IT organizations rely on infrastructure-as-a-code platforms to apply unified security controls to cloud environments. Fugue has announced that its software-as-a-service platform, which secures infrastructure-as-code (IaC) deployments, now supports Kubernetes clusters. This would help developers avoid potentially misconfiguring Kubernetes clusters.
Developers are increasingly writing code to automatically provision, manage, and monitor cloud infrastructure, rather than manually configuring each device and operating system. The developer typically does not work with the security team to do so, which means the odds are pretty high the cloud infrastructure may be misconfigured.
The challenge is to reduce those misconfigurations without slowing down the developers as they deploy applications onto the cloud infrastructure.
The cloud security company employs policy-as-code automation based on the open source Regula policy engine to ensure proper security controls are implemented for IaC and cloud runtime environments. This way, teams can establish IaC security visibility across their organizations.
Regula is a declarative programming language that employs the Open Policy Agent (OPA) software being developed under the Cloud Native Computing Foundation (CNCF). With this release, organizations can secure infrastructure as code for Kubernetes, Terraform, and AWS CloudFormation. There are also prebuilt policies that align with the CIS Foundation’s Kubernetes Benchmark.
Fugue's platform can save cloud teams significant time and ensure consistent policy enforcement across the development life cycle. Fugue says engineering teams can now deliver secure cloud infrastructure three times faster, using 50% fewer engineering hours.
“Engineering teams are increasingly using a mix of container orchestration, virtual machines, and serverless across cloud providers, and using different policies for everything wastes a tremendous amount of time and invites vulnerabilities to slip through the cracks,” stated Fugue CEO Josh Stella in a release. “Teams need a unified way to secure everything at every stage of the development life cycle, and with support for Kubernetes, they can secure all of the infrastructure as code and apply those policies to their running cloud environments.”
The announcement was made during this week’s KubeCon + CloudNativeCon North America conference. Read more here.