Fugue, the company delivering autonomous cloud infrastructure security and compliance, announced the addition of SOC 2 and ISO 27001 to its SaaS solution’s growing list of out-of-the-box compliance standards. Organizations can now use Fugue to demonstrate continuous compliance with a wide range of industry regulations and standards including HIPAA, GDPR, NIST 800-53, AWS CIS Benchmark, PCI, and now SOC 2 and ISO 27001 across their entire cloud computing footprint.
The American Institute of Certified Public Accountants (AICPA) developed SOC 2 as an auditing standard for service providers that store customer data in the cloud to ensure that controls and systems adequately address the security, availability, processing, integrity, and confidentiality of customer data. The ISO 27001 standard includes requirements for establishing information security systems and controls.
“What makes achieving SOC 2 compliance especially difficult is that unlike many other regulations or standards that set universal requirements, a SOC 2 report is unique to an organization,” said Fugue CEO Phillip Merrick. “That requires each company to design its own controls to comply with one more more of the ‘five trust principles’ and demonstrate compliance to internal and outside auditors. Our customers have asked for our help, and we’re pleased to deliver SOC 2 and ISO 27001 compliance as part of our comprehensive cloud compliance capabilities.”
Security and compliance teams leverage Fugue to establish known-good baselines in order to identify any “drift” from that baseline, and report on policy violations when they occur. When Fugue detects a drift event, it immediately and automatically reverts back to the established baseline with self-healing infrastructure to protect against a data breach. Fugue also provides a complete record of cloud infrastructure change that users can “rewind” and view to understand exactly what happened in that specific environment, and track and understand changes to cloud environments over time.
“Fugue is a great product that’s helping us transform how we meet our compliance requirements,” said James Sipe, Vice President of Compliance and IT Security at SparkPost. “Fugue was easy to adopt, and we quickly had a complete picture of our cloud compliance posture, and it helps us ensure everything stays compliant.”