4 Things You Need to Know About SOC 2 Compliance

Compliance isn’t as simple as a connect-the-dots exercise. When you consider how fast companies are moving to and expanding in the cloud, and then take into account the proliferation of cloud-based security threats, compliance can be a little dizzying. We’re here to break down the complexities of compliance requirements for you, starting with SOC 2.

SOC 2 is one of the more common compliance requirements technology companies must meet today. But what does SOC 2 compliance mean, and how can you go about achieving it? In this post, we break down the four most important things you need to know. Read more “4 Things You Need to Know About SOC 2 Compliance”

HIPAA Compliance Checklist

Any organization that has access to electronic Protected Health Information (ePHI) must comply with HIPAA. If your organization needs to be compliant, this isn’t something you can delay or phase in gradually because failure to meet HIPAA compliance can carry steep penalties. (On the positive side, becoming HIPAA compliant can be a tremendous business driver if you’re interested in starting a company, entering a new market, attracting new customers, or reducing the time it takes to obtain approvals.) Read more “HIPAA Compliance Checklist”

PCI Compliance Checklist

PCI DSS stands for Payment Card Industry Data Security Standard. These standards are in place to help businesses protect themselves and their customers by outlining how sensitive personal information, like credit card data, gets stored. If you process payments using debit or credit cards, you must meet PCI DSS, or you might be fined or have your ability to process cards revoked altogether.  Read more “PCI Compliance Checklist”

AWS HIPAA Compliance Best Practices Checklist

The Health Insurance Portability and Accountability Act, or HIPAA, is a United States law that seeks to protect the privacy of patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. It seeks to make health insurance coverage available to everyone — even those who lose their jobs. It also aims to lower the cost of healthcare by setting up standards in the electronic transmission of financial and administrative transactions. As well, HIPAA is designed to help fight abuse, waste, and fraud in insurance and healthcare delivery. The act also gave rise to the HIPAA Privacy Rule, which is the first set of American standards that protect the health information of patients. All health-related clearinghouses, providers, and insurance plans are covered by the act, as well as all companies in the country that are handling or storing healthcare data.

The good news is that you can use AWS and be HIPAA compliant. One way to strengthen HIPAA compliance is by leveraging Threat Stack’s Cloud Security Platform®, which provides healthcare companies — as well as business associates — with the most advanced solutions they need to meet a broad range of HIPAA compliance requirements. This post outlines nine essential best practices you should know about AWS HIPAA compliance. Read more “AWS HIPAA Compliance Best Practices Checklist”

Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions

Cloud security is one of the most rapidly changing technology landscapes out there. And naturally, the market for security tools is also constantly evolving as stakeholders continue to develop an understanding of how important a mature security posture is to the entire organization — from innovation to sales to ongoing brand and customer success.

Throughout the industry, different security solutions solve different problems for different types of businesses: There is no “one-size-fits-all-cloud-security-silver-bullet.” Being able to cut through the hype, promises, and buzz to figure out which solutions are actually suited to your specific use cases can be a challenge.

So in this post, we’re offering guidance on what some of the broader categories of cloud security solutions do and do not offer, and how they deliver security information and alerts to their end users. In turn, we’ll take a look at using Network IDS tools, using point solutions to build your own security stack, jumping into the emerging world of machine learning (ML), and deploying a comprehensive cloud security platform that not only provides a wide range of security functionality but also integrates security into your existing DevOps workflows and provides a foundation for constantly improving your security maturity. Read more “Machine Learning, Signatures, Rules, & Behaviors — Tips on Navigating Modern Cloud Security Solutions”

50 Great DevOps Tools You May Not Be Using

DevOps is about seamless collaboration between Development and Operations, and you need to have the right tools in your environment to help make this possible. As everyone knows, DevOps covers a lot of functional areas, so knowing what tools to adopt can be a challenge.

Today’s market offers a huge array of both open source and proprietary tools, and together they can answer nearly every need throughout the DevOps lifecycle from Planning to Deployment to Monitoring and ongoing Improvement. When these are coupled with a comprehensive security solution like Threat Stack’s Cloud Security Platform®, they can also help to enable security and compliance: It’s a matter of understanding what each tool offers, matching the right ones to your requirements, and investing the time needed to train your team to use them to their highest potential.

To help you make your way through the almost endless list of tools out there, we’ve used this post to compile a list of 50 great DevOps tools that you might want to consider when you’re looking for a solution that will help streamline, automate, or improve specific aspects of your workflow. Read more “50 Great DevOps Tools You May Not Be Using”

3 Questions to Ask When You’re Ready to Operationalize Your Security

New global data from Checkmarx reveals that 92 percent of organizations struggle to implement security into DevOps — even though they say they want to. The heart of this issue is the common misconception that security slows things down, which leads to the common practice of skipping security measures in an effort to get things done.

While this approach may seem to create a payoff in terms of productivity, any gains are short term at best and are always offset by the fact that the company is at greater risk for a breach.

But the truth is, speed and security are not mutually exclusive, and you can effectively integrate security into operations throughout your organization if you follow SecOps best practices.

With that in mind, we’ll use this post to walk through the three major questions your organization must ask as it moves toward operationalized security.

Before diving into the post, however, take a look at details on our upcoming webinar — “How to Spend Your Security Budget in a DevOps World.” Read more “3 Questions to Ask When You’re Ready to Operationalize Your Security”