12 Low-Cost Cloud Security Practices With Big Payoffs

Good security takes effort. But it’s not impossible — far from it. The key to achieving better security is to focus on embedding the right types of thinking early on. Make good security hygiene as natural as muscle memory. And before you start to worry about budget, take note: There are many low-cost, relatively easy measures you can take that will have a big impact on your organization’s security posture.

Recently, we hosted a webinar to outline what some of these low-cost practices look like. We want to show you that it isn’t impossible to achieve security on a budget, especially if you focus on implementing it collaboratively with your teams and building a truly security-conscious culture.

Here’s where we think you should be focusing your energies to achieve big results for little or no cost.

You can listen to the full webinar and read our recap below. Read more “12 Low-Cost Cloud Security Practices With Big Payoffs”

Why Docker Can’t Solve All Your Problems in the Cloud

Docker and other container services are appealing for good reason. They are lightweight and flexible. For many organizations, they enable the next step of platform maturity by reducing the needs of a runtime to the bare essentials (at least, that’s the intent).

When you dig into the benefits afforded by containers, it’s easy to see why so many companies have started projects to:

  • Containerize their apps and supporting services
  • Achieve isolation
  • Reduce friction between environments
  • Potentially improve deployment cycle times

The software development pattern of small things, loosely coupled, can go even further with an architecture built around containerization. We’re big fans at Threat Stack, and continue to invest in supporting our customers who rely on them. In fact, we recently announced official CoreOS support for our agent.

However, we have discovered that there is no shortage of misunderstandings about Docker (no surprise given the rapid growth and pace of change) and other container services in terms of:

  • How their benefits are realized
  • The impact on infrastructure/operations
  • The implications on overall SDLC and Ops processes

Containers certainly offer plenty of benefits, and it makes good sense to explore whether and how they could work for your organization. But it is also a good idea to take off the rose-colored glasses first and approach this technology realistically. Read more “Why Docker Can’t Solve All Your Problems in the Cloud”

Compliance in the Cloud: Q&A Webinar Recap

On April 25th, I had the pleasure of speaking with Ryan Buckner, Principal at Schellman & Company and Kevin Eberman, Director of Ops at MineralTree during a webinar on compliance in the cloud.

Using the cloud as our lens, we discussed the ways in which companies can better understand and navigate compliance. You can view the entire webinar or read our recap below. Read more “Compliance in the Cloud: Q&A Webinar Recap”

Calculating TCO: The Real Cost of Cloud Security

This post examines the total cost of ownership (TCO) of a cloud security system, not in terms of the actual dollars and cents cost of a system, but in terms that will help you identify and understand the many hidden costs associated with accurately calculating the TCO for cloud security.

In essence, we want to show you some of the areas that would require a significant investment if you were to build, operate, and maintain a system with capabilities similar to Threat Stack’s Cloud Security Platform®. This, in turn, should help you make an informed decision as you go about selecting a cloud security solution that is appropriate for your organization.

Note: We use “build” in a broad sense in this post, from building a system from scratch, to leveraging open source tools, to creating integrations among multiple point solutions. Read more “Calculating TCO: The Real Cost of Cloud Security”

How to Prepare Your Company Culture for Its First Security Hire

We often think of security as a technology problem. But at its core, security is and always has been a people problem. You can have the fanciest security tools up and running, but if your organization is full of happy clickers, you still have a problem on your hands.

For this reason, the more that security is a part of your company culture, the better off you will be when it comes to standing up to today’s threats. Read more “How to Prepare Your Company Culture for Its First Security Hire”

5 Tips to Streamline Your Security Team

If you’ve ever hired security pros, then you know the current talent shortage is no joke. A recent Computerworld survey found that compensation for security specialists is growing faster than for any other role in IT (up 6.4% year-over-year in average total compensation), and the competition for talent is fierce. Finding the right talent can be a lengthy process, leaving your security hopes and dreams in limbo.

So, what’s an organization to do? Many companies are working hard to streamline security operations and answer the talent shortage with changing tactics to match the changing role of security. Organizations need to maximize the value of their security hires now more than ever. Below, we’ll cover five tips that can help you get the most out of your security team’s time and talents. Read more “5 Tips to Streamline Your Security Team”

Ending Alert Fatigue: Threat Stack and VictorOps On Modern-Day Security and Incident Management

Alert fatigue is a very real issue that security, ops, and dev teams are dealing with today. But how do you know if alerts are burning you out? And how can others on your team recognize it? More often than not, alert fatigue flies under the radar until it’s too late — critical issues start to pass by unnoticed and our adversaries get the upper hand.

Read more “Ending Alert Fatigue: Threat Stack and VictorOps On Modern-Day Security and Incident Management”

The Top 5 Things Companies Handling PHI Need to Know About Cloud Security

An increasing number of healthcare organizations are transitioning from data centers to cloud computing today. Healthcare CIOs are, like those in many other industries, turning to the cloud to realize benefits that include efficiency, flexibility, and cost savings. Some experts argue that this increased use of the cloud opens them up to more security challenges, but in fact the cloud isn’t necessarily any less secure than traditional computing — and in many cases, it is more secure. It’s a matter of using it intelligently and building a complete and appropriate security strategy.

Read more “The Top 5 Things Companies Handling PHI Need to Know About Cloud Security”

Scaling Quickly & Securely: Achieving Security & Compliance in AWS

On Tuesday, June 21, I teamed up with Scott Ward, Solutions Architect at AWS, and Arup Chakrabarti, Director of Engineering at PagerDuty, to deliver a webinar about scaling quickly and securely in AWS. The discussion was lively enough to keep beach-and-BBQ dreams at bay for an hour or so on a humid Wednesday in Boston.

Read more “Scaling Quickly & Securely: Achieving Security & Compliance in AWS”