DevOpsDays Chicago 2016: Dev, Ops, & the Role of Security

Last week I spent two great days at DevOpsDays Chicago. Usually, I attend conferences to listen to the talks, but in Chicago I was representing Threat Stack (one of the event’s Gold Sponsors), so my job was mostly listening to engineers discuss their organization’s security stance and requirements. I learned a lot from the conference — especially about the integration of Security into a DevOps world.

Read more “DevOpsDays Chicago 2016: Dev, Ops, & the Role of Security”

How Your End Users Can Enable Their Mobile Phones to Act as 2FA Devices, Part 3

This is the third and final post in our series on using 2-Factor Authentication (2FA). In the first, we talked about why you need to replace SMS as a means of achieving 2FA, and introduced Duo Security as an effective way of doing this. In the second, we gave guidelines for setting up Duo Security at your organization.

Read more “How Your End Users Can Enable Their Mobile Phones to Act as 2FA Devices, Part 3”

How to Implement 2FA Security in Your Organization Using Duo Security, Part 2

In a recent blog post I spoke about the need to find another way of achieving 2-Factor Authentication now that SMS has been deprecated by the National Institute for Science and Technology.

In this post I’m going to offer some guidance, based on my experience at Threat Stack, on how you can implement Duo Security as an easy and effective way of providing a secondary level of authentication in a 2FA throughout your organization. Along the way, I’ll point out some of the key factors and best practices you should take into account to make sure your setup is usable, based on strategy (i.e., you’re not setting up a feature just because you can), and addresses the actual security needs of your particular company. Read more “How to Implement 2FA Security in Your Organization Using Duo Security, Part 2”

How to Ensure Simple and Efficient Security Deployments

On the heels of the recent announcement that Threat Stack has joined the Chef Partner Cookbook Program, it’s a good time to talk about some of the advances we’ve made in our configuration management (CM) and automation tools over the past few months — and to emphasize that these are part of a larger set of criteria that differentiate the Threat Stack platform.
Read more “How to Ensure Simple and Efficient Security Deployments”

When We Try to do Right by Security — And Reality Hits Us in the Face!

Recently I was pulled into a sales call to help out with a seemingly simple question from a trial customer. What seemed like a simple protocol misconfiguration turned into a lesson about good intentions, enterprise compatibility, and how — in some cases — we are just insecure by default.

Read more “When We Try to do Right by Security — And Reality Hits Us in the Face!”