How to Secure a Non-Production Environment (Webinar Recap)

“This code is fine, right?”

“It should be…”

“Wait… but what about this configuration?”

“Fine, I’ll test it in dev…”

This conversation sounds all too familiar, right? Your non-production environments are the foundation for the tools, applications, and services you provide to your customers. The history of every code deployment, mistake, and refinement made to create your product can be found there.

While test and dev environments serve a different purpose from production environments, they too, can be open to the outside world and introduce risk if not secured. Chances are, the data you’re storing, analyzing, or processing in non-production environments are just as sensitive as the data you push out to production. So why skimp on security here just because it’s not a production environment?

Yesterday, we hosted a brief webinar (led by our Chris Gervais,  VP of Engineering) focusing on the importance of securing non-production environments and how to do so. In case you missed it, here’s the recording along with a written  recap. Read more “How to Secure a Non-Production Environment (Webinar Recap)”

Cloud Security: Common Gaps & How to Bridge Them

We recently conducted a survey with Enterprise Strategy Group (ESG) to gather data about the state of cloud security today. As they say, numbers don’t lie, and we wanted to know what the numbers say about how well organizations today are progressing toward a more secure future.

Many of the findings were positive, but we also discovered some critical gaps that need to be filled. The survey clarified what we already suspected: As companies invest in additional cloud environments, the associated complexity can lead to significant security lapses. Below, we’ll explain what these cloud security gaps are and what can be done to bridge them. Read more “Cloud Security: Common Gaps & How to Bridge Them”

Meet the TUGG’s Guppy Tank: HiTech, the Next Generation

Every year around this time, Threat Stack looks forward to taking part in TUGG’s (Technology Underwriting Greater Good) ‘Tech Gives Back’ day.

Each TUGG event finds us doing something fun, different, and valuable for the community. This year we had the honor of hosting a class of grade 6 students for a fun Guppy Tank event. Yes, it’s what it sounds like… shark tank, for the littles, but with a serious business attitude. Read more “Meet the TUGG’s Guppy Tank: HiTech, the Next Generation”

A Straightforward Workflow to Define Your Cloud Security Strategy

Security is a big concern for organizations of pretty much every size and shape. Once you have organization-wide agreement that security is a priority (for most companies today, this is a no-brainer), it’s time to get to work.

So where do you start? Of course, you’ll need an individual or an interdisciplinary group to lead your security initiatives, but beyond that, it’s a matter of focusing on the right things at the right time to get your security program up and running as quickly and as smoothly as possible. Getting it done right should always be an objective, and getting it done quickly is also highly desirable — especially if you have a legal or customer requirement to become more secure.

In our latest webinar, “Automating Security and Compliance for Your Cloud Deployment,” Chris Gervais, Threat Stack’s VP of Engineering, and Katie Paugh, G2 Technology Group’s Security Architect discussed a simple workflow that every company can follow to successfully implement an effective security plan. Watch the full recording or read the main points below. Read more “A Straightforward Workflow to Define Your Cloud Security Strategy”

New eBook: Moving to the Cloud? Your Guide to Planning a Secure & Frictionless Migration

At the beginning of this year, Gartner projected that the global public cloud services market would grow to $246.8 billion in 2017, up 18% from $209.2 billion in 2016. Given the many high-value benefits it promises, it’s no wonder that moving to the cloud is the holy grail for many organizations.

When the decision to migrate is based on the right reasons, and when a migration is planned and managed according to proven best practices, the results can fundamentally transform an organization’s business model and create major competitive advantages. But migrating is a complex process, and if best practices aren’t followed, the promises of the cloud can remain out of reach or be delivered in a sub-optimal manner.

To make sure your migration gets off to a strong start, we are releasing our latest eBook — Moving to the Cloud? Your Guide to Planning a Secure and Frictionless Migration.
Read more “New eBook: Moving to the Cloud? Your Guide to Planning a Secure & Frictionless Migration”

How to Cut Time-to-Security-Incident-Detection on AWS

Time-to-detection is everything these days. If you don’t find a breach yourself, chances are someone else will. A recent study points out that up to 27% of breaches are discovered by third parties. This includes vendors or partners you work with, auditors, and probably most damaging of all — your customers.

The problem most companies are grappling with today is how to cut time-to-detection to ensure that they are the first ones to know about an issue, and in a way that won’t put a resource drain on the team. Last Thursday, Chris Gervais, Threat Stack’s VP of engineering, sat down with George Vauter, a senior software security engineer for Genesys, Jarrod Sexton, the lead information security manager for Genesys, and Scott Ward, the solutions architect at Amazon Web Services (AWS), to have a frank discussion about this in a webinar format.

Genesys is a leader in omnichannel customer experience and customer engagement software, with both on-premise and cloud-based offerings. PureCloud, their cloud-native microservice platform, is run on AWS, so the team has extensive experience launching and scaling in the cloud, as well as building a “secure-by-design” platform.

In our conversation, Genesys outlined several important steps that all companies should be implementing to reduce their time-to-detection, which we wanted to further highlight in today’s post. Read more “How to Cut Time-to-Security-Incident-Detection on AWS”

Join Threat Stack at Velocity 2017

BUILDING & MAINTAINING COMPLEX DISTRIBUTED SYSTEMS

According to its organizers, the upcoming O’Reilly Velocity Conference is the “best place on the planet for web ops and systems engineering professionals” to learn from their peers, exchange ideas with experts, and share best practices and lessons learned for handling modern systems and applications.
Read more “Join Threat Stack at Velocity 2017”

10 Best Practices for Securing Your Workloads on AWS

Achieving optimal security in a cloud environment can seem like a moving target. New security threats are constantly popping up along with security implementations meant to fight them off. To help you achieve optimal security in this environment, this post highlights the top 10 best practices for AWS security. Read more “10 Best Practices for Securing Your Workloads on AWS”

How to Leverage Automation to Make Your Organization Secure by Design

Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.

With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this. Read more “How to Leverage Automation to Make Your Organization Secure by Design”