How to Answer Tough Board-Level Security & Compliance Questions in 2018

GDPR. Meltdown. Spectre. SOC 2. Coming at you like mosquitos on a hot summer night, these topics are of top concern for board members and security teams alike this year. But what do you do when these issues really aren’t of concern to your particular organization? And how can you put your board and executive team at ease when these issues hit the news?

Our CSO Sam Bisbee spoke about ways to handle and prepare for each of these hot ticket questions in yesterday’s webinar. You can view the entire webinar or read our recap below so you can begin preparing today. Read more “How to Answer Tough Board-Level Security & Compliance Questions in 2018”

How to Obtain Buy-in on Security Initiatives for Your SaaS Company

Strong security is vital to any SaaS company, enabling platform stability and integrity while instilling confidence in potential customers.

There’s nothing new in this statement, but, with an eye on the bottom line, C-Level executives, board members, and VC firms often take a little more convincing when it comes to implementing new cloud security strategies — especially if it means shelling out cash for new solutions or team members. Obtaining buy-in for new security initiatives can be a time-consuming task requiring several layers of validation.

There’s a very real risk of security initiatives losing out to more obvious business drivers when it comes time for budget allocation. But as an IT or security team lead, it’s your job to advocate for security priorities. In this post, we’ll outline the steps you can take to get the green light you need for your cloud security strategy. Read more “How to Obtain Buy-in on Security Initiatives for Your SaaS Company”

Doing More With Less: 4 Ways to Run a Successful, Lean Security Team

The global shortage of cybersecurity talent shows no signs of abating, making it harder than ever for smaller businesses to compete for qualified talent. But even if prospects were available and even if you had unlimited budget, throwing resources at the problem would not be the best way to address your security challenges. Instead, we recommend coordinating your limited resources and rethinking security as a shared mission for the entire organization rather than a discrete department.

If you’re facing limited resources and security talent, you can still run secure by following best practices for getting the most out of what you do have. Here are four or our recommendations for running lean in the cloud. Read more “Doing More With Less: 4 Ways to Run a Successful, Lean Security Team”

Lean Guidelines for Selecting and Managing Cloud Security Solutions

Today’s marketplace is cluttered with solutions to an extensive array of security risks, from data loss to malware. However, when building your own security arsenal — especially if you are running lean — it’s essential to take a step back and think holistically about what you actually need, rather than to buy products willy nilly and end up with a pile of single-use tools that don’t integrate well.

Below are four recommendations to help you get what you actually need when it comes to cloud security tools, no matter your budget or team size. Read more “Lean Guidelines for Selecting and Managing Cloud Security Solutions”

How to Secure a Non-Production Environment (Webinar Recap)

“This code is fine, right?”

“It should be…”

“Wait… but what about this configuration?”

“Fine, I’ll test it in dev…”

This conversation sounds all too familiar, right? Your non-production environments are the foundation for the tools, applications, and services you provide to your customers. The history of every code deployment, mistake, and refinement made to create your product can be found there.

While test and dev environments serve a different purpose from production environments, they too, can be open to the outside world and introduce risk if not secured. Chances are, the data you’re storing, analyzing, or processing in non-production environments are just as sensitive as the data you push out to production. So why skimp on security here just because it’s not a production environment?

Yesterday, we hosted a brief webinar (led by our Chris Gervais,  VP of Engineering) focusing on the importance of securing non-production environments and how to do so. In case you missed it, here’s the recording along with a written  recap. Read more “How to Secure a Non-Production Environment (Webinar Recap)”

Cloud Security: Common Gaps & How to Bridge Them

We recently conducted a survey with Enterprise Strategy Group (ESG) to gather data about the state of cloud security today. As they say, numbers don’t lie, and we wanted to know what the numbers say about how well organizations today are progressing toward a more secure future.

Many of the findings were positive, but we also discovered some critical gaps that need to be filled. The survey clarified what we already suspected: As companies invest in additional cloud environments, the associated complexity can lead to significant security lapses. Below, we’ll explain what these cloud security gaps are and what can be done to bridge them. Read more “Cloud Security: Common Gaps & How to Bridge Them”

Meet the TUGG’s Guppy Tank: HiTech, the Next Generation

Every year around this time, Threat Stack looks forward to taking part in TUGG’s (Technology Underwriting Greater Good) ‘Tech Gives Back’ day.

Each TUGG event finds us doing something fun, different, and valuable for the community. This year we had the honor of hosting a class of grade 6 students for a fun Guppy Tank event. Yes, it’s what it sounds like… shark tank, for the littles, but with a serious business attitude. Read more “Meet the TUGG’s Guppy Tank: HiTech, the Next Generation”

A Straightforward Workflow to Define Your Cloud Security Strategy

Security is a big concern for organizations of pretty much every size and shape. Once you have organization-wide agreement that security is a priority (for most companies today, this is a no-brainer), it’s time to get to work.

So where do you start? Of course, you’ll need an individual or an interdisciplinary group to lead your security initiatives, but beyond that, it’s a matter of focusing on the right things at the right time to get your security program up and running as quickly and as smoothly as possible. Getting it done right should always be an objective, and getting it done quickly is also highly desirable — especially if you have a legal or customer requirement to become more secure.

In our latest webinar, “Automating Security and Compliance for Your Cloud Deployment,” Chris Gervais, Threat Stack’s VP of Engineering, and Katie Paugh, G2 Technology Group’s Security Architect discussed a simple workflow that every company can follow to successfully implement an effective security plan. Watch the full recording or read the main points below. Read more “A Straightforward Workflow to Define Your Cloud Security Strategy”

New eBook: Moving to the Cloud? Your Guide to Planning a Secure & Frictionless Migration

At the beginning of this year, Gartner projected that the global public cloud services market would grow to $246.8 billion in 2017, up 18% from $209.2 billion in 2016. Given the many high-value benefits it promises, it’s no wonder that moving to the cloud is the holy grail for many organizations.

When the decision to migrate is based on the right reasons, and when a migration is planned and managed according to proven best practices, the results can fundamentally transform an organization’s business model and create major competitive advantages. But migrating is a complex process, and if best practices aren’t followed, the promises of the cloud can remain out of reach or be delivered in a sub-optimal manner.

To make sure your migration gets off to a strong start, we are releasing our latest eBook — Moving to the Cloud? Your Guide to Planning a Secure and Frictionless Migration.
Read more “New eBook: Moving to the Cloud? Your Guide to Planning a Secure & Frictionless Migration”

How to Cut Time-to-Security-Incident-Detection on AWS

Time-to-detection is everything these days. If you don’t find a breach yourself, chances are someone else will. A recent study points out that up to 27% of breaches are discovered by third parties. This includes vendors or partners you work with, auditors, and probably most damaging of all — your customers.

The problem most companies are grappling with today is how to cut time-to-detection to ensure that they are the first ones to know about an issue, and in a way that won’t put a resource drain on the team. Last Thursday, Chris Gervais, Threat Stack’s VP of engineering, sat down with George Vauter, a senior software security engineer for Genesys, Jarrod Sexton, the lead information security manager for Genesys, and Scott Ward, the solutions architect at Amazon Web Services (AWS), to have a frank discussion about this in a webinar format.

Genesys is a leader in omnichannel customer experience and customer engagement software, with both on-premise and cloud-based offerings. PureCloud, their cloud-native microservice platform, is run on AWS, so the team has extensive experience launching and scaling in the cloud, as well as building a “secure-by-design” platform.

In our conversation, Genesys outlined several important steps that all companies should be implementing to reduce their time-to-detection, which we wanted to further highlight in today’s post. Read more “How to Cut Time-to-Security-Incident-Detection on AWS”