In a SaaS world, everyone wants to move fast! Rapid development can slash time to market and put you in a strong competitive position, and of course this is the way to operate as long as you’re not sacrificing quality. But remember: There’s bad fast as well as good fast. Too often we jump into projects, or we’re pressured to jump in before we’re ready — before we have all the necessary information and a clear understanding of what that information means. Read more “Cut Time & Costs: 7 Best Practices to Follow When Choosing a Cloud Security Solution”
Our last post on HIPAA compliance — HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge — provided expert insights that are designed to help healthcare providers and business associates develop their foundational knowledge of HIPAA regulations and requirements. Today’s post offers insights into how an organization can achieve effective governance by translating its understanding of HIPAA into effective operational policies and procedures. Read more “HIPAA Compliance Tips & Best Practices — Factors to Consider When Developing Effective Policies & Procedures”
When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This type of analysis is especially important with containers, since the attack surface increases significantly, while the level of security visibility across hosts, containers, and the infrastructure control plane decreases.
For example, one of the most prominent attack scenarios in containers is the idea of blast radius. After the initial point of compromise, an attacker can escalate privileges quickly to gain control of other containers in the cluster. Since attackers are looking for the greatest returns for the least amount of effort, a vulnerable Kubernetes or Docker cluster may be a great place to strike quickly and do a lot of damage across a wide attack surface.
New, sophisticated attacks to cloud infrastructure emerge every day. But, if you follow the five steps outlined below to create a cybersecurity risk assessment, you can anticipate where your organization may be most vulnerable and strengthen your system’s security accordingly before an attacker gets the chance to strike. Read more “How to Create a Security Risk Assessment for Containers in 5 Steps”
The last few years have seen a number of failures in the field of HIPAA compliance and fines that would put many smaller-scale practices out of business. While an increase in the use and sharing of electronic patient data accounts for many HIPAA compliance issues, the bottom line is that too many organizations are leaving themselves vulnerable to data protection breaches in ways that are fundamentally avoidable. Read more “HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge”
Compliance isn’t as simple as a connect-the-dots exercise. When you consider how fast companies are moving to and expanding in the cloud, and then take into account the proliferation of cloud-based security threats, compliance can be a little dizzying. We’re here to break down the complexities of compliance requirements for you, starting with SOC 2.
SOC 2 is one of the more common compliance requirements technology companies must meet today. But what does SOC 2 compliance mean, and how can you go about achieving it? In this post, we break down the four most important things you need to know. Read more “4 Things You Need to Know About SOC 2 Compliance”
Any organization that has access to electronic Protected Health Information (ePHI) must comply with HIPAA. If your organization needs to be compliant, this isn’t something you can delay or phase in gradually because failure to meet HIPAA compliance can carry steep penalties. (On the positive side, becoming HIPAA compliant can be a tremendous business driver if you’re interested in starting a company, entering a new market, attracting new customers, or reducing the time it takes to obtain approvals.) Read more “HIPAA Compliance Checklist”
PCI DSS stands for Payment Card Industry Data Security Standard. These standards are in place to help businesses protect themselves and their customers by outlining how sensitive personal information, like credit card data, gets stored. If you process payments using debit or credit cards, you must meet PCI DSS, or you might be fined or have your ability to process cards revoked altogether. Read more “PCI Compliance Checklist”
The Health Insurance Portability and Accountability Act, or HIPAA, is a United States law that seeks to protect the privacy of patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. It seeks to make health insurance coverage available to everyone — even those who lose their jobs. It also aims to lower the cost of healthcare by setting up standards in the electronic transmission of financial and administrative transactions. As well, HIPAA is designed to help fight abuse, waste, and fraud in insurance and healthcare delivery. The act also gave rise to the HIPAA Privacy Rule, which is the first set of American standards that protect the health information of patients. All health-related clearinghouses, providers, and insurance plans are covered by the act, as well as all companies in the country that are handling or storing healthcare data.
The good news is that you can use AWS and be HIPAA compliant. One way to strengthen HIPAA compliance is by leveraging Threat Stack’s Cloud Security Platform®, which provides healthcare companies — as well as business associates — with the most advanced solutions they need to meet a broad range of HIPAA compliance requirements. This post outlines nine essential best practices you should know about AWS HIPAA compliance. Read more “AWS HIPAA Compliance Best Practices Checklist”
Cloud security is one of the most rapidly changing technology landscapes out there. And naturally, the market for security tools is also constantly evolving as stakeholders continue to develop an understanding of how important a mature security posture is to the entire organization — from innovation to sales to ongoing brand and customer success.
Throughout the industry, different security solutions solve different problems for different types of businesses: There is no “one-size-fits-all-cloud-security-silver-bullet.” Being able to cut through the hype, promises, and buzz to figure out which solutions are actually suited to your specific use cases can be a challenge.
So in this post, we’re offering guidance on what some of the broader categories of cloud security solutions do and do not offer, and how they deliver security information and alerts to their end users. In turn, we’ll take a look at using Network IDS tools, using point solutions to build your own security stack, jumping into the emerging world of machine learning (ML), and deploying a comprehensive cloud security platform that not only provides a wide range of security functionality but also integrates security into your existing DevOps workflows and provides a foundation for constantly improving your security maturity. Read more “Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions”
This AWS Security Readiness Checklist is intended to help organizations evaluate their applications and systems before deployment on AWS. This evaluation is based on a series of best practices and is built off the Operational Checklists for AWS1. Read more “AWS Security Readiness Checklist”