Public Relay

Customer Challenge

PublicRelay manages a portfolio of internal and external applications hosted in Amazon Web Services (AWS). These include data analysis applications and customer-facing SaaS applications built using native AWS services such as Lambda, EC2, S3, and containers—all of which need to be architected for security and resilience.

PublicRelay processes copyrighted data and needed a solution that would continuously monitor their AWS infrastructure to detect security issues and deliver prioritized alerts on them. With a growing engineering team, multiple contractors, data suppliers, and vendors, PublicRelay needed a solution that was easy to adopt and deploy for new and existing AWS accounts and get immediate visibility into the security and compliance posture of their environments.

To maintain confidence and trust with their customers, PublicRelay needs to prove that their cloud infrastructure stays secure and in compliance with industry controls, including AWS CIS Foundations Benchmark and SOC 2. To prove this, PublicRelay needed the ability to run on-demand compliance assessments on their AWS environments and receive prioritized remediation guidance and comprehensive executive-level reporting.

The Fugue Solution

PublicRelay chose Fugue as their cloud security solution because it addressed all of their requirements and provided capabilities that aligned with their future technology and security roadmap requirements.

With just a few clicks, the PublicRelay team quickly onboarded their AWS Cloud accounts to Fugue. Within minutes, Fugue provided a comprehensive inventory of all the resources running in PublicRelay’s AWS accounts, along with the complete configuration state and compliance assessment of their environment that included a list of security issues prioritized by severity. Fugue also provided detailed remediation steps for each issue to help PublicRelay bring their environment into compliance quickly.

As Engineering efforts continually evolve the PublicRelay platform, by using Fugue as a trusted partner, PublicRelay is able to ensure that security considerations are made during the development process. Continual audits of production, staging, and QA environments lead to a holistic situational awareness of security posture, something which was impossible before given the sharp growth of deployed components in the application.

As new applications are deployed or existing infrastructure configurations are updated, PublicRelay’s team uses the Fugue API to execute scans on-demand to validate the security of these changes. Using Fugue’s configuration baseline feature, PublicRelay is always aware of any configuration drift and corresponding compliance issues the moment they occur.

PublicRelay uses Fugue’s visualizer to better understand their AWS environment and analyze their architecture without having to access the AWS console or infrastructure declaration files. These visual architecture and network diagrams, along with Fugue’s out-of-the-box compliance reports, are key artifacts PublicRelay includes when establishing baseline security configurations and when requested to share security posture reports with clients.

Results and Benefits

Fugue helped the PublicRelay team get immediate visibility into the security and compliance posture of their AWS environment with very little time and effort required.

With Fugue, PublicRelay always has access to up-to-date checks and compliance standards and they can avoid investing time building control frameworks internally. Because Fugue provides a complete up-to-date inventory and visualization of cloud resources, configuration details, and compliance posture, PublicRelay can ensure their environment is always secure with significantly fewer engineering resources.

As PublicRelay adopts infrastructure as code, Fugue empowers them to "shift left" and check the security of infrastructure as code configurations pre-deployment using the same policies they’re using to evaluate their runtime AWS environment.