Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.
This is the third and final post in our series on using 2-Factor Authentication (2FA). In the first, we talked about why you need to replace SMS as a means of achieving 2FA, and introduced Duo Security as an effective way of doing this. In the second, we gave guidelines for setting up Duo Security at your organization.
In a recent blog post I spoke about the need to find another way of achieving 2-Factor Authentication now that SMS has been deprecated by the National Institute for Science and Technology.
In this post I’m going to offer some guidance, based on my experience at Threat Stack, on how you can implement Duo Security as an easy and effective way of providing a secondary level of authentication in a 2FA throughout your organization. Along the way, I’ll point out some of the key factors and best practices you should take into account to make sure your setup is usable, based on strategy (i.e., you’re not setting up a feature just because you can), and addresses the actual security needs of your particular company. Read more “How to Implement 2FA Security in Your Organization Using Duo Security, Part 2”
You’ve probably been investigating 2-Factor Authentication (2FA) more and more recently. With each new data breach or password dump in the news, you increasingly realize that security doesn’t end with strong passwords.
Just in case you were wondering, the @nytimes building is a Pokegym.
— Runa A. Sandvik (@runasand) Read more “Pokémon GO & Security: Who are All These Strange People in the Lobby?”
On the heels of the recent announcement that Threat Stack has joined the Chef Partner Cookbook Program, it’s a good time to talk about some of the advances we’ve made in our configuration management (CM) and automation tools over the past few months — and to emphasize that these are part of a larger set of criteria that differentiate the Threat Stack platform.
Read more “How to Ensure Simple and Efficient Security Deployments”
While the term “DevSecOps” has started to come up more often recently, we’re still wrapping our heads around “DevOps” to answer questions such as “How do I implement DevOps?”, “Where do I find DevOps engineers?”, and “What does DevOps even mean because I just asked 6 people and got 8 different answers?”
Recently I was pulled into a sales call to help out with a seemingly simple question from a trial customer. What seemed like a simple protocol misconfiguration turned into a lesson about good intentions, enterprise compatibility, and how — in some cases — we are just insecure by default.