The conversations about cloud security are changing rapidly. A few years ago, companies were hesitant to even talk about moving to the cloud because of all the unknowns — specifically in regard to security. Cloud service providers like Amazon, Google, and Microsoft have made bold commitments to security, so today the conversation is shifting from how secure the cloud itself is, to how individual companies can better secure their data and systems.
On Tuesday, January 17, Threat Stack’s Director of Products, Vikram Varakantam, and OneLogin’s CISO, Alvaro Hoyos, hosted a webinar to discuss where they each see cloud security headed in the coming year. Read more “To Predict Cloud Security’s Future, We Must First Understand Its Past”
Organizations wait to implement security solutions for a variety of reasons. One that we often hear is that they’re looking to land that cloud service security expert to help them make all the right product selections and correctly implement and maintain the solutions they choose.
This would be great in a perfect world: these organizations would make that hire, buy those products, and start improving security.
Unfortunately there’s a big gap between the ideal world and the one we actually operate in. Read more “Why You Can’t Wait Until a Security Person is Hired”
I watched a Twilight Zone marathon over the New Year’s weekend, and it got me wondering about today’s Internet of Things (IoT). Are “Things” really taking over our world, and if so, how can we peacefully coexist with them or even prosper together?
The IoT is really just a fancy way of saying that technology is becoming more pervasive in everything we use, from sensors to thermostats to our trusty office gadgets. But with such pervasiveness, where does security come in, if at all?
Read more “3 Ways Businesses Can Address IoT Security Failures”
It’s the end of the year — a classic time for reflection. So before we charge into 2017, let’s ask:
- What went well in the world of security this year?
- What are the areas for improvement?
- How can you stay ahead of the bad guys in 2017?
Cloud security in particular took some big leaps forward over the past year, but there is still a lot to learn and improve upon in the year ahead. So let’s take a look at where and how. Read more “Your Year-End Cloud Security Health Check: Reflections and Resolutions”
One of our goals at Threat Stack is sharing information that will help you learn about the current cloud security threat landscape in order to effectively and more easily manage your organization’s security issues — and confidently get on with running your business.
To this end, the Threat Stack blog is a terrific repository of articles that cover a range of security topics. If you’re not a regular reader, we encourage you to start exploring — and in the meantime, have a look at the ten most-read posts of 2016. Read more “According to Our Readers: Threat Stack’s Top 10 Blog Posts for 2016 (and More)”
Exploits feed on vulnerabilities. Vulnerabilities, in turn, pave the way for exploits. These closely related security concepts are often confused, but it’s key to understand the difference and how they each play out to make sure your systems are as airtight as they can possibly be. Read more “Vulnerabilities and Exploits: What You Need to Know”
Moving to and scaling in the cloud — especially for those who came from on-premise environments — can not only be overwhelming, but confusing, too. With new services available to your organization, policies to adhere to, and users and systems to secure, where should you begin?
Many of us at Threat Stack, including myself, have worked with on-premise environments at other organizations. So we understand the experience of being overwhelmed and confused when it comes to getting started securing your cloud or hybrid environment. The good news is that we have some real experts and great customers who have helped us identify best practices for transitioning to and scaling in a cloud environment, and we want to share those with you!
We use a Cloud Maturity Model as a starting point. Essentially, it lays out the stages and activities companies should follow to mature their cloud environment — but we believe secure cloud computing needs to play a bigger part. As such, the Threat Stack team agreed it was time to develop a Cloud Security Maturity Model to help companies understand, step by step, how to implement and scale security as they grow in the cloud.
Read more “Adopt a Cloud Security Maturity Model to Guide Your Journey in the Cloud”
It’s no secret that there’s a huge talent shortage in the security space today. With a low supply and high demand, salaries have surged, increasing 6.4% from 2015 to 2016. (That’s an even higher salary growth than software engineers are seeing.) And there is no end in sight. For companies that recognize how important it is to keep information and systems secure in today’s business climate, it’s important to find workable strategies for hiring and retaining security talent in spite of this shortage.
While most organizations would benefit by developing a full-fledged, multi-faceted recruiting and retention strategy, we want to share a few more tactical ways to help bridge the talent gap in the shorter term.
Read more “Where to Find Security Talent & How to Keep Them Happy”
As we hurtle into the future, it often seems that talk in the tech media revolves around cloud computing. But the reality for many companies, especially larger enterprises, is that the transition to the cloud is going to take time. In many cases, today’s environments are more of a hybrid — with some assets residing in the cloud, while others are firmly on-premise, and still more are in a state of transition. Regardless of where your organization is on this continuum, security needs to go right along with it.
The good news is that there’s no need to sacrifice security — or visibility — because some or all of your resources remain on-prem. Read more “The Realities of Hybrid Computing Today & How to Stay Secure”
Security is a shared responsibility when you run your business on Amazon Web Services (AWS). To hold up your end of the bargain, there are many best practices at companies should be employing early on (but often don’t) to ensure that they’re maintaining security and that it can scale as the company grows.
Read more “Best Practices for Implementing & Scaling Security in AWS”