Media Company

Challenges

• Ensure that specific AWS security-related services including Config, GuardDuty, and CloudTrail are always enabled on every AWS account
• Detect unauthorized changes to cloud resource configurations that could potentially lead to data breaches
• Oversee how third-party vendors create resources in the media company’s AWS accounts; ensure that vendors are delivering what they promised and their resources are securely configured

Fugue Solution

• Use Fugue’s Open Policy Agent-based rules engine to check for the required AWS services; send a notification if any service is not enabled
• Run Fugue Best Practices and CIS AWS Foundations Benchmark rules on resources to verify they are securely configured
• Protect against misconfiguration by notifying users of any drift from an established baseline
• Send all notifications to channels monitored by the Cloud GRC team

Business Outcomes

As a significantly sized media company, the organization relies on the cloud’s benefits of elasticity and scalability to handle ever-increasing demands to encode and decode large amounts of video data, among other cloud operations. The company needs to ensure that its cloud services are secure and protected against misconfiguration and malicious attackers.

Fugue provides confidence that the required AWS services are always running on every cloud account. If any services are disabled, Fugue sends a notification to the Cloud GRC team. Fugue also helps ensure that infrastructure resources are properly configured against a known good baseline. Any changes to resource configuration are tracked as Fugue drift events and processed by the Cloud GRC team as part of its change management process.