Fugue and CWS Team Up to Close Enterprise Cloud Security Gaps with End-to-End Policy as Code Enforcement

Fugue and CWS Team Up to Close Enterprise Cloud Security Gaps with End-to-End Policy as Code Enforcement-01

CWS, an IT services company helping large, heavily regulated enterprises migrate to the cloud, has partnered with Fugue, a cloud security SaaS company, to deliver developer-first cloud security for time-sensitive and mission-critical cloud deployments. Using the same policies for infrastructure as code checks and the cloud runtime environment, Fugue’s SaaS platform secures cloud infrastructure at every stage of the software development life cycle. Together, CWS and Fugue are focused on the rapid delivery of secure cloud infrastructure, starting with a large telecommunications company and resulting in a 90% faster deployment using 50% fewer engineering resources.

“Time and again we see critical cloud initiatives get bogged down in time-consuming enterprise security processes that kill development velocity,” said Rajat Sharma, founder of CWS. “After evaluating a number of tools, Fugue was the only one that addressed cloud security end-to-end using the same set of policies, reducing delivery times for security-critical cloud infrastructure from months to days and requiring only a fraction of the engineering investment previously needed.”

Also Read: Creating an Effective Incident-Response Plan

“Security is the rate-limiting factor for how fast enterprises can go in the cloud, and key to changing this is developer-centric security based on policy as code and automated enforcement,” said Josh Stella, co-founder and CEO of Fugue. “CWS has a track record of helping engineering teams innovate fast in challenging regulatory environments, and we’re thrilled they’ve chosen Fugue as their platform for operationalizing cloud security across the software development life cycle.”

CSA CloudBytes Webinar with Fugue and CWS

Josh Stella and Rajat Sharma are delivering a session for Cloud Security Alliance’s CloudBytes webinar series to demonstrate how companies can use policy as code and automation to move faster and more securely in the cloud. For more information and registration on “Transforming Enterprise Cloud Security to Supercharge Developer Velocity,” visit www.brighttalk.com/webcast/10415/515768.

About the Fugue SaaS Platform

Fugue is the only platform with a single policy engine so engineering teams can operationalize cloud security pre- and post-deployment.

  • Infrastructure as Code (IaC) Security. Fugue provides IaC security for cloud resource configurations (Terraform; AWS CloudFormation) and container orchestration (Kubernetes Manifests). Cloud engineers can check their IaC configurations locally and develop custom enterprise policies using Fugue’s Unified Policy Engine, built on Open Policy Agent, the open standard for policy as code. Enterprises can centrally manage policies and ensure consistent enforcement across the organization.
  • Cloud Compliance. Fugue fully automates compliance assessments and reporting across Amazon Web Services, Microsoft Azure, and Google Cloud. Fugue provides turnkey coverage for SOC 2, NIST 800-53, GDPR, PCI, HIPAA, ISO 27001, CSA CCM, CIS Controls, CIS Docker, and CIS Foundations Benchmarks for Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Kubernetes. Prioritized remediation guidance helps teams bring cloud environments into compliance quickly and build confidence and trust with management, auditors and customers.
  • Cloud Native Security. Fugue detects common and complex cloud misconfiguration vulnerabilities before malicious hackers can find and exploit them. Fugue’s unified policy engine supports multi-resource rules that can evaluate configurations in context and identify vulnerabilities such as overly broad identity and access management (IAM) policies and user permissions. Teams can investigate cloud indicators of compromise (IoCs) and create a forensic audit trail of all cloud resource changes over time.
  • For more such updates follow us on Google News ITsecuritywire News