Fugue Risk Manager Released to Identify Cloud Compliance Violations

Fugue, a company automating enterprise cloud security and compliance enforcement to prevent data breaches and policy violations due to misconfiguration, has announced the availability of its Fugue Risk Manager solution. A Software-as-a-Service offering, Fugue Risk Manager can identify compliance violations in cloud environments and automatically remediate unauthorized infrastructure changes.

Enterprise cloud teams can use this SaaS solution, Fugue Risk Manager, to scan cloud infrastructure and identify policy violations for a number of compliance regimes, including Amazon Web Services (AWS Cloud) Center for Internet Security (CIS) Benchmarks, National Institute of Standards and Technology (NIST) 800-53 Rev. 4, General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), as well as custom, customer-specified controls.

Fugue Risk Manager can then enforce known-good infrastructure baselines provisioned by the cloud team in order to identify configuration drift and automatically remediate it as soon as it occurs.

“Enterprises operating at scale on cloud face a governance challenge—how to ensure everything that’s running in their cloud adheres to compliance and security policy and is free of misconfiguration that can lead to critical security incidents,” said Phillip Merrick, CEO of Fugue. “Fugue Risk Manager provides enterprises with autonomic governance over their cloud infrastructure while supporting the speed and agility needed in today’s competitive environment.”

Cloud-Native Solution

The cloud would be fundamentally different than the data center, while introducing new demands for security and compliance. The risk of infrastructure misconfiguration due to human error can increase with highly dynamic, API-driven cloud infrastructure and can result in data breaches, system downtime, and costly compliance violations.

Fugue Risk Manager addresses this risk with a cloud-native solution to provide security, compliance, and infrastructure teams with a single source of truth for their cloud infrastructure and the assurance that it always remains in compliance with policy.

To sum up, Fugue Risk Manager scans cloud environments to:

  • Discover running cloud infrastructure resources
  • Identify infrastructure compliance violations
  • Generate comprehensive compliance reports

Once known-good infrastructure baselines have been established, Fugue Risk Manager can:

  • Identify unauthorized change and configuration drift
  • Automatically remediate drift events back to the provisioned baseline
  • Generate reports on remediation events for compliance

Fugue Risk Manager integrates with today’s cloud infrastructure provisioning tools to allow for approved changes while preventing unauthorized changes that can lead to compliance issues and security breaches.

“Traditionally, there’s been a chasm between security teams that need to ensure critical data is protected, compliance teams that need to ensure policy adherence, and infrastructure teams that need to move fast and innovate,” said Josh Stella, co-founder and CTO of Fugue. “These competing priorities have often been at odds with each other. Fugue Risk Manager is designed to eliminate these tradeoffs and provide cloud stakeholders with a common, single source of truth for cloud infrastructure and the assurance it remains secure, compliant, and resilient.”