These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it.
If you or someone on your team is looking to learn more about what it takes to run a secure organization today, we have provided a list of resources below, from conferences to reference books to Twitter handles, that are worth checking out. Read more “Resources for DevOps Pros to Learn About Security”
Cloud security is a complex subject, and customers sometimes tell us that one of their biggest challenges is simply knowing where to start.
In our latest playbook, Jump Starting Cloud Security: A Guide to Starting Your Cloud Security Journey, we have addressed this problem head on. If your organization is just starting out in cloud security — whether it’s a rapidly growing startup or a more established company — this Playbook is intended for you.
It’s a roadmap full of industry-proven practices that will put you on the fast track to cloud security monitoring, addressing your first round of security concerns, and measurably improving your security stance, all in a reasonable amount of time for a reasonable outlay of money and resources.
The hand-on approach will help you implement important security practices without diverting resources and attention away from your company’s main business goals, and you’ll also end up with a solid platform to build on when you want to move up to the next level of maturity on the cloud security ladder. Read more “New Playbook: Jump Starting Your Cloud Security Journey”
Security should never be a one-and-done proposition: It requires a continuous improvement mindset to keep you on top of security initiatives and to accommodate new issues as you detect them. Once your security program is up and running, you need to measure, evaluate, and modify it on an ongoing basis to maintain or improve your results. This doesn’t necessarily require a ton of time and effort; it simply requires a strategy.
So today, we want to take a look at what it takes to build an effective security program with continuous improvement at its core. In our view, there are three key pillars to continuous security improvement, and if you have been following along with our Starting Your Cloud Security Journey blog post series, then you’ll be well-acquainted with these concepts. Read more “The Three Pillars of Continuous Security Improvement”
Security isn’t just a technical problem. It’s also a people problem, and keeping the people side of the security equation strong requires that all people in your organization have an awareness of security. This is why security awareness programs are so important.
The goal of a security awareness program — as you may have guessed — is to increase organizational understanding and practical implementation of security best practices. A program like this should apply to all hires — new and old, across every department — and it should be reinforced on a regular basis.
Here’s what you need to know to create a first-class security awareness program at your organization. Read more “How to Implement a Security Awareness Program at Your Organization”
In Part 1 of this post we explained how you can find all the secrets in your environment. In Part 2 we will discuss effective ways to store and manage secrets — to keep them from leaking to unauthorized people. Read more “Cloud Security Best Practices: Finding, Securing, & Managing Secrets, Part 2”
As we stated in the introduction to this blog post series, our purpose is to give you insight into the issues you should address when you are at the early stages of establishing a cloud security program.
If your organization is just starting out on its cloud security journey — whether it’s a rapidly growing startup or a more established company — it’s important to develop a strategic security roadmap that’s suited to its early-stage maturity level. You should not reasonably expect to go from no security or rudimentary security to a full-blown, encompassing program in one step. It’s far better to take a graduated approach by defining objectives that will give you reasonable protection now, that won’t drain your budget and resources (and possibly divert critical resources and attention away from your company’s primary business goals) — and that will also serve as a rock solid platform to build on when you want to move up to the next level of maturity on the cloud security ladder.
What you need is an end-to-end roadmap that will get you started in cloud security monitoring, address your first round of security concerns, and noticeably and measurably improve your security stance, all in a reasonable amount of time and for a reasonable expenditure of money and resources.
And that’s exactly what we’ll do in this post: walk through five steps that will help you develop a strategic action plan that includes defined goals and is targeted at your organization’s specific maturity level, needs, and resources. Read more “Planning Your Cloud Security Program”
More and more companies are migrating to the cloud — and for good reason considering the many benefits such as speed, flexibility, and reduced costs.
One of the key questions that always comes up in this transition centers on cloud security. Not so much in the form of “Is the cloud secure?” but more in terms of “What is your company doing to make sure its infrastructure is secure?”
In the best scenario, companies include a cloud security service in their business plan on day one. In the worst case, they limp along for years without a strategically planned, comprehensive security roadmap that will provide real protection for their IP, data, systems, customers, and reputation.
In both cases, these organizations have one thing in common: Regardless of how long they’ve been in business, they are at an early stage of cloud security maturity. They are just starting out on their cloud security journey.
And that’s where we can help. Read more “Threat Stack Blog Series: Starting Your Cloud Security Journey”
Last night we got together with our good friends from PagerDuty to host an event at District Hall in the Seaport area of Boston. It was a fun evening, offering product-related presentations, a wide-ranging panel discussion, and an opportunity to socialize with friends, colleagues, and other like-minded folks.
Before we go further, you may ask why we’re teaming up with PagerDuty. PagerDuty and Threat Stack have a tight product integration that enables you to manage all types of alerts in one place, making sure you have an end-to-end security solution that alerts you when the unexpected occurs. A great combination! Read more “Boston Cloud Security & Incident Management Workshop Recap”
Recently the Galactic Empire’s Death Star plans were leaked due to a security breach on the planet Scarif. A threat actor known as ROGUE ONE carried out the breach with support from the Rebel Alliance fleet. This post mortem has been commissioned by the Imperial Security Bureau and documents what is currently known while active investigation continues.
This breach is not expected to delay construction of the Death Star. The battle station is expected to be operational by its previously announced date, if not before. Read more “Post Mortem: Death Star Data Breach by ROGUE ONE”
The USENIX LISA 2016 Conference wrapped up a week ago after a tremendous five-day program of workshops, training sessions, presentations, talks, and more. Our own Pat Cable, Threat Stack Security Engineer, lent his expertise as “Invited Talks Co-Chair,” and Threat Stack was a proud sponsor of the event.
Full length presentations and videos will soon be available on the LISA site, but we thought it would be fun and informative to follow LISA’s motto of “More Craft, Less Cruft” by bringing you short video interviews with five LISA16 attendees and presenters.
So in their own words, here’s what they had to say about their favorite projects, the importance of security, and anything else that was top of mind. Read more “The USENIX LISA 2016 Conference: In Their Own Words”