AWS HIPAA Compliance Best Practices Checklist

The Health Insurance Portability and Accountability Act, or HIPAA, is a United States law that seeks to protect the privacy of patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. It seeks to make health insurance coverage available to everyone — even those who lose their jobs. It also aims to lower the cost of healthcare by setting up standards in the electronic transmission of financial and administrative transactions. As well, HIPAA is designed to help fight abuse, waste, and fraud in insurance and healthcare delivery. The act also gave rise to the HIPAA Privacy Rule, which is the first set of American standards that protect the health information of patients. All health-related clearinghouses, providers, and insurance plans are covered by the act, as well as all companies in the country that are handling or storing healthcare data.

The good news is that you can use AWS and be HIPAA compliant. One way to strengthen HIPAA compliance is by leveraging Threat Stack’s Cloud Security Platform®, which provides healthcare companies – as well as business associates – with the most advanced solutions they need to meet a broad range of HIPAA compliance requirements. This post outlines nine essential best practices you should know about AWS HIPAA compliance. Read more “AWS HIPAA Compliance Best Practices Checklist”

Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions

Cloud security is one of the most rapidly changing technology landscapes out there. And naturally, the market for security tools is also constantly evolving as stakeholders continue to develop an understanding of how important a mature security posture is to the entire organization — from innovation to sales to ongoing brand and customer success.

Throughout the industry, different security solutions solve different problems for different types of businesses: There is no “one-size-fits-all-cloud-security-silver-bullet.” Being able to cut through the hype, promises, and buzz to figure out which solutions are actually suited to your specific use cases can be a challenge.

So in this post, we’re offering guidance on what some of the broader categories of cloud security solutions do and do not offer, and how they deliver security information and alerts to their end users. In turn, we’ll take a look at using Network IDS tools, using point solutions to build your own security stack, jumping into the emerging world of machine learning (ML), and deploying a comprehensive cloud security platform that not only provides a wide range of security functionality but also integrates security into your existing DevOps workflows and provides a foundation for constantly improving your security maturity. Read more “Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions”

50 Great DevOps Tools You May Not Be Using

DevOps is about seamless collaboration between Development and Operations, and you need to have the right tools in your environment to help make this possible. As everyone knows, DevOps covers a lot of functional areas, so knowing what tools to adopt can be a challenge.

Today’s market offers a huge array of both open source and proprietary tools, and together they can answer nearly every need throughout the DevOps lifecycle from Planning to Deployment to Monitoring and ongoing Improvement. When these are coupled with a comprehensive security solution like Threat Stack’s Cloud Security Platform®, they can also help to enable security and compliance: It’s a matter of understanding what each tool offers, matching the right ones to your requirements, and investing the time needed to train your team to use them to their highest potential.

To help you make your way through the almost endless list of tools out there, we’ve used this post to compile a list of 50 great DevOps tools that you might want to consider when you’re looking for a solution that will help streamline, automate, or improve specific aspects of your workflow. Read more “50 Great DevOps Tools You May Not Be Using”

3 Questions to Ask When You’re Ready to Operationalize Your Security

New global data from Checkmarx reveals that 92 percent of organizations struggle to implement security into DevOps — even though they say they want to. The heart of this issue is the common misconception that security slows things down, which leads to the common practice of skipping security measures in an effort to get things done.

While this approach may seem to create a payoff in terms of productivity, any gains are short term at best and are always offset by the fact that the company is at greater risk for a breach.

But the truth is, speed and security are not mutually exclusive, and you can effectively integrate security into operations throughout your organization if you follow SecOps best practices.

With that in mind, we’ll use this post to walk through the three major questions your organization must ask as it moves toward operationalized security.

Before diving into the post, however, take a look at details on our upcoming webinar — “How to Spend Your Security Budget in a DevOps World.” Read more “3 Questions to Ask When You’re Ready to Operationalize Your Security”

5 SecOps Processes to Try Today

DevOps has enabled businesses to bring products to market faster than ever before. But what about security?

In our recent survey, Refocusing Security Operations in the Cloud Era, 36% of businesses said their top IT goal over the next year is to respond to business needs faster. Conversely, only 10.5% prioritized improving security as their top goal.

There is a misconception that businesses can’t move both quickly and securely. But with SecOps best practices, businesses can move away from the ad hoc, reactive tactics that slow things down, and replace them with repeatable processes that effectively support teams and products. Let’s explore. Read more “5 SecOps Processes to Try Today”

50 Best Cloud Security Podcasts

Some of the earliest podcasters were influencers in the technology and online space. For well over a decade, programs that specifically discuss security news and topics have been keeping people up to date on data and systems safety. For many, it’s the ideal medium to learn about the latest happenings in the industry via a convenient and enjoyable format.

With that in mind, we have put together a listing of 50 of the best cloud security podcasts we know about. The hosts and programs on the list are experts from many different technical backgrounds. Their content can benefit professionals in security, programming, or almost any technical role. So whether you’re in a security role or just find yourself interested in some of the big data news that seems to be looming ever larger, you’ll find them useful and, oftentimes, entertaining.

Note: Our list of podcasts is not ranked in terms of perceived value or quality of content. What we have provided is a brief description of each of the podcasts as well as three pertinent episodes for each that you may want to download.

Before we dive into our podcast list, we want to call out two podcasts:

Read more “50 Best Cloud Security Podcasts”

What’s In Our SecOps Stack: 6 Top Integrations

When it comes to creating a solid SecOps program, an organization must consider people, processes, and technology. It’s not one area that makes a secure program, but a combination of all three working together.

As good as our people are, however, they would not get far without systematic processes backed by powerful tools and integrations. Here at Threat Stack, we use the following tools to ensure that our organization is safe, secure, and operating effectively. Read more “What’s In Our SecOps Stack: 6 Top Integrations”