Fugue works closely with a national media company that produces content for millions of consumers worldwide. The company has been working with the cloud for the past decade. It has dozens of AWS accounts with heavy usage of EC2, Lambda, ECS, VPC, and S3. To support media operations, the company is using AWS Media Services including MediaConnect, MediaConvert, and Kinesis Video Streams.
The company has recognized the need to establish cloud security best practices. It created an internal “Cloud GRC” team by consolidating DevOps, security, and architecture functions into a single team to determine best practices and governance for cloud architecture and operations.
- Ensure that specific AWS security-related services including Config, GuardDuty, and CloudTrail are always enabled on every AWS account
- Detect unauthorized changes to cloud resource configurations that could potentially lead to data breaches
- Oversee how third-party vendors create resources in the media company’s AWS accounts; ensure that vendors are delivering what they promised and their resources are securely configured
- Use Fugue’s Open Policy Agent-based rules engine to check for the required AWS services; send a notification if any service is not enabled
- Run Fugue Best Practices and CIS AWS Foundations Benchmark rules on resources to verify they are securely configured
- Protect against misconfiguration by notifying users of any drift from an established baseline
- Send all notifications to channels monitored by the Cloud GRC team
As a significantly sized media company, the organization relies on the cloud’s benefits of elasticity and scalability to handle ever-increasing demands to encode and decode large amounts of video data, among other cloud operations. The company needs to ensure that its cloud services are secure and protected against misconfiguration and malicious attackers.
Fugue provides confidence that the required AWS services are always running on every cloud account. If any services are disabled, Fugue sends a notification to the Cloud GRC team. Fugue also helps ensure that infrastructure resources are properly configured against a known good baseline. Any changes to resource configuration are tracked as Fugue drift events and processed by the Cloud GRC team as part of its change management process.