Why You Need to be Compliant Much Sooner Than You Think

We’ve been talking a lot about compliance lately. That’s because, as more businesses are moving to the cloud and storing internal and customer data there, the means to achieving compliance change significantly. But it’s not the approach to compliance that changes in the cloud, it’s the tooling, as we explained in our post How Does Compliance Differ In The Cloud Versus On-Premise? So as more businesses move to the cloud or operate hybrid environments, we want to help them become clear about what they need to do and, for the purpose of this post, when they need to do it.

Read more “Why You Need to be Compliant Much Sooner Than You Think”

How to Reconcile Different Definitions of PCI DSS and HIPAA Compliance

Compliance would be challenging even if it were a black and white issue. The reality is that compliance regulations, such as PCI DSS and HIPAA, are really just a string of requirements open to interpretation. The definitions of each requirement can vary, sometimes quite a bit, from auditor to auditor or from company to company. Today, even the auditors are getting audited in an effort to ensure that the application of compliance regulations is as uniform as possible.

Read more “How to Reconcile Different Definitions of PCI DSS and HIPAA Compliance”

How Does Compliance Differ In The Cloud Versus On-Premise?

With 253 healthcare breaches in 2015 for a total of 112 million lost records, HIPAA compliance has never been more relevant. Meanwhile, 80 percent of businesses fail their PCI compliance assessments.

As a business, whether you’re storing patient records or processing customer credit card data, chances are the government or your customers (or, many times, both) require you to meet some sort of compliance standards. And it ain’t easy.

Read more “How Does Compliance Differ In The Cloud Versus On-Premise?”

How Compliance in the Cloud Can Strengthen Your Business

Often companies think of compliance as an annoying imposition — something to grin and bear. And while achieving compliance is not always a cakewalk, the upside of doing so can be huge. Whether you are interested in starting a company, entering a new market, or winning  new customers, achieving compliance can be a major business driver. Here’s why it’s beneficial to your bottom line to think about compliance in this way.

Read more “How Compliance in the Cloud Can Strengthen Your Business”

Announcing Threat Stack’s Compliance Blog Post Series

PCI DSS. HIPAA. SOC 2. SOX 404. Compliance can be a complicated and confusing beast, with plenty of acronyms and layers of regulations — not to mention expenses and stress. But achieving compliance in the cloud can also be the key to unlocking new sources of revenue, winning business, and achieving success in today’s competitive business environment.

Read more “Announcing Threat Stack’s Compliance Blog Post Series”

Best Practices for Baselining Your Cloud Security Environment

Whether you intend to use managed services to handle your organization’s cloud security or have decided to create and manage your own security program, pulling together all the information you need can be a complex task to say the least. To help out, we want to share some of the insights and best practices we’ve gathered from Threat Stack’s managed security service.

Read more “Best Practices for Baselining Your Cloud Security Environment”

Here’s The One Reason You Actually Should Use Security Point Solutions

Compiling the right set of security solutions to meet your company’s unique requirements is no easy feat. The security needs of each company can vary widely depending on compliance regulations, the industry threat profile and types of data processed, among many other factors. So while the security solutions you ultimately go with may fit the bill for what you need, they often:

Read more “Here’s The One Reason You Actually Should Use Security Point Solutions”

Threat Stack, the XOR DDoS and the Groundhog Variant

While the XOR DDoS Trojan has been active for over a year, we’ve seen a recent surge of coverage and blog posts recently. We’ve also seen the Groundhog variant emerge. This has prompted a few of our customers to ask how their Threat Stack deployment will detect this type of attack and activity as well as what new rules need to be added to detect this.

Read more “Threat Stack, the XOR DDoS and the Groundhog Variant”