One of our goals at Threat Stack is sharing information that will help you learn about the current cloud security threat landscape in order to effectively and more easily manage your organization’s security issues — and confidently get on with running your business.
To this end, the Threat Stack blog is a terrific repository of articles that cover a range of security topics. If you’re not a regular reader, we encourage you to start exploring — and in the meantime, have a look at the ten most-read posts of 2016.
Back in May, we wrote about how we started using webpack to improve the speed and maintainability of our build process. Our main goal was to give our engineers the ability to do live code and style reloading. We met this goal, and our rebuild time is now under 2 seconds with dynamic in-browser code reload. Read this post to see how we did it.
Looks like we aren’t the only nerds on this planet, because our tongue-in-cheek post mortem of the Death Star data breach was the number 9 post of the year. In it, we show you how to conduct a thorough and successful post mortem. The circumstances may be fictional, but the approach applies across the board.
P.S. We believe that blameless security post mortems help to create a culture that is nonjudgmental about security issues and that this, in turn, will reduce the number of security incidents, improve the response to incidents that do occur, and strengthen an organization’s overall security posture from the ground up. To learn more, read: How to Conduct a Blameless Security Post-Mortem.
We ran a full blog post series on compliance in the cloud this summer, complete with an in-depth playbook. Compliance can be a complex topic, but having a clear understanding of compliance issues is vital for businesses that want to run successfully in the cloud today.
While the playbook itself was a hit, this post on SOC2 compliance seemed to really catch your attention as well. In it, we share four things you need to know about this accounting-focused compliance framework, covering everything from anomaly tracking to audit trails to forensics.
A huge part of our customer base runs on AWS, so it makes sense that you wanted to learn about relevant security issues. To put this post together, we spoke to many of our own customers and associates across the security industry to identify the most common challenges when it comes to AWS security, as well as some of the ways organizations are rising to meet them. It’s eye-opening and practical at the same time.
6. 5. & 4. Scala, Scala, Scala!
Believe it or not, three of our top ten posts for 2016 were about Scala. The number of organizations investing in Scala is exploding, and for good reason. Scala combines Object Oriented and Functional capabilities as well as immutability, which makes it an extremely powerful foundation for applications that need to run at massive scale. Our ongoing series of blog posts on Scala aims to bridge the gap between theory and practice by focusing on something that is not easily found on the open internet: actual examples of functional concepts being used in production, at scale. We even give you code samples!
Check out our top three Scala-related posts below:
- Useful Scala Compiler Options for Better Scala Development: Part 1
- Scala @ Scale, Part 1: Leaving Unhandled Errors Behind
- My Journey in Scala, Part 1: Awakenings
Sam Bisbee, our CTO, lost a bet about system upgrades, so he wrote this blog post. We ran the numbers, and contrary to what we hoped was true, it turns out that people actually aren’t upgrading their software nearly frequently enough, and systems are living longer than you might expect in the cloud. In this post, we detail what we learned from our investigation. The takeaway, of course, is that you need to ensure that your systems are being upgraded as frequently as best practices recommend.
We think application control — a.k.a. Whitelisting — is a security best practice today. But should you DIY it or go with a pre-built solution for whitelisting? In this post, we go into detail on the pros and cons of each option to help you decide what makes the most sense for your organization. Combine this approach with a platform like the Threat Stack Cloud Security Platform®, and you’ve got both a lock on the door and a security camera. A recipe for peace of mind, if you ask us.
We did it ourselves, so we wanted to show you how. We love Cassandra, and it’s a key component of our polyglot data platform. But we had some growing pains as we went from three nodes to thirty, so in this post, we cover tips and tricks, “gotchas,” and best practices for successfully scaling on the platform. This was our top post of the year, so we’re guessing that plenty of you can relate! If you didn’t check it out the first time, now’s your chance.
There’s More! Threat Stack Playbooks
In addition to the posts listed above, we highly recommend that you check out the four playbooks we released this year. They filled with useful information gathered from our subject matter experts, brought to you in a readable, take-anywhere format:
- The Cloud Security Playbook: Strategies & Best Practices for Today’s Volatile Threat Landscape. This is a top-to-bottom guide to security in the cloud, and the best place to start your journey.
- The Threat Stack Compliance Playbook: Compliance for Cloud Infrastructure. If you need to ensure compliance in the cloud, here’s what you need to know, with a focus on HIPAA and PCI DSS, two of the most common compliance frameworks.
- The SecOps Playbook: How to Release Security Code at Scale & at Speed. Security + DevOps = SecOps. This playbook explains how you can ensure that code is released continuously, securely, and at scale.
- The Cloud Security Use Cases Playbook: A Hands-on Guide to Implementing Security & Optimizing Workflows. Based on real-world experience, this “how-to” playbook identifies critical areas where you can implement, strengthen, and optimize security across your cloud infrastructure.
Stay Tuned & Send Us Your Feedback
What were your favorite security blog posts or articles this year? What do you most want to hear about as we move into 2017?
Tell us on Twitter @threatstack so we can keep bringing you information that will help you secure your journey in the cloud.