Snyk enters cloud security market with Fugue acquisition

Developer security platform Snyk has purchased Fugue, marking its fifth acquisition over the last year and a half.

The move, announced Thursday, marks Snyk's entry into the cloud security market. By adding Fugue, a startup specializing in cloud infrastructure security and compliance, Snyk plans to enable developer-first cloud security posture management (CSPM). It would be the "industry's first CSPM designed by and for developers," according to Snyk's announcement. Terms of the acquisition were not disclosed.

Fugue, based in Frederick, Md., was founded in 2013 and focuses on security for the cloud development lifecycle that includes infrastructure-as-code (IaC) capabilities. Snyk said the acquisition will assist the evolving role of developers by helping them "secure their code before deployment, maintain its secure integrity while running, and better understand the precise places to provide fixes back in the code."

Doug Cahill, vice president and group director of cybersecurity at Enterprise Strategy Group (ESG), a division of TechTarget, noted the two companies' shared commitment to open source communities.

Chris Steffen, research director at Enterprise Management Associates, said the acquisition will augment Snyk's IaC capabilities with the benefits of Fugue's cloud security.

"Given the importance of DevSecOps in the cloud, the integration of the two companies will provide additional security choices for developers as they create workloads for the cloud space," Steffen told SearchSecurity.

Similarly, ESG senior analyst Melinda Marks said the growing use of IaC has introduced additional risk because developers are rapidly using templates and scripts to provision infrastructure. If there is a code flaw or misconfiguration, she said, it can expose customer or company data if deployed in production.

"Fugue has been focused in this area, building tools for developers to help them use policy-as-code, automated testing and posture management to reduce misconfigurations," she said in an email to SearchSecurity. "Snyk has been addressing IaC security with a module as part of its solution, but it's nice to see them acquire Fugue so they can offer a more complete solution to help developers safely use IaC."

In October, Snyk purchased CloudSkiff, which also focuses on IaC as well as drift detection. Other recent acquisitions by Snyk include open source compliance and security tool FossID last May and AI vendor Manifold in January 2021. In 2020, Snyk acquired software analysis startup DeepCode.