Fugue, the company empowering engineers to build and operate secure cloud systems, cites product innovation, growing awareness of cloud misconfiguration risk, and the engineer-led movement to address cloud security with engineering solutions as its primary drivers for growth in 2019.

In the past year, the company introduced several innovations to its award-winning cloud security product, gained significant new customers, and contributed two new open source projects for cloud infrastructure policy as code tooling. Engineer empowerment and education will continue to serve as the pillars of the company’s product roadmap and growth strategy in 2020.

Engineering Solutions for Cloud Security 

The number one cause of cloud data breaches is infrastructure misconfiguration

The number one cause of cloud data breaches is infrastructure misconfiguration, whether due to human error or a lack of effective controls. Since engineers build and operate their cloud infrastructure, they own the security of that infrastructure. Fugue empowers cloud engineers to identify and remediate misconfiguration vulnerabilities in their AWS (Amazon Web Services) and Microsoft Azure environments before malicious actors can find and exploit them.

In 2019, the company merged its two products—Fugue Platform and Fugue Risk Manager—into a unified Software as a Service (SaaS) solution that delivers dynamic cloud infrastructure visualisation tools and advanced cloud security and compliance capabilities. Fugue helps developers “shift left” to incorporate security early in the software development life cycle (SDLC), and access robust compliance assurance and reporting capabilities for custom enterprise rules and out-of-the-box compliance standards such as CIS Foundations Benchmark for AWS and Azure, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI-DSS, SOC 2, and Fugue Best Practices. 

Fugue Developer

At AWS re:Invent 2019, the company launched Fugue Developer, a free tier that provides individual engineers with the tools they need to build and operate securely in highly dynamic and regulated cloud environments.

Unlike most cloud security solutions that can require weeks of implementation time, engineers can get up and running with Fugue rapidly, often in about 15 minutes. Fugue won the 2019 CyberSecurity Breakthrough Award for IaaS Security Solution of the Year for the second year in a row.

Adoption of Open Policy Agent (OPA)

Fugue strongly supports the open source community by promoting the adoption of Open Policy Agent

Fugue continued to demonstrate its strong support of the open source community by promoting the adoption of Open Policy Agent (OPA) and Rego language for validating cloud infrastructure for policy compliance.

Fugue announced OPA as the policy as code engine for its SaaS solution and continues to introduce additional open source tools that use OPA, including Regula, which validates Terraform infrastructure as code for policy compliance, and Fregot, which improves the developer experience working with Rego. Policies developed for Regula are portable with Fugue’s custom policy capabilities.

Significant New Customers and Growth

It’s only January, but we know that 2020 will bring more of the same cloud misconfiguration threats and security challenges to organisations across all industries,” said Josh Stella, co-founder and CTO of Fugue. “They must contend with an ever-growing number of increasingly sophisticated misconfiguration attacks, but as we’ve been seeing, when cloud engineers understand misconfiguration risk and are empowered with innovative tools to address them, these challenges can be overcome.

In 2019, Fugue, attracted a significant number of industry-leading new customers to its unified SaaS solution, including AT&T, SAP, Manitoba Blue Cross, A+E Networks, TravelBank, RedVentures, SparkPost, GlobalGiving, A|L Media, TurningTechnologies, EMSI, GoGuardian, New Light Technologies, PublicRelay, and a large financial services institution.

  • Fugue dramatically shortened the amount of time the customer needed to enable developers to provision AWS infrastructure as well as to ensure compliance to policy.”- SAP
  • "Fugue is helping us achieve better integration and collaboration between our development, security, and compliance teams to ensure compliance and shift left on enforcing additional compliance standards."- Manuel Solis, Senior Security Infrastructure Engineer, TrueCar
  • "I may spend half a day standing up a new product, and it's still sort of opaque about what direct value they offer. But five minutes after I signed up for Fugue, I could scan an account and see what was not in compliance and what had drifted."- Dave Williams, Cloud Architect, New Light Technologies

Building awareness of cloud misconfiguration attacks

2019 was the year that cloud exploits graduated from simple misconfiguration attacks to significantly more advanced methods, resulting in high profile breaches against organisations widely recognised as cloud security leaders.

The Fugue team invested in creating educational resources and programs to help engineers and organisations understand cloud misconfiguration risk and address their cloud security and compliance challenges. For example, the Fugue Best Practices Framework helps cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What are the new trends and opportunities in video storage?
What are the new trends and opportunities in video storage?

Video storage has been a challenge since the days of VCRs and videotape. Storing images is a central need for any video systems, especially one that is focused on the forensic and investigative aspects of video. Today, digital video is stored on hard drives and even in the cloud. Increasingly, video is considered “data” that drives a variety of video analytics and even artificial intelligence (AI) applications. We asked this week’s Expert Panel Roundtable: What are the new trends and opportunities in video storage?

How to deter thieves on construction sites
How to deter thieves on construction sites

Construction site theft can cause project delays, property damage and loss of profit for companies in the construction sector. It is imperative to deter thieves from targeting construction sites with the help of construction site security. Here, we look into the various security options and how they can help protect your firm from the threat of a break-in. Construction theft has soared during the COVID-19 Pandemic Construction site theft is an ever-increasing problem in the UK, costing the industry an estimated £800 million per year. Unfortunately, this type of crime has accelerated further throughout lockdown by an estimated 50% due to the abandonment of construction sites across the UK. With many uncertainties around a potential second wave in the UK, it is time for construction firms to enhance their security strategies to help prevent thieves from becoming opportunists on construction sites. Why are construction sites ‘easy’ targets? Construction sites can easily be targeted, as they typically lack adequate security loss prevention practices. The most popular security-related issues that are leading causes of construction site theft are: Poor overall site security Multiple pieces of equipment sharing the same keys Easy access to open cabs Unsecured sites, particularly at night and over weekends Lack of product identification systems If you do not want your site becoming a costly statistic, you might want to try implementing some or all of these preventive measures. Strengthen your perimeter Putting a clear boundary around a construction site will help to prevent youths and members of the public from inadvertently wandering onto the site. To stop opportunist thieves in their tracks, you will need to go one step further by erecting robust fencing and concrete blocks along with signage warning intruders about the consequences of trespassing. Putting a clear boundary around a construction site will help to prevent youths and members of the public from inadvertently wandering onto the siteIf potential trespassers can see that it would be too challenging to attempt a break-in, then they will look elsewhere to find another construction site which is not as well secured. Lock away valuable tools When considering the vulnerabilities in your construction site, it pays to think about this from the perspective of a criminal. What is it exactly that they are looking for? What can a thief steal easily to make money if they were to remove something from your site? Unfortunately, many construction firms do not lock away their tools, materials or vehicles properly, which makes them an easy target. Ensure valuable tools and materials are locked away and are not left unsecured or lying around. Criminals are mostly interested in scaffolding, bowsers and other valuables that are quick to sell on, so it is important to have a strategy in place to keep these locked away, safe and securely. Put tracking devices in your equipment If you are unable to securely lock away valuable tools, then modern technology makes securing equipment easier than ever before. Tracking devices can be installed onto vehicles and equipment; if any thief is unwise enough to steal from the site, site owners will be able to provide the location to the police who will be able to follow this up. Site owners should also engrave company identification numbers on valuable tools, equipment and vehicles so that it can easily be identified and will serve as proof who it rightly belongs to. Invest in CCTV Closed Circuit Television, otherwise known as CCTV, is renowned for being one of the most effective deterrents for thieves, especially when it comes to construction and building sites.The items that criminals steal from sites are notoriously hard to trace The items that criminals steal from sites are notoriously hard to trace, but if you have CCTV, there is a chance that you can capture clear footage to help bring criminals to justice, such as footage of the vehicle used and the car licence plate. CCTV cameras can help to oversee every inch of a construction site, and can even be hidden out of sight where required. Step up with regular site patrols With a wide range of security monitoring methods available, stepping up on regular site patrols can help to keep track and respond to any criminal activity taking place on your site. Traditional site patrols can be carried out on a schedule by professional SIA-approved security agents. With the presence of guards patrolling a construction site, any criminals in the area will be deterred to force entry onto the site. Schedule supply deliveries on an as-needed basis To prevent an excess of supplies ‘sitting around’ on the site, construction site managers should instead order what is needed at the time, so that valuable materials are not left around waiting to be stolen for weeks at a time. Good planning and excellent communication between the team will be required so that projects are not delayed, but planning accordingly will help to reduce the chances of theft on a construction site. Drone surveillance As technology becomes more and more advanced, drone surveillance may soon be a security option that many construction sites could benefit from.Many construction firms in the UK are using drone services to provide aerial images, and are seeing huge cost savings by either purchasing and operating their own drones or by hiring out the work to a company equipped to provide imaging.As technology becomes more and more advanced, drone surveillance may soon be a security option With surveillance drones already handling tasks like mapping and surveying of construction sites, one day they may be able to patrol construction sites at night, equipped with motion sensors and infrared or night vision cameras; They could be automatically deployed from a charging station and fly along a pre-programmed route at regular intervals. One to keep an eye on for the near future! Construction site security to help protect your site If you are ready to tighten security on your own construction site, then your starting point will be to identify your main vulnerabilities and get in touch with a reputable security specialist.

AI in security: The crystal ball you’ve been waiting for
AI in security: The crystal ball you’ve been waiting for

One of the biggest trends in security and technology today is centered around solutions that take advantage of the wealth of connected security systems and devices powering the organisations all over the world. As the number of cloud-powered systems and sensors have massively grown in recent years, security leaders in the private and public sectors have started to look at ways to leverage the data from these devices to better the lives of employees, customers, and residents. But while the dream of creating a smarter, safer environment remains the top priority for organisations throughout the world especially as they continue to face the ramifications of the COVID-19 pandemic, a myriad of factors hold security leaders back from implementing more advanced technologies across their infrastructures. AI as a disruptor of physical security One of the main reasons being that the advent of these cloud based technologies indubitably generate massive amounts of data that hamper any practical use by security professionals and often times create cognitive overload and paralysis by analysis. A myriad of factors hold security leaders back from implementing more advanced technologies across their infrastructures Organisations face the challenge of trying to answer numerous questions using the big data generated by the various systems and technologies. How are they going to handle the influx of information that all these disparate systems generate? How can it be analysed to extract any useful information or insight? What IT security controls are put in place to safeguard the data? How can the data be effectively curated and funneled to the right people at the right time? How can we make our security footprint be more proactive rather than constantly reactive? The answer is artificial intelligence. AI is undoubtedly one of the bigger disrupters in the physical security industry and adoption is growing at a rapid rate. And it’s not just about video analytics. Rather, it is data AI, which is completely untapped by the security industry. Improving your competitive advantage Today, all divisions of an enterprise are trying to leverage AI and big data to improve their competitive advantage and bottom line, including accounting, sales and marketing, material sourcing, and research and development. We need to ensure that the physical security industry realises they can significantly benefit from better, faster, and more accurate intelligence from the now unstructured, bottomless silos of security data; only then will this result in positioning physical security from a primarily reactive business to a revolutionary new proactive environment. AI is undoubtedly one of the bigger disrupters in the physical security industry and adoption is growing at a rapid rate As an industry, we need to focus on reinventing how security personnel and safety resources are allocated in the public safety and corporate security industry. And it all has to start with intelligence derived from big data using AI. Security leaders in the physical security and law enforcement industry can combine multiple data sources with predictive and prescriptive analytics and artificial intelligence to inform and dynamically deploy personnel, assets, and technologies. This approach drives automation of their current manual processes to maximise the effectiveness and efficiency of their entire security operations. Intelligently predicting the future? Bottom line: AI can change up your security game by automatically deciphering information to predict the future using a wide range of sources and data that have been collected, whether past, present, and future. That’s right; you can look into the future. By grabbing a hold of this AI-powered crystal ball, decision-makers can perform long-term strategic planning and informed day-to-day operational decision making. And what’s more, AI powered platforms are software-based, often delivered using as-a-service business models that empower security personnel to go beyond traditional static business intelligence visualisation and reporting systems to transformative dynamic, predictive and prescriptive decision-making environments. Today’s platforms are also not your traditional, old school, expensive PSIMs; they are cost-effective, configurable to your needs and dare we say, easy to operate. Every security leader I have spoken with lately want to extend AI to their security programs. They don't always know precisely where AI will fit, but they understand the need to operationalise more of their security practices. The overall why is that we should all work collaboratively to help organisations across the globe leverage the tools available to transition away from a reactive stance and gain informed insight into the future where we are truly prepared for and one step ahead of what is coming down the road.