Fugue, the company empowering engineers to build and operate secure cloud systems, cites product innovation, growing awareness of cloud misconfiguration risk, and the engineer-led movement to address cloud security with engineering solutions as its primary drivers for growth in 2019.
In the past year, the company introduced several innovations to its award-winning cloud security product, gained significant new customers, and contributed two new open source projects for cloud infrastructure policy as code tooling. Engineer empowerment and education will continue to serve as the pillars of the company’s product roadmap and growth strategy in 2020.
Engineering solutions for cloud security and compliance
The number one cause of cloud data breaches is infrastructure misconfiguration, whether due to human error or a lack of effective controls. Since engineers build and operate their cloud infrastructure, they own the security of that infrastructure.
Fugue empowers cloud engineers to identify and remediate misconfiguration vulnerabilities in their AWS and Azure environments before malicious actors can find and exploit them.
In 2019, the company merged its two products—Fugue Platform and Fugue Risk Manager—into a unified Software as a Service (SaaS) solution that delivers dynamic cloud infrastructure visualization tools and advanced cloud security and compliance capabilities.
Fugue helps developers “shift left” to incorporate security early in the software development life cycle (SDLC), and access robust compliance assurance and reporting capabilities for custom enterprise rules and out-of-the-box compliance standards such as CIS Foundations Benchmark for AWS and Azure, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI-DSS, SOC 2, and Fugue Best Practices.
At AWS re:Invent 2019, the company launched Fugue Developer, a free tier that provides individual engineers with the tools they need to build and operate securely in highly dynamic and regulated cloud environments.
Unlike most cloud security solutions that can require weeks of implementation time, engineers can get up and running with Fugue rapidly, often in about 15 minutes.
Fugue won the 2019 CyberSecurity Breakthrough Award for IaaS Security Solution of the Year for the second year in a row.
Driving open source innovation for policy as code
Fugue continued to demonstrate its strong support of the open source community by promoting the adoption of Open Policy Agent (OPA) and Rego language for validating cloud infrastructure for policy compliance.
Fugue announced OPA as the policy as code engine for its SaaS solution and continues to introduce additional open source tools that use OPA, including Regula, which validates Terraform infrastructure as code for policy compliance, and Fregot, which improves the developer experience working with Rego.
Policies developed for Regula are portable with Fugue’s custom policy capabilities.
“It’s only January, but we know that 2020 will bring more of the same cloud misconfiguration threats and security challenges to organizations across all industries,” said Josh Stella, co-founder and CTO of Fugue.
“They must contend with an ever-growing number of increasingly sophisticated misconfiguration attacks, but as we’ve been seeing, when cloud engineers understand misconfiguration risk and are empowered with innovative tools to address them, these challenges can be overcome.”
Significant new customers and growth
In 2020, Fugue attracted a significant number of industry-leading new customers to it’s unified SaaS solution, including AT&T, SAP NS2, Manitoba Blue Cross, A+E Networks, TravelBank, RedVentures, SparkPost, GlobalGiving, A|L Media, TurningTechnologies, EMSI, GoGuardian, New Light Technologies, PublicRelay, and a large financial services institution.
“Fugue dramatically shortened the amount of time the customer needed to enable developers to provision AWS infrastructure as well as to ensure compliance to policy.” – SAP NS2
“Fugue is helping us achieve better integration and collaboration between our development, security, and compliance teams to ensure compliance and shift left on enforcing additional compliance standards.” – Manuel Solis, Senior Security Infrastructure Engineer, TrueCar
“I may spend half a day standing up a new product, and it’s still sort of opaque about what direct value they offer. But five minutes after I signed up for Fugue, I could scan an account and see what was not in compliance and what had drifted.” – Dave Williams, Cloud Architect, New Light Technologies
Building awareness of cloud misconfiguration risk and prevention
2019 was the year that cloud exploits graduated from simple misconfiguration attacks to significantly more advanced methods, resulting in high profile breaches against organizations widely recognized as cloud security leaders.
The Fugue team invested in creating educational resources and programs to help engineers and organizations understand cloud misconfiguration risk and address their cloud security and compliance challenges.
For example, the Fugue Best Practices Framework helps cloud engineering and security teams identify and remediate dangerous cloud resource misconfigurations that aren’t addressed by common compliance frameworks.
The company held several webinars that featured live simulations of advanced misconfiguration exploits, and executives have led presentations at industry events including the OPA Summit at KubeCon and the InfoSec World Cloud Security Summit.