Threat Stack Blog

Threat Stack Supports Omada Health’s HIPAA Compliance, Hyper Growth, & Operational Efficiency

Robin Stone

Omada Health is leading the digital revolution in chronic disease prevention and management. Specializing in the prevention and treatment of obesity-related chronic diseases, Omada also offers a hypertension program, and recently launched a mental health application focused on anxiety and depression.

Operating under HIPAA, Omada is highly regulated and places a premium on data and systems security. Bill Dougherty, VP of IT and Security, puts it this way: “As the leading provider of digital care, protecting the health information of our participants is of the utmost importance. Trust and safety are a core part of our brand.” (more…)

Tips on How to Stay Secure at Conferences

Pat Cable

At Threat Stack, we attend a lot of conferences: They can be a powerful way to connect with like-minded professionals and educate yourself on what’s new and trending in your industry. Since we attend so many conferences ourselves — in fact, the Threat Stack Team just got back from another great AWS re:Invent out in Las Vegas — we wanted to share some advice on how you can keep secure while you’re attending conferences.  (more…)

How to Transform Alert Fatigue Into Proactive Security Management — 5 Must-Read Blog Posts

Ivan Evsyukov

The global cybersecurity talent shortage is real, and with 72 percent of CISOs claiming that their teams are facing alert fatigue, there’s not a lot of room for error when it comes to getting accurate, context-rich alerts in front of under-resourced teams.

Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of alerts or spend too much critical time gathering information and digging through log files. If this proliferation of data can be transformed into actionable intelligence, however, teams can become significantly more proactive and reduce risk over time. 

Today, we’ll look at five must-read Threat Stack blog posts that provide excellent advice on how you can move away from reactive, ad hoc tactics toward a more structured and proactive approach by making alerts a key element of your overall information security strategy. (more…)

Lessons Learned From Lola: Demonstrating PCI Compliance in a Cloud-Native, Containerized Environment

Tim Buntel

Lola.com initially became PCI compliant about a year ago, and this fall completed a successful PCI audit. Recently Katie Paugh, Lola’s Senior DevOps Engineer, took part in a webinar with Threat Stack to discuss their experiences and share key lessons they’ve learned in how to adapt and implement PCI. (more…)

8 Best Practices for Strengthening Security in Cloud-Native Environments

Stephen Fitzgerald

Cloud-native companies and larger companies migrating to cloud environments continue to see the cloud as a way to gain speed, reliability, and other well-known benefits. But there are still plenty of pitfalls that can undermine security and negatively impact operations. To help remedy this situation, this post outlines some of the mistakes that operators make most frequently, along with best practices and recommendations they can follow to proactively reduce risk, achieve their security goals, and continue along the path to stronger cloud security maturity.  (more…)

Cut Time & Costs: 7 Best Practices to Follow When Choosing a Cloud Security Solution

Mark Moore

In a SaaS world, everyone wants to move fast! Rapid development can slash time to market and put you in a strong competitive position, and of course this is the way to operate as long as you’re not sacrificing quality. But remember: There’s bad fast as well as good fast. Too often we jump into projects, or we’re pressured to jump in before we’re ready — before we have all the necessary information and a clear understanding of what that information means. (more…)