Infrastructure in Transition: Securing Containers

Organizations are migrating from virtual server workloads to containers at a frenzied pace, buying into the increasingly popular technology and taking advantage of containers’ many benefits in terms of agility. The application container market is set to explode, according to 451 Research: Annual revenue is expected to increase by 400% over a period of five years, growing from $749 million in 2016 to more than $3.4 billion by 2021.

It’s not hard to see why. Containers are simple to deploy and provide users with greater operational flexibility and compute density, resulting in an optimized build pipeline. Turning to a container orchestration platform, such as Kubernetes, removes an additional layer of operational complexity for even greater ease of deployment and management.

However, a transition in infrastructure is never simple, and along with the advantages come new security challenges. In this post, we’ll discuss some of the risks you should consider before diving headfirst into a container environment, as well as some solutions for mitigating them. Read more “Infrastructure in Transition: Securing Containers”

Profile of an Ideal Security Hire in 2018

It seems that organizations are finally understanding the importance of bridging the gap between security and operations. In a survey we conducted recently, 85% of respondents said that employing SecOps best practices is an important goal for their organizations. Nevertheless, only 35% reported that SecOps is currently an established practice.

When it comes to the ideal of marrying security and operations, many are held back by a lack of expertise. The cybersecurity skills gap has created a severe talent drought in the industry, which is expected to leave 3.5 million cybersecurity jobs open by 2021.

It’s worth looking at what the qualities of an ideal security hire are in today’s business climate, and why it’s so difficult to find these types of professionals. In this post, we’ll outline the skill sets that cybersecurity professionals need to cultivate in the age of the cloud, explain why that ideal is so hard to find, and offer practical advice for moving your SecOps program forward, regardless of who you’re able to bring on your team full-time. Read more “Profile of an Ideal Security Hire in 2018”

How Sigstr Built Customer Trust with Threat Stack and AWS Security — Webinar Recap

On April 24, I had a great conversation with Sam Smith, the Chief Architect for Sigstr, a fast-growing SaaS platform for email signature marketing. Sigstr’s infrastructure is hosted and managed on AWS and secured by Threat Stack. Every day, Sigstr consumes and processes employee contact information from HRIS systems, customer information from marketing automation platforms, and email behavior data — which makes cloud security and data privacy key concerns for both Sigstr and its customers.

Sam’s team is a great model of how to make security a top business differentiator and sales driver. Since many of Sigstr’s customers are enterprise companies with significant risk concerns, the team has consistently been responsive to questions such as:

  • How does Sigstr access, store, and protect data?
  • How is the application’s infrastructure monitored and secured?
  • Had Sigstr undergone SOC 2 compliance or ISO 27001 compliance audits?
  • How could Sigstr help them meet GDPR requirements?

During the webinar, he shared information on how the startup managed to be so responsive to its customers’ security needs, while still maintaining a rapid pace of growth. Read more “How Sigstr Built Customer Trust with Threat Stack and AWS Security — Webinar Recap”

8 SecOps-Related Sessions You Don’t Want to Miss at RSA Conference 2018

As you likely know, RSA Conference is one of the largest and most comprehensive security events held each year. Choosing which sessions to attend and how to prioritize your time can be a big job.

At Threat Stack, we have SecOps on our minds big-time, so in this post we put together a list of related sessions that we think are absolutely can’t-miss.

Before you start reading, however, make a note to join us at Booth #S2504 to meet with one of our experts for tips on how to Secure the Strange Things Happening in Your Cloud! Read more “8 SecOps-Related Sessions You Don’t Want to Miss at RSA Conference 2018”

How to Benchmark Your SecOps Maturity and Make Continuous Improvement

Over 50% of companies admit to cutting back on security measures to meet a business deadline or objective, according to our recent SecOps Report. In other words, security is falling by the wayside, even as companies invest heavily in DevOps. With DevOps able to move more swiftly than ever in the cloud, security is often mistakenly viewed as a business decelerator, serving as an impediment to DevOps’ efficiency.

But strong security is not only vital to a healthy business in its own right; it can also speed sales cycles, drive revenue, and clear the way for new business opportunities. The key is integrating security with development and operations workflows and embedding it within business practices from the outset.

To do this, it’s necessary to get all stakeholders on the same page around security goals. One way to do that is to build a shared framework. With the help of the new Threat Stack® Cloud SecOps Maturity Framework, benchmarking your security maturity is a straightforward process of evaluating your strengths and weaknesses, and this enables you to develop a clear and actionable plan to move forward. Read more “How to Benchmark Your SecOps Maturity and Make Continuous Improvement”