50 Valuable PCI Compliance Tips

The Payment Card Industry Data Security Standards (PCI DSS) provides a rigorous security framework and best practices for businesses that store, transmit, or process credit card information. 

The PCI DSS is a set of technical and operational requirements that govern modern payment processing. Businesses and organizations in the payments industry must achieve and maintain compliance, or they may become liable to consequences that include increased risk of data breaches, damage to brand reputation, heavy fines, and other sanctions. 

With more companies using cloud computing than ever before, PCI compliance in the cloud — such as AWS PCI Compliance — is a growing need. Companies can reduce their risk and streamline compliance by leveraging the right tools. Platforms such as Threat Stack’s Cloud Security Platform®, which offers continuous cloud compliance, can strengthen your organization’s security posture and build compliance into your technology stack to help you meet PCI DSS requirements as well as compliance requirements for other regulatory frameworks. 

To help as you embark on the journey to PCI compliance, we have compiled a list of 50 PCI compliance tips from payment security experts and thought leaders. To make the list manageable, we have divided the tips and quotes into the following five categories: Read more “50 Valuable PCI Compliance Tips”

How Stratasan Addresses Its Growing Security & Compliance Needs for Healthcare IT and Services Using Threat Stack

Stratasan provides web-based software and professional services that are designed to help healthcare organizations maximize strategic growth through convenient access to useful information on healthcare markets. Healthcare providers, specifically hospitals and hospital systems, struggle to discover the best opportunities in their market for strategic growth, find the right patient populations in their service area, and track their performance and progress against their strategic growth goals. 

By delivering intelligence through proprietary web-based software and a team of seasoned healthcare professionals, Stratasan establishes a foundation for growth in strategic planning, marketing, physician relations, and expansion. Partnering with nearly 1,000 hospitals across 40 states, Stratasan helps them achieve efficiency and effectiveness in their strategic planning initiatives. 

This blog post outlines how Stratasan uses Threat Stack to gain the visibility, multiple tiers of monitoring, and auditable data, it needs to address its growing security and compliance needs. Read more “How Stratasan Addresses Its Growing Security & Compliance Needs for Healthcare IT and Services Using Threat Stack”

PCI Compliance Checklist

PCI DSS stands for Payment Card Industry Data Security Standard. These standards are in place to help businesses protect themselves and their customers by outlining how sensitive personal information, like credit card data, gets stored. If you process payments using debit or credit cards, you must meet PCI DSS, or you might be fined or have your ability to process cards revoked altogether.  Read more “PCI Compliance Checklist”

Black Hat 2019 Recap: Transformation & the New Cybersecurity Culture

As the security industry finally leaves Las Vegas after a full week of Black Hat, Defcon, and Bsides, we wanted to set aside some time to take stock and think about all the trainings, presentations, research, and conversations during our week in the desert. One of the overarching takeaways that was cemented by Dino Dai Zovi’s keynote is the critical need for security to become embedded in our culture.  Read more “Black Hat 2019 Recap: Transformation & the New Cybersecurity Culture”

Join Threat Stack & 19,000 InfoSec Professionals at Black Hat USA 2019

Booth #2009 | August 7 – 8 | Las Vegas, NV

Hope we see you at Black Hat next week for one of the world’s leading info security events. The show has something for everyone — research, training, latest trends, networking opportunities, a broad range of security products & solutions presented by Black Hat sponsors — and as always — fantastic social events.  

Threat Stack is a proud Silver Plus sponsor this year, and we’re bringing out our A-Team of security and compliance experts.  Read more “Join Threat Stack & 19,000 InfoSec Professionals at Black Hat USA 2019”

How SaaS Companies Can Build a Compliance Roadmap

Meeting compliance requirements can be a challenge, but it can also open up new markets, speed your sales process, and improve your company’s overall security posture. When it comes to improving your security maturity, compliance can be a useful part of your strategy.

Whether you’re targeting specific industry verticals or going after international customers, entering new markets requires continuous education about the latest in compliance and regulatory standards as they relate to data privacy and security. With that in mind, this post takes a brief look at key standards in order to give you insights into the security and privacy requirements that may be pertinent to the way your SaaS company engages with prospects and customers and handles sensitive data. Read more “How SaaS Companies Can Build a Compliance Roadmap”

Ensuring Compliance With EU Payment Services Directive (PSD2)

September 14, 2019 is the deadline by which all payment service providers within the European Union must comply with PSD2’s Regulatory Technical Standard (RTS) pertaining to the requirements of the revised Payment Services Directive (PSD2). In this post, we cover some of the main issues related to PSD2’s purpose, how to determine whether it applies to you, and key requirements for compliance and security. Read more “Ensuring Compliance With EU Payment Services Directive (PSD2)”

Just Enough Windows Server

— A special Thank You to Jose Bañez, Threat Stack Security Solution Engineer, for editing this blog post.

If you’re like me, you grew up using a Windows PC in school, but eventually made the jump to Macs. In my career, the same shift happened: Initial brushes with corporate IT were Windows-based, but as I got corporate MacBooks, I encountered the Bash shell, remote servers, and all the Linux that comes along with it.

While Linux typically rules the world in terms of servers on the web, Windows Server is still going strong in the back office and in enterprise data centers. A lot has changed since the early days of Windows NT. With the recent introduction of the Threat Stack Agent for Windows Server, I thought it would be helpful to provide a quick overview of how most admins are managing Windows Server in the wild. It’s by no means official, but here’s what I learned. Read more “Just Enough Windows Server”

Stretch Right With Threat Stack Application Security Monitoring

In our last post, we explored how Threat Stack’s Application Security Monitoring embeds security in development processes — without negatively impacting agility or speed of application development and deployment. Empowering developers to proactively address software risk is central to organizations that “stretch left” to build security into their entire software development and deployment lifecycle. But even with the best security awareness, testing, and early problem identification and mitigation, some risk may always sneak by and make it into a running application.  Read more “Stretch Right With Threat Stack Application Security Monitoring”

16 Cloud Security Experts Share the Most Costly Security Technology Misconceptions When It Comes to Cloud Migration

More companies are migrating their infrastructure to the cloud to take advantage of benefits like reliability, scalability, and lower costs, but cloud migration remains a complex task requiring careful consideration and planning. (For tips on planning a secure and frictionless migration, download our ebook.) Choosing the right security technology is just one of many considerations, but it’s a critically important one, particularly for organizations in sectors such as healthtech and healthcare. Not only do organizations in these areas need to protect large volumes of sensitive patient and institutional data, but they can also face serious penalties for violating privacy regulations.

When it comes to security, it is often advantageous to choose an integrated platform such as Threat Stack’s Cloud Security Platform® in order to gain visibility across all cloud providers, including hybrid cloud environments, in a single dashboard. Threat Stack also enables full stack security observability, which provides organizations with contextualized information from every part of the cloud throughout the entire software development lifecycle.

To learn more about the most common (and most costly) misconceptions companies have about security technology when considering cloud migration, we reached out to a panel of cloud security experts and asked them to answer this question: Read more “16 Cloud Security Experts Share the Most Costly Security Technology Misconceptions When It Comes to Cloud Migration”