Fugue, the company empowering engineers to build and operate secure cloud systems, cites product innovation, growing awareness of cloud misconfiguration risk, and the engineer-led movement to address cloud security with engineering solutions as its primary drivers for growth in 2019.

In the past year, the company introduced several innovations to its award-winning cloud security product, gained significant new customers, and contributed two new open source projects for cloud infrastructure policy as code tooling. Engineer empowerment and education will continue to serve as the pillars of the company’s product roadmap and growth strategy in 2020.

Engineering Solutions for Cloud Security 

The number one cause of cloud data breaches is infrastructure misconfiguration

The number one cause of cloud data breaches is infrastructure misconfiguration, whether due to human error or a lack of effective controls. Since engineers build and operate their cloud infrastructure, they own the security of that infrastructure. Fugue empowers cloud engineers to identify and remediate misconfiguration vulnerabilities in their AWS (Amazon Web Services) and Microsoft Azure environments before malicious actors can find and exploit them.

In 2019, the company merged its two products—Fugue Platform and Fugue Risk Manager—into a unified Software as a Service (SaaS) solution that delivers dynamic cloud infrastructure visualisation tools and advanced cloud security and compliance capabilities. Fugue helps developers “shift left” to incorporate security early in the software development life cycle (SDLC), and access robust compliance assurance and reporting capabilities for custom enterprise rules and out-of-the-box compliance standards such as CIS Foundations Benchmark for AWS and Azure, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI-DSS, SOC 2, and Fugue Best Practices. 

Fugue Developer

At AWS re:Invent 2019, the company launched Fugue Developer, a free tier that provides individual engineers with the tools they need to build and operate securely in highly dynamic and regulated cloud environments.

Unlike most cloud security solutions that can require weeks of implementation time, engineers can get up and running with Fugue rapidly, often in about 15 minutes. Fugue won the 2019 CyberSecurity Breakthrough Award for IaaS Security Solution of the Year for the second year in a row.

Adoption of Open Policy Agent (OPA)

Fugue strongly supports the open source community by promoting the adoption of Open Policy Agent

Fugue continued to demonstrate its strong support of the open source community by promoting the adoption of Open Policy Agent (OPA) and Rego language for validating cloud infrastructure for policy compliance.

Fugue announced OPA as the policy as code engine for its SaaS solution and continues to introduce additional open source tools that use OPA, including Regula, which validates Terraform infrastructure as code for policy compliance, and Fregot, which improves the developer experience working with Rego. Policies developed for Regula are portable with Fugue’s custom policy capabilities.

Significant New Customers and Growth

It’s only January, but we know that 2020 will bring more of the same cloud misconfiguration threats and security challenges to organisations across all industries,” said Josh Stella, co-founder and CTO of Fugue. “They must contend with an ever-growing number of increasingly sophisticated misconfiguration attacks, but as we’ve been seeing, when cloud engineers understand misconfiguration risk and are empowered with innovative tools to address them, these challenges can be overcome.

In 2019, Fugue, attracted a significant number of industry-leading new customers to its unified SaaS solution, including AT&T, SAP, Manitoba Blue Cross, A+E Networks, TravelBank, RedVentures, SparkPost, GlobalGiving, A|L Media, TurningTechnologies, EMSI, GoGuardian, New Light Technologies, PublicRelay, and a large financial services institution.

  • Fugue dramatically shortened the amount of time the customer needed to enable developers to provision AWS infrastructure as well as to ensure compliance to policy.”- SAP
  • "Fugue is helping us achieve better integration and collaboration between our development, security, and compliance teams to ensure compliance and shift left on enforcing additional compliance standards."- Manuel Solis, Senior Security Infrastructure Engineer, TrueCar
  • "I may spend half a day standing up a new product, and it's still sort of opaque about what direct value they offer. But five minutes after I signed up for Fugue, I could scan an account and see what was not in compliance and what had drifted."- Dave Williams, Cloud Architect, New Light Technologies

Building awareness of cloud misconfiguration attacks

2019 was the year that cloud exploits graduated from simple misconfiguration attacks to significantly more advanced methods, resulting in high profile breaches against organisations widely recognised as cloud security leaders.

The Fugue team invested in creating educational resources and programs to help engineers and organisations understand cloud misconfiguration risk and address their cloud security and compliance challenges. For example, the Fugue Best Practices Framework helps cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

How smart technology is simplifying safety and security in retirement villages
How smart technology is simplifying safety and security in retirement villages

James Twigg is the Managing Director of Total Integrated Solutions (TIS), an independent life safety, security and communication systems integrator, specialising in design & consultancy, technology and regulatory compliance. Total Integrated Solutions work primarily with retirement villages, helping to ensure the safety of residents in numerous retirement villages across the country. In this opinion piece, James shares how smart technology is helping security teams and care staff alike in ensuring the safety and security of their spaces, amid the COVID-19 pandemic and beyond. Impact of smart technology Smart technology is having an impact on pretty much every aspect of our lives Smart technology is having an impact on pretty much every aspect of our lives. From how we travel, to how we work, to how we run our homes. It’s not unusual to have Alexa waking us up and ordering our groceries or Nest to be regulating the temperature and energy in our homes. And while there’s a popular misconception that people in their later years are allergic to technology, retirement villages and care homes are experiencing significant innovation too. And the result is not only improved quality of life for residents, but also improved safety and security systems for management teams. Switching to converged IP systems I’ve been working in the life safety and security industry for over fifteen years. When I first joined TIS, much of the sector was still very analogue, in terms of the technology being installed and maintained. Slowly but surely, we’ve been consulting and advising customers on how to design, install and maintain converged IP systems that all talk to each other and work in tandem. I'm excited to say retirement villages are some of the top spaces leading the way, in terms of technological advancement. Improving the quality of life for residents A move into a retirement village can be daunting and one of the key concerns that we hear about is the loss of independence. No one wants to feel like they are being monitored or to have someone constantly hovering over them. One of the ways we’ve used smart technology to maintain residents' independence is through devices, such as health monitors and motion sensors. For example, instead of having a member of staff check-in on residents every morning, to ensure they are well, sensors and analytics can automatically detect changes in routine and alert staff to possible problems. Similarly, wearable tech, such as smart watches give residents a chance to let staff know they are okay, without having to tell them face-to-face. As our retirement village customers have told us, a simple ‘I’m okay’ command can be the difference between someone feeling independent versus someone feeling monitored. Simplifying and improving security systems Smart technology gives care staff and security oversight of the needs of residents For the teams responsible for the safety of the people, places and spaces within retirement villages, smart technology is helping to improve and simplify their jobs. Smart technology gives care staff and security oversight of the needs of residents, and ensures rapid response if notified by an emergency alert, ensuring they know the exact location of the resident in need. And without the need to go and physically check-in on every resident, staff and management can ensure staff time is being used effectively. Resources can be distributed where they are needed to ensure the safety and wellbeing of those residents who need extra consideration. 24/7 surveillance When planning the safety and security for retirement villages, and other residential spaces, it’s no use having traditional systems that only work effectively for 12 hours a day or need to update during the evening. Surveillance needs to be 24/7 and smart technology allows that without the physical intrusion into people’s spaces and daily lives. Smart technology ensures that systems speak to each other and are easily and effectively managed on one integrated system. This includes video surveillance, which has also become much more effective as a result of advanced video analytics, which automatically warn staff of suspicious behaviour. Securing spaces amid COVID-19 This year has, of course, brought new challenges for safety. COVID-19 hit the retirement and residential care sectors hard, first with the initial wave of infections in mid-2020 and then, with the subsequent loneliness caused by the necessary separation of families. As essential workers, we worked closely with our customers to make sure they had everything they needed As essential workers, we worked closely with our customers to make sure they had everything they needed during this time, equipping residents with tablet devices to ensure they could stay connected with their families and friends. It allowed residents to keep in touch without risking transferring the virus. Thermal cameras and mask detection And now that we’re emerging out of COVID-19 restrictions and most residents can see their families again, we’re installing systems like thermal cameras and mask detection, so as to ensure that security will be alerted to anyone in the space experiencing a high temperature or not wearing proper PPE. Such steps give staff and families alike, the peace-of-mind that operational teams will be alerted at the earliest possible moment, should a COVID-19 risk appear. Thinking ahead to the next fifteen years, I’m excited at the prospect of further technological advancements in this space. Because at the end of the day, it’s not about how complex your security system is or how you compete in the industry. It’s about helping teams to protect the people, spaces and places that matter. I see smart technology playing a huge role in that for years to come.

ASSA ABLOY’s Code Handle protects Fylab physiotherapy practice with secure PIN-operated handles
ASSA ABLOY’s Code Handle protects Fylab physiotherapy practice with secure PIN-operated handles

In all medical settings, people are coming and going all day. Therapists leave their personal belongings in changing rooms, patients want privacy in consulting rooms, open or unlocked doors can be an invitation to opportunists. Yet keeping track of mechanical keys can be a tiresome task for a small practice. There is a solution: the Code Handle PIN lock from ASSA ABLOY. In Irun, in Spain’s Basque country, Fylab sought easy electronic door security for their consulting rooms. These rooms house expensive specialist equipment for the various therapeutic disciplines offered by Fylab. Requirements were straightforward: a simple, secure, keyless access solution designed to work in a facility that gets a lot of daily traffic from professionals and the public. They needed a locking device that is easy to retrofit and incorporates a contemporary device design to match with Fylab’s modern medical workplace. Adding electronic security to room doors The Code Handle PIN-locking door handle added electronic security to three consulting-room doors at FylabThe Code Handle PIN-locking door handle added electronic security to three consulting-room doors at Fylab – without wires or cables. Two screws fit a Code Handle to almost any interior door (between 35mm to 80mm thick). One doesn’t even need to change their existing door cylinder. “I am no artist or handyman, but I managed to fit the handles within 10 minutes,” says Fylab founder, Borja Saldias Retegui. Code Handle adds electronic security to almost any interior door without disrupting its aesthetics. If one needs to secure a door facing a public space, Code Handle does it subtly and with zero hassle. At Fylab, Code Handle devices locks both wooden and glass doors, keeping equipment and therapists’ personal belongings safe. Allows up to 9 different PIN numbers “We like the solution a lot because we can do away with keys,” adds Borja. Code Handle removes the need to track cumbersome keys or install expensive access control. Because every Code Handle allows up to 9 different PIN numbers (4 to 6 digits), all authorised staff at Fylab can have their own security code. Two standard batteries (CR2) slot inside the handle, typically lasting 30,000 lock/unlock cycles before replacement The practice manager cancels or amends PINs at any time using the master PIN. Two standard batteries (CR2) slot inside the handle, typically lasting 30,000 lock/unlock cycles before replacement. It’s simple. “Code Handle is unique in comparison to common code door locks: it has the code function and battery incorporated inside its handle, so you don’t need to make extra modifications to your door,” explains Lars Angelin, Business Development Manager for Code Handle at ASSA ABLOY EMEA. Auto-locking feature of Code Handle Auto-locking is another helpful feature. When the door closes, Code Handle locks it automatically. One doesn’t need to put down whatever they are carrying, and no one can open it from the outside while they are not looking. To keep the door open briefly, one can simply hold Code Handle down for 5 seconds and it remains temporarily unlocked. For convenience, Code Handle always opens freely from the inside. “Code Handle provides the simplest solution for access control in a small facility,” says Borja. To learn more about Code Handle please visit: https://campaigns.assaabloyopeningsolutions.eu/codehandle

What are the challenges and benefits of mobile access control?
What are the challenges and benefits of mobile access control?

There is a broad appeal to the idea of using a smartphone or wearable device as a credential for physical access control systems. Smartphones already perform a range of tasks that extend beyond making a phone call. Shouldn’t opening the door at a workplace be among them? It’s a simple idea, but there are obstacles for the industry to get there from here. We asked this week’s Expert Panel Roundtable: What are the challenges and benefits of mobile access control solutions?