All Things Compliance
4 Min Read December 12, 2019
Threat Stack Supports Omada Health’s HIPAA Compliance, Hyper Growth, & Operational Efficiency
Omada Health is leading the digital revolution in chronic disease prevention and management. Specializing in the prevention and treatment of obesity-related chronic diseases, Omada also offers a hypertension program, and recently launched a mental health application focused on anxiety and depression.
Operating under HIPAA, Omada is highly regulated and places a premium on data and systems security. Bill Dougherty, VP of IT and Security, puts it this way: “As the leading provider of digital care, protecting the health information of our participants is of the utmost importance. Trust and safety are a core part of our brand.” (more…)
4 Min Read December 10, 2019
Tips on How to Stay Secure at Conferences
At Threat Stack, we attend a lot of conferences: They can be a powerful way to connect with like-minded professionals and educate yourself on what’s new and trending in your industry. Since we attend so many conferences ourselves — in fact, the Threat Stack Team just got back from another great AWS re:Invent out in Las Vegas — we wanted to share some advice on how you can keep secure while you’re attending conferences. (more…)
6 Min Read December 5, 2019
How to Transform Alert Fatigue Into Proactive Security Management — 5 Must-Read Blog Posts
The global cybersecurity talent shortage is real, and with 72 percent of CISOs claiming that their teams are facing alert fatigue, there’s not a lot of room for error when it comes to getting accurate, context-rich alerts in front of under-resourced teams.
Traditional approaches to managing security alerts have often driven teams into a reactive mode where they’re overwhelmed by huge volumes of alerts or spend too much critical time gathering information and digging through log files. If this proliferation of data can be transformed into actionable intelligence, however, teams can become significantly more proactive and reduce risk over time.
Today, we’ll look at five must-read Threat Stack blog posts that provide excellent advice on how you can move away from reactive, ad hoc tactics toward a more structured and proactive approach by making alerts a key element of your overall information security strategy. (more…)
4 Min Read December 3, 2019
Lessons Learned From Lola: Demonstrating PCI Compliance in a Cloud-Native, Containerized Environment
Lola.com initially became PCI compliant about a year ago, and this fall completed a successful PCI audit. Recently Katie Paugh, Lola’s Senior DevOps Engineer, took part in a webinar with Threat Stack to discuss their experiences and share key lessons they’ve learned in how to adapt and implement PCI. (more…)
5 Min Read November 19, 2019
8 Best Practices for Strengthening Security in Cloud-Native Environments
Cloud-native companies and larger companies migrating to cloud environments continue to see the cloud as a way to gain speed, reliability, and other well-known benefits. But there are still plenty of pitfalls that can undermine security and negatively impact operations. To help remedy this situation, this post outlines some of the mistakes that operators make most frequently, along with best practices and recommendations they can follow to proactively reduce risk, achieve their security goals, and continue along the path to stronger cloud security maturity. (more…)
4 Min Read November 14, 2019
Cut Time & Costs: 7 Best Practices to Follow When Choosing a Cloud Security Solution
In a SaaS world, everyone wants to move fast! Rapid development can slash time to market and put you in a strong competitive position, and of course this is the way to operate as long as you’re not sacrificing quality. But remember: There’s bad fast as well as good fast. Too often we jump into projects, or we’re pressured to jump in before we’re ready — before we have all the necessary information and a clear understanding of what that information means. (more…)