Fugue simplifies cloud operations with its software-defined system for orchestrating and enforcing cloud infrastructure at scale. Teams can use Fugue to declare the desired state of cloud infrastructure and policies in a collaborative, human-friendly programming language and automate the provisioning, management and teardown of complex cloud environments, while continuously enforcing infrastructure state and policy compliance. On February 17th, 2022, Fugue was acquired by Synk. The terms of the transaction were not disclosed.
Missing: Fugue's Product Demo & Case Studies
Promote your product offering to tech buyers.
Reach 1000s of buyers who use CB Insights to identify vendors, demo products, and make purchasing decisions.
Missing: Fugue's Product & Differentiators
Don’t let your products get skipped. Buyers use our vendor rankings to shortlist companies and drive requests for proposals (RFPs).
Expert Collections containing Fugue
Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.
Fugue is included in 1 Expert Collection, including Cybersecurity.
Fugue has filed 16 patents.
Cloud infrastructure, Cloud computing, Cloud platforms, Cloud storage, Grid computing
Cloud infrastructure, Cloud computing, Cloud platforms, Cloud storage, Grid computing
Latest Fugue News
Aug 25, 2022
Josh Stella examines how organizations must adapt to the ever-changing cloud security threat landscape August 25, 2022 09:30 AM Eastern Daylight Time FREDERICK, Md.--( BUSINESS WIRE )--In a commentary, Josh Stella , chief architect at Snyk , the leader in developer security, explains why the cloud continues to challenge traditional security best practices and provides five steps organizations can implement to transform their cloud security and help teams deliver innovation faster. When an organization migrates its IT systems to the cloud — and builds new applications in the cloud — it relieves its security team of the responsibility of building and maintaining physical IT infrastructure. The shared security model of cloud dictates that cloud service providers (CSPs) such as Amazon Web Services (AWS), Google Cloud, and Microsoft Azure are responsible for the security of the physical infrastructure. Their customers are responsible for the secure use of cloud resources. But embracing the cloud for building and managing new applications means security teams cannot deploy the traditional security technologies and processes they’ve long relied on to thwart cyberattacks. Cloud computing represents a paradigm shift in their roles and responsibilities and their approach to protecting sensitive data against falling into the wrong hands. Developers own their cloud environments The cloud enables developers and engineers to build their infrastructure on the fly without the assistance of a data center team. They have the power to make their own infrastructure decisions — including security-critical configurations — and then change them whenever they need to. When they do make changes, they increase the risk of creating misconfigurations that leave their environment open to attack — vulnerabilities that traditional network and endpoint security solutions cannot detect. Why? Because application programming interfaces (APIs) — the software intermediaries that allow different applications to interact with each other — are the foundation of cloud computing. API-driven cloud environments eliminate the requirement for constructing and maintaining a fixed IT architecture in a centralized data center. The cloud is programmable software, and developers are using infrastructure as code (IaC) to automate the building and managing of cloud infrastructure at scale. These workflows make it impossible to apply the traditional security model of erecting an outward-facing barrier around the perimeter to block incoming attacks, and periodic audits are obsolete before they’re completed. Security in the cloud is a function of design and architecture, not just monitoring and intrusion detection. Cloud attackers are after the cloud control plane APIs for discovery, movement, and data extraction. Organizations must prioritize securing the control plane to prevent hackers from acquiring its API keys. Their approach to security must evolve to keep pace with the hackers. Attackers operate differently in the cloud Bad actors use automation technology to detect weaknesses they can exploit, such as cloud misconfigurations, application vulnerabilities, and API keys in source code. Once they choose their targets, they go hunting for data using the cloud control plane. Control plane compromise has occurred in every major cloud breach that has happened to date. Cloud security teams often find and remediate dozens of misconfiguration issues daily. But misconfigurations are just part of the more significant security threat that represents only one of the paths a hacker can take to achieve control plane compromise. Focusing only on finding and eliminating single resource misconfigurations is tilting at windmills because hackers will eventually slip through. Focusing solely on identifying indicators of compromise (IOCs) is even riskier — cloud breaches can happen in a matter of minutes before teams have a chance to respond, even with the best monitoring, analysis and alerting tools. Study models of cloud security Companies that are getting cloud security “right,” no matter their size or industry, all share five traits: They understand their environment because they have established complete situational awareness about what is happening in their environment at all times. They no longer rely on the legacy approach of conducting periodic audits and reviewing alerts. They understand attackers use automated tools to find and exploit vulnerabilities as soon as they appear and can do significant damage in minutes. They focus on secure architecture because, again, today’s cloud attacks exploit misconfiguration of the whole environment, not just individual resources. This highlights the importance of the cloud security architect’s role in minimizing the risk of control plane compromise — and understanding how their cloud security relates to application security. They empower developers on security. Developers are building cloud applications and environments, and they’re in the best position to address security and prevent issues before they get deployed. Effective security teams equip developers with the tools they need to prevent misconfigurations and design secure cloud environments. They build on a foundation of policy as code (PaC). PaC checks other code and running environments for unwanted conditions for things that should not be. It empowers all cloud stakeholders to check their work and operate securely without ambiguity or disagreement on the rules and how to apply them at both ends of the software development life cycle (SDLC). They maintain process discipline by consistently measuring what matters, such as whether security technologies and processes are reducing the rate of misconfiguration and improving developers’ productivity by automating security checks and approvals. The topline takeaway for your organization is this: Many of the security tools and best practices that worked in the data center cannot protect your cloud environment and data. However, that doesn’t mean you need to ditch everything you’ve been using. Instead, understand which ones still apply and which ones are now obsolete. For instance, application security is as critical as ever, but network monitoring tools that rely on spans or taps to inspect traffic aren’t because cloud providers don't typically provide direct network access. The primary cloud security gaps you need to fill are concerned with resource configuration and the architecture of your environment. The good news is that just as the cloud is programmable and can be automated, so is your cloud environment’s security. You can deploy automation to empower developers to build and operate safely in the cloud and have processes in place to find and fix vulnerabilities before attackers can find them. Your application teams can deliver innovation faster, your cloud engineers can focus more on building value, and your security team can do more with the resources they have. About Josh Stella Josh Stella is chief architect at Snyk and a technical authority on cloud security. Josh brings 25 years of IT and security expertise as founding CEO at Fugue, principal solutions architect at Amazon Web Services, and advisor to the U.S. intelligence community. Josh’s personal mission is to help organizations understand how cloud configuration is the new attack surface and how companies need to move from a defensive to a preventive posture to secure their cloud infrastructure. He wrote the first book on “Immutable Infrastructure” (published by O’Reilly), holds numerous cloud security technology patents, and hosts an educational Cloud Security Masterclass series. Connect with Josh on LinkedIn and via Fugue at www.fugue.co . About Snyk Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings, and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 2,000+ customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce. Visit Snyk at https://snyk.io/ . All brand names and product names are trademarks or registered trademarks of their respective companies. Tags: Snyk, Fugue, cloud security, developer security, SaaS, compliance, Josh Stella, policy as code, infrastructure as code, cybersecurity, cloud, cloud security, control plane, cloud architecture, cloud configuration, cloud misconfiguration, cloud migration, data breach, hackers, application programming interface, API Contacts
Fugue Frequently Asked Questions (FAQ)
When was Fugue founded?
Fugue was founded in 2013.
Where is Fugue's headquarters?
Fugue's headquarters is located at 47 E Saints Drive, Frederick.
What is Fugue's latest funding round?
Fugue's latest funding round is Acquired.
How much did Fugue raise?
Fugue raised a total of $76.69M.
Who are the investors of Fugue?
Investors of Fugue include Snyk, Paycheck Protection Program, New Enterprise Associates, Australian Future Fund, Maryland Venture Fund and 6 more.
Discover the right solution for your team
The CB Insights tech market intelligence platform analyzes millions of data points on vendors, products, partnerships, and patents to help your team find their next technology solution.