8 Best Practices for Strengthening Security in Cloud-Native Environments

Cloud-native companies and larger companies migrating to cloud environments continue to see the cloud as a way to gain speed, reliability, and other well-known benefits. But there are still plenty of pitfalls that can undermine security and negatively impact operations. To help remedy this situation, this post outlines some of the mistakes that operators make most frequently, along with best practices and recommendations they can follow to proactively reduce risk, achieve their security goals, and continue along the path to stronger cloud security maturity.  Read more “8 Best Practices for Strengthening Security in Cloud-Native Environments”

The Top 3 Security Mistakes SaaS Companies are Making

The more data you store, the more attractive you become to cybercriminals, so SaaS companies need to recognize the importance of following security best practices. However, even those who understand this imperative can find it difficult to know where to start.

With that in mind, this post discusses three of the most common security mistakes that SaaS organizations make and tips on how your organization can address them. Read more “The Top 3 Security Mistakes SaaS Companies are Making”

AWS GDPR: What You Need to Know

In May 2018, the General Data Protection Regulation became enforceable. While it is largely a European Union regulation, you are still covered by it if you store or process personal information of EU citizens.

If you use Amazon Web Services, you already know about many of the common security issues that can arise if you’re not on top of your game. But GDPR opens the door to a whole new set of security concerns and potential pitfalls, even for companies that aren’t based in the EU. Fortunately, AWS has taken steps to achieve GDPR compliance, but since it operates using a shared responsibility model, that means you’re on the hook for compliance, as well. With Threat Stack, you can secure your AWS infrastructure and uphold your end of the shared responsibility arrangement without slowing down DevOps. In addition, our intrusion detection platform helps you meet GDPR compliance obligations by helping you achieve observability throughout your infrastructure.

In this post, we discuss the steps AWS has taken to ensure GDPR compliance and what you can do to guarantee that your own infrastructure or system is likewise compliant. Read more “AWS GDPR: What You Need to Know”

Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts

Increasingly, AWS users are leveraging multiple accounts to manage their infrastructure. While doing so is a recommended best practice that enables users to achieve the highest levels of resource and security isolation and to optimize operational costs, it can also increase the amount of time and effort required for effective administration and remediation.

As a remedy to this problem (and “account sprawl” in general), and as a means of providing more granular alerting and actionable data, Threat Stack has built two key functionalities into its Cloud Security Platform®:

  • The ability to view multiple AWS accounts from one central location: Our unified view reduces admin time and provides significant convenience because end users no longer need to gather information and alerts from multiple accounts. This means you can focus on business issues and not administration!
  • Rulesets that are focused on giving more granular alerting and context to your interactions with the AWS control plane: Our extensive out-of-the-box rulesets give customers increased control plane visibility and more granular tracking of AWS API actions within their accounts, and you still have the flexibility of creating new rules and modifying existing rules (as we have previously documented.)

Read on for more details. Read more “Leveraging Threat Stack’s Out-of-the-Box Rulesets and Single View for Managing Multiple AWS Accounts”

What is Cloud Workload Security?

A cloud workload is a distinct capacity or work function that we put on a cloud instance. It can be a Hadoop node, a Web server, a database, or a container, among other things.

Broadly speaking, therefore, cloud workload security is any means of protecting these workloads.

There is a common misconception that securing your workloads is the responsibility of the cloud service provider. But that’s not true if you work with an “infrastructure as a service” (IaaS) model such as Amazon Web Services. With IaaS, you share some of that responsibility. In some instances, you would need to extend the security policies, tools, and controls you have for your onsite systems to the cloud in order to secure these workloads. A widespread failure to fully understand and act on the shared responsibility model is demonstrated in a November 2017 survey, where we found that 73% of companies have at least one critical AWS security misconfiguration.

With Threat Stack, a leader in cloud-native security and compliance management, you can better secure your cloud environment and cloud workloads. Our Cloud Security Platform® is designed to meet the unique challenges facing Security and Operations teams working in the cloud. Let’s take a look at the common threats facing cloud workloads along with best practices for enhancing cloud workload security. Read more “What is Cloud Workload Security?”

How to Find and Remediate Open Infrastructure Ports

The evidence is clear — open infrastructure ports lead to security vulnerabilities. When AWS S3 buckets or SSH ports are left open, they can leave your organization at risk for security breaches.

For example, in July 2018, an open S3 bucket at a political autodial company, Robocent, exposed nearly 2,600 files relating to political campaigns. The leak included voter records containing sensitive information such as phone numbers, gender, and birth dates. The files were then indexed by GrayHatWarfare, which has a database of 48,623 open S3 buckets.

Leaks like Robocent’s highlight the need for organizations to maintain visibility into where data is located within their cloud infrastructure, as well as whether the storage system is risk-appropriate given the sensitivity of the information. It’s easy, but never acceptable, for a fast-growing or seasonal organization like this one to lose track of that risk over time.

It’s important to ensure that certain gateways into your infrastructure are password protected or are configured properly to prevent events like this from affecting your organization. That’s why, in this post, we’re highlighting how to find and remediate open infrastructure ports. Read more “How to Find and Remediate Open Infrastructure Ports”