all learned the hard way that doing this manually is both error prone and quickly out of date. Fugue’s Composer, part of the original vision of Fugue, maps your application’s cloud infrastructure with automated, interactive diagrams that show your whole system in real time and the...
Fugue now supports the Amazon Web Services (AWS) GovCloud region, which means federal agencies, like enterprises, can automate operations in the cloud fast, while simultaneously meeting regulatory demands. Fugue deployments start with powerful, but easy-to-understand code declarations in a composition that governs a system’s infrastructure. By including select libraries in that composition with simple import statements, a particular agency’s compliance regime gets integrated from the start. This kind of fully realized policy-as-code provides a scalable protocol for agency cloud ops and increases speed to mission. The Power Behind Policy-as-Code The power behind policy-as-code lies in validations. Fugue ships with some common validations, but also enables agencies and businesses to...
This article was first published in DZone's Cloud Zone on April 3, 2017. The repercussions of recent cloud outages—AWS’s S3 crash and Azure’s Active Directory cascading failure—linger in IT departments and manifest in revenue loss. But, the bigger story is that the next outage is around the corner—unpredictable, coming to get us on a random Tuesday. Whether businesses are using cloud providers, on-premise data centers, or hybrid setups to host web services and backends, infrastructure failures are a fact of life and have to be on our radars as a matter of routine. This makes architecting for failure and for the future, from the start, among the most pressing imperatives for business IT departments. The next five years will see the rise and democratization of centralized control...
In a recent report, Ovum described Fugue as "a CMDB for APIs." A configuration management database (CMDB) is a single source of truth for configuration of complex systems. This is a crucial aspect of Fugue, one where running your operations with Fugue offers a lot of value to you. Fugue's CMDB is an effect of our declarative model for configuration, built around our typesafe, compiled Ludwig language. The Fugue CMDB is not a proprietary store with a form-based interface; it is Ludwig code, managed in a VCS of your choice, like git or svn. That code is a declarative configuration of infrastructure (or other API) state. Once it is run as a process in Fugue, that declaration is made real and immutable with machine precision. In this way, a well-managed body of Ludwig compositions and a...
The approach taken by Fugue is to allow cloud infrastructure to be treated as code. This concept is required if developers are to generate applications that can exploit the cloud's capabilities and deliver on the promise of immutable infrastructure. -Ovum's On The Radar report on Fugue Fugue provides simplification of your life on the cloud through abstractions. Abstractions can be expressed in one of two ways: as black boxes, or as language. Fugue puts as much into language as we can, so that you can do things with it that we didn't predict. Black boxes are easier for a platform builder to make, because they do things in one particular way. They are also less flexible for the user, because they do things in one particular way, which may not be the way the user needs or prefers.
"Much more than encryption algorithms, one-way hash functions are the workhorses of modern cryptography." —Bruce Schneier Cryptographic hashes (or one-way hash functions) allow us to compute a digest that uniquely identifies a resource. If we make a small change anywhere in a resource, its digest also changes—drastically, because of the Avalanche effect. Figure 1. Notice the small, single letter change in the input resource in the third row and the corresponding, drastic changes to its digest. Cf. citation. This characteristic makes the hashes very practical for detecting changes in applications that deal with dependency trees. If we include the cryptographic hashes of the dependencies of a resource in the resource's own cryptographic hash, we have a cheap way to check if a...
.png?width=36&height=36&name=linkedin%20(1).png){kind=small}
.png?width=36&height=36&name=twitter%20(1).png){kind=small}
