In our last post, we explored how Threat Stack’s Application Security Monitoring embeds security in development processes — without negatively impacting agility or speed of application development and deployment. Empowering developers to proactively address software risk is central to organizations that “stretch left” to build security into their entire software development and deployment lifecycle. But even with the best security awareness, testing, and early problem identification and mitigation, some risk may always sneak by and make it into a running application. Read more “Stretch Right With Threat Stack Application Security Monitoring”
Developers have always been overworked. They face a constant flow of feature-focused work from the business and need to balance that with work involving performance, quality and reliability, and technical debt. While DevOps and highly automated CI/CD pipelines have made developers more productive by removing low-value non-development tasks, it has actually made the pressure to deliver even greater. According to the 2018 DORA Accelerate: State of DevOps report, high-performing DevOps teams have 46X more frequent code deploys than low-performing teams. That’s a lot more work for developers — more high-impact work, happily, but more work nonetheless. Read more “Stretching Left With Threat Stack Application Security Monitoring”
Threat Stack’s Application Security Monitoring
enables cloud security observability across the full stack & full lifecycle in a single solution
Here at Threat Stack, we’ve been talking a lot about security observability recently (check out this article and whitepaper). When you design and monitor your systems for security observability, you reduce risk and minimize the likelihood and potential impact of a security breach.
But in the same way that you’d never invest in locks and alarms for the windows of your house while leaving the doors wide open, you can’t protect your business by focusing security observability on a single perimeter only. Security observability delivers value when it’s applied throughout the entire system. We call this Full Stack Security Observability. But what, exactly, is the “full stack?” Read more “Defining the “Full Stack” in Full Stack Security Observability”
Modern healthcare is a full participant in the digital economy, and personal health information (PHI) is at its center. But today’s digital landscape is a volatile threat environment where sensitive personal data is a coveted commodity. Minimizing exposure, liability, and risk to PHI is a necessity with visibility all the way up to the board-level in every healthcare organization.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes the HIPAA Privacy Rule which establishes national standards to protect PHI. Every organization conducting health care transactions electronically is familiar with its rules, and being “HIPAA Compliant” is mandatory. But such standards can create a false sense of security; is simply checking the boxes and satisfying an annual audit really enough to keep attackers at bay? Do standards written over the course of decades adequately cover today’s rapidly evolving threat landscape? Are processes developed in the days of enterprise data-centers sufficient to protect containerized microservices running in the cloud?
The short answer is No: Merely being compliant is no longer enough. Digital leaders in proactive healthcare organizations — from providers to insurance companies — have realized that they must do much more to protect themselves from threats. Embracing DevSecOps and CI/CD gives healthcare organizations a strong foundation for security that goes beyond compliance with true full stack security observability. Read more “Beyond Checkboxes: 6 Cloud Security Measures All Healthcare Organizations Should Take”
This post explains how the PCI Security Standards Council has introduced its new PCI Software Security Framework to align PCI with modern software development and deployment practices such as DevOps, microservices, and containers.
Read more “New PCI Standards for New Ways of Building Software”