Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for a cloud security service is more urgent than ever as all areas of business and personal computing are being impacted by cyber threats. On the other hand, the process of delivering software has changed: We have significantly streamlined the development process by reducing organizational silos through various implementations of a DevOps culture.
So here’s the question: Faced with this changing landscape, how can Security transform the way it does business in order to contribute its full value — without negatively impacting development schedules and operational procedures? Security needs to adjust to the rapid and agile world of the cloud, but the transition doesn’t have to be difficult. The Ops community faced a similar transition when it integrated with Dev, and there’s much that Security can learn from their experience.
Read more “5 Things Security Can Learn From Operations’ Transition Into DevOps”
Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.
This is the third and final post in our series on using 2-Factor Authentication (2FA). In the first, we talked about why you need to replace SMS as a means of achieving 2FA, and introduced Duo Security as an effective way of doing this. In the second, we gave guidelines for setting up Duo Security at your organization.
Read more “How Your End Users Can Enable Their Mobile Phones to Act as 2FA Devices, Part 3”
In a recent blog post I spoke about the need to find another way of achieving 2-Factor Authentication now that SMS has been deprecated by the National Institute for Science and Technology.
In this post I’m going to offer some guidance, based on my experience at Threat Stack, on how you can implement Duo Security as an easy and effective way of providing a secondary level of authentication in a 2FA throughout your organization. Along the way, I’ll point out some of the key factors and best practices you should take into account to make sure your setup is usable, based on strategy (i.e., you’re not setting up a feature just because you can), and addresses the actual security needs of your particular company. Read more “How to Implement 2FA Security in Your Organization Using Duo Security, Part 2”
You’ve probably been investigating 2-Factor Authentication (2FA) more and more recently. With each new data breach or password dump in the news, you increasingly realize that security doesn’t end with strong passwords.
Read more “How to Replace SMS 2-Factor Authentication With Duo Security 2FA, Part 1”
On the heels of the recent announcement that Threat Stack has joined the Chef Partner Cookbook Program, it’s a good time to talk about some of the advances we’ve made in our configuration management (CM) and automation tools over the past few months — and to emphasize that these are part of a larger set of criteria that differentiate the Threat Stack platform.
Read more “How to Ensure Simple and Efficient Security Deployments”
While the term “DevSecOps” has started to come up more often recently, we’re still wrapping our heads around “DevOps” to answer questions such as “How do I implement DevOps?”, “Where do I find DevOps engineers?”, and “What does DevOps even mean because I just asked 6 people and got 8 different answers?”
Read more “Why Did We Need to Invent DevSecOps?”
Recently I was pulled into a sales call to help out with a seemingly simple question from a trial customer. What seemed like a simple protocol misconfiguration turned into a lesson about good intentions, enterprise compatibility, and how — in some cases — we are just insecure by default. Read more “When We Try to do Right by Security — And Reality Hits Us in the Face!”