Fugue, the company putting engineers in command of cloud security, announced next-generation cloud security posture management (CSPM) capabilities to help customers bring their cloud infrastructure into compliance and demonstrate that cloud environments adhere to enterprise security policies.

The new features leverage Fugue’s cloud state machine, which captures every resource configuration over time in a cloud environment, and Fugue’s policy engine based on Open Policy Agent (OPA), the open source standard for policy-as-code. Fugue’s cloud state machine and OPA-based policy engine provide customers with continuous visibility into the full configuration state and security posture of their entire cloud footprint.

Third party business intelligence

With Fugue’s new data warehouse, teams can leverage this data to use with their third party business intelligence (BI) and security information and event management (SIEM) tools to gain better insights into their cloud environments.

New integrations with Google Cloud’s Looker Business Intelligence Platform access data from the data warehouse to deliver advanced out-of-the-box reporting and data analytics capabilities that help teams understand their cloud security posture in full context while radically streamlining compliance audits.

Enterprise cloud environments

With Fugue, we now have access to the full configuration and compliance history of our cloud"

“Fugue has simplified the process of maintaining and demonstrating compliance for our cloud environment, a task that now requires fewer resources and a fraction of the time,” said Dale Courtney, IT Manager at Emsi. “With Fugue, we now have access to the full configuration and compliance history of our cloud and can analyse that data and create our own custom reports in ways we haven’t been able to before.”

“Today’s dynamic and complex enterprise cloud environments - and the modern attacks that put them at risk  - have far outpaced the ability of repurposed datacenter tools to keep data secure,” said Phillip Merrick, CEO of Fugue.

Demonstrated cloud compliance

“Cloud is 100% software-defined, making cloud security a software engineering problem, not a traditional security analysis one. Fugue’s next-generation CSPM takes a software engineering approach to cloud security so our customers can get their cloud configurations into compliance quickly and ensure they stay that way - without ever slowing them down.”

Fugue’s next-generation CSPM capabilities empower teams to continuously demonstrate compliance using:

  • The data warehouse that provides access to the complete configuration and compliance history of their cloud infrastructure environments for use with third party BI and SIEM tools.
  • Advanced reporting with Google Looker that makes it easy to demonstrate cloud compliance to management and auditors - including historical audits.
  • Configuration state modeling of every resource, relationship, and configuration attribute to understand cloud security in full context and over time.
  • Policy-as-code analysis using OPA that automatically assesses the security posture of cloud infrastructure environments and delivers a detailed and prioritised path to bring them into compliance.
  • Interactive, exportable visual maps that create a shared understanding across teams of what’s running in a cloud environment, including all resource relationships and security vulnerabilities.

Eliminate cloud misconfiguration

Fugue identifies cloud misconfiguration and compliance violations and helps teams eliminate it with:

  • Cloud configuration baselining and drift detection to understand every change made to a cloud environment and whether those changes violate policy or introduce misconfiguration vulnerabilities.
  • Configuration drift reporting that includes detailed remediation feedback and API-based integrations so teams can get the notifications they need, when they need them.
  • Baseline enforcement that makes security-critical configurations self-healing by automatically remediating unauthorised change - without the need for automation scripts or the risk of unintended destructive events.

Software development lifecycle

Fugue empowers engineers to find and fix cloud security and compliance issues early in the software development lifecycle with:

  • On-demand policy checks for dev environments to identify security issues and get the feedback needed to remediate them and move forward.
  • An API to integrate cloud security in CI/CD pipelines that automatically run policy checks on cloud infrastructure configurations prior to deploying to production.
  • Infrastructure-as-code validation with Regula, Fugue’s open source tool that applies the same OPA policy-as-code rules used to assess running cloud environments.

Industry compliance standards

Fugue provides turnkey support for industry compliance standards including CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, and SOC 2. Fugue supports custom enterprise policies using OPA and provides the Fugue Best Practices framework to protect against advanced misconfiguration exploits that compliance standards miss.

Fugue offers Enterprise and Team plans under a 30-day free trial, and the free Fugue Developer plan for individual engineers. It takes 15 minutes to get up and running with Fugue.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

In case you missed it

What are the challenges and benefits of mobile access control?
What are the challenges and benefits of mobile access control?

There is a broad appeal to the idea of using a smartphone or wearable device as a credential for physical access control systems. Smartphones already perform a range of tasks that extend beyond making a phone call. Shouldn’t opening the door at a workplace be among them? It’s a simple idea, but there are obstacles for the industry to get there from here. We asked this week’s Expert Panel Roundtable: What are the challenges and benefits of mobile access control solutions? 

Securing a sustainable future
Securing a sustainable future

The UK Government has set out an ambitious ten-point plan, known as the green industrial revolution, with an aim “to forge ahead with eradicating its contribution to climate change by 2050.” This makes our government the first major economy to embrace such a legal obligation. Green recovery Acknowledging climate change and meeting net-zero is a demanding challenge especially for those affected by the pandemic. But the UK Government, with the launch of its aspiring strategy, is investing everything in its power to promote a ‘green recovery.’ Here, Reece Paprotny, Commercial Manager and Sustainability Champion at Amthal, highlights how the fire and security industry has an opportunity to use the current recovery period to explore its own sustainable journey and embrace the significance of environment, economic and social collaboration, transparency, and accountability. Employing sustainable technologies Pressure is mounting on construction to find ways to reduce emissions and help meet net-zero targets The perception is that COVID-19 presents a once-in-a-lifetime opportunity to re-write the existing rulebook. This is riding on the significance of changing public support for more environmentally friendly living opportunities, with associated cost savings, efficiencies, and cleaner industries. Innovative sustainable technologies are the key to kickstart this route to success.  Nowhere can this be seen more than in the built environment, which currently contributes to 40% of the UK's carbon footprint. Pressure is mounting on construction to find ways to reduce emissions and help meet net-zero targets. This is through the entire life cycle of a building, to reduce their impact on the environment from planning stages, through build and demolition. Building the right environment By creating the right policy environment, incentives for innovation and infrastructure, the Government can encourage companies to seize the sustainable opportunities of new technologies and value chains linked to green sectors. They can accelerate the shift of current carbon-intensive economic and industrial structures onto greener trajectories, enabling the UK to meet global climate and development goals under the Paris Agreement on climate change and the 2030 Agenda for Sustainable Development. Transparent working practices Each industry sector is expected to engage and pledge its support to achieve the significant deadlines. Every company can make a difference, even with small steps towards a sustainable future. So whilst elements such as safety and security represent just one component of building the right sustainable environment, it paves the way to opening up our sector to greater efficiencies, transparent working practices, and encourages collaborative use of resources. Sustainability in security The security sector has a significant opportunity to incorporate ‘going green’ into its practices In fact, the security sector has a significant opportunity to incorporate ‘going green’ into their processes, and practices. This is right from product lifecycles to more environmentally friendly work practices when it comes to maintenance and monitoring services. When integrating environmentally friendly practices, starts with the manufacturing and production of the wide variety of systems in operation for the security sector. And some certifications and guidelines can be achieved, such as the ISO 14000 which looks into eliminating hazardous materials being used which in turn will reduce carbon footprint.  Upgrading supply chain process Observing the complete supply chain and working with partners to reduce unnecessary travel, shipments, and transportation of products, can all contribute and create sustainable processes.  In the maintenance and monitoring of products, it is essential installers and security specialists consider their own environmental impacts. Simple changes such as switching company vehicles to electric options for site visits can make a significant difference to climate change and improving air quality. Presenting sustainable ways of disposing of products at the end of their natural lifecycle is key to change in our sector. This is especially in the security industry where many customers will need a complete overhaul of outdated solutions or need systems upgrading due to changing threat levels. Sustainable evolution Progress is being made, specifically in the fire and security industry, in its sustainable evolution. Businesses are trying to develop a reputation for “sustainability” or “good corporate citizenship.” And it has gone well beyond the theory to the practical, where companies recognise activities have an impact on the environment and are also reviewing the social and economic influences. Three pillars of sustainability In a recent interview, Inge Huijbrechts, the Global Senior Vice President for safety and security and Responsible Business at Radisson Hotel Groups sees her vision to combine safety, security, and sustainability. Inge focuses on three pillars, namely, Think People, Think Community, and Think Planet. Think People means that we “always care for the people in our hotels and our supply chain.” So, in outwards communications, safety and security were always part of the Think People focus area. Think Community is caring and contributing in a meaningful way to communities where we operate. Finally, Think Planet makes sure that “our footprint on the environment is as light as it can be in terms of energy, water, waste, and carbon, and making sure that we incorporate sustainability into our value proposition.” Moving forward Apprenticeship schemes are integral to ‘think people’ and have a role to play in the social impact on the security industry There are immediate actions that can be taken by companies in the security industry to support sustainable development, working right from within a company to supporting industry-wide initiatives. From a social perspective, at a foundation level, “Think People’ can see the Living Wage Foundation as an example of a commitment to a team.  This is for businesses that choose to go further and pay a real Living wage based on the cost of living, not just the Government minimum. Apprenticeship schemes are also integral to ‘think people’ and have a pivotal role to play on the social impact on the security industry.  It addresses the sector-wide issue of finding employees with the right mix of skills to collaborate and meet discerning consumer demands for increasingly smart security solutions for homes and businesses. Impact of the full lifecycle of products From an environmental view, or ‘think planet,’ we need to collectively look at all elements of our industry, with a desire to analyse the impact of ingredients used, supply chain, or manufacturing alone, and also consider the full lifecycle of our selected products from creation to end of life. As Jamie Allam, CEO Amthal summarises, “This is a long-term, sustainable investment in our people, our products, and our business based on our values.” “When put together, a social team which feels empowers and operates in environmental optimum working conditions is in a position to provide a great experience to our customers, creating an economic positive difference. It forms the basis of a sustainable sector vision for the security industry-wide to adopt.” Taking action Amthal is taking action based on the ready-made universally agreed UN 17 Sustainable Development Goals. Also known as Global Goals, these are at the heart of the 2030 Agenda for Sustainable Development, adopted by all United Nations Member states. This agenda is a plan of action for people, the planet, and prosperity. By being an early adopter, we believe we can engage with customers, partners, and suppliers on these issues and generate opportunities to innovate for mutual and industry sector benefit. Together, we can contribute to building a more sustainable security sector and future, and contribute to the UK Government’s green industrial revolution.

What is the impact of privacy concerns on physical security?
What is the impact of privacy concerns on physical security?

Adoption of General Data Protection Regulation (GDPR) by the European Union in 2016 set a new standard for data privacy. But adherence to GDPR is only one element, among many privacy concerns sweeping the global security community and leaving almost no product category untouched, from access control to video to biometrics. Because privacy concerns are more prevalent than ever, we asked this week’s Expert Panel Roundtable: What is the impact on the physical security market?