In this TCP Talks episode, Justin Brodley and Jonathan Baker talk with Josh Stella, co-founder and CEO of Fugue, a cloud security company that helps businesses run faster on the cloud without breaking any rules. 

Josh shares insights from Fugue’s State of Cloud Security 2021 Report, and highlights key themes, including preventative security measures, automation, and engineering-first compliance. 

According to the report, within the next two years, all but 1% of security breaches will be caused by misconfiguration of cloud resources. Josh and his team at Fugue aim to minimize these mistakes by simplifying cloud security through a systems-based approach.

One way to streamline security, Josh notes, is to take advantage of automation. With cloud environments becoming increasingly complex, relying on pure knowledge will soon be untenable. Josh urges business leaders to embrace automation to reduce the risk of human error in their security systems. 

Josh also discusses how businesses can declutter security tech stacks, the “land grab” happening in the cloud, and trends he predicts will shape the future of cloud compliance. 

Name: Josh Stella 

What he does: Josh is the co-founder and CEO at Fugue, a cloud security company on a mission to help businesses move faster by ensuring safe cloud environments. He has over a decade of experience in the cloud security space, including positions at Amazon Web Services and in national security. 

Key quote: “If Fugue as a software vendor and as domain experts in cloud security can’t make your job a lot easier through tooling, then we’re not doing our job.”

Where to find him: LinkedIn | Twitter | YouTube

While compiling the State of Cloud Security 2021 Report, Josh and his team at Fugue interviewed over 300 organizations. They found that as cloud environments have grown and become more complex, organizations are seeing more instances of misconfigurations. 

According to the report, 49% of respondents experienced over 50 misconfigurations per day. Another interesting detail: For the first time since Fugue started compiling its annual report, Identity and Access Management (IAM) was the number one concern regarding misconfigurations.

Josh argues that automation is the next step in making cloud environments more secure. Fugue aims to make security automation easy by providing pre-built rules and templates to automatically check code and monitor deployments. 

Looking forward, Josh is optimistic that automation will become a key piece in enterprise cloud security. “The thing I would like to see a change in is the attitude that security problems are because people are screwing up … [I would like to see people] thinking about how to actually solve these problems, which is through computer science and automation,” he says.

One way to enable automation is to put engineering departments in charge of compliance, as opposed to traditional security teams. According to the State of Cloud Security 2021 Report, more than 66% of businesses are delegating security policy to engineering teams — a trend Josh hopes to see continue. 

He says that today, engineering and DevOps teams work so fast security teams struggle to keep pace. Businesses that haven’t moved responsibility for security over to these teams are more likely to experience those potentially dangerous misconfigurations.