Every organization is unique in the way it functions and the role each team member plays. So when it comes to security, the very first thing you need to do before kicking off a program or updating your strategy is to decide how security will be driven in your organization and how decisions will be made. While this may be managed formally in larger organizations, smaller companies that don’t have a dedicated security team need to structure their approach to security to ensure that they can create effective security coverage using their more limited resources.
With that in mind, here are four recommendations for getting started with a security program in your organization. Read more “Getting Started With Security? Here’s the Very First Thing to Do”
Security is critical to any business operating in the cloud — in fact, it needs to be a top business priority for the reasons outlined below — and its importance leads many companies to serious conversations about it as early as Day One of operations (if not while the company is still in the planning stages).
If you’re not proactively building out a security program from the earliest days, your turning point could come after a security breach.
But why live under the threat of an incident or put off implementing security measures until something bad happens? It’s much wiser to take a proactive approach to reduce your organization’s risk — and, as we point out below — to reap the other operational and business benefits that are directly connected to good cloud security.
Whatever motivates you to start a security program, the question is “How can you get the initial conversation started in a way that fosters an understanding of the real value of cloud security and wins you the support your project will need to carry it from a concept to an ongoing program?”
The good news is there are best practices that can help your program gets traction. In this post, we explore four that will help you successfully prepare for and manage the initial security conversation at your company. Read more “How to Get The Security Conversation Started at Your Organization”
Shadow IT has emerged in recent years due to misaligned objectives among teams and the fluid nature of DevOps. We’ve written before that although it may achieve short-term goals for the business units it serves, Shadow IT is detrimental for the long-term stability of organizations, and despite its good intentions, puts companies at greater security risk.
In this post, we’ll explore how development, security, and operations can work together to prevent the need for Shadow IT. Read more “The Hidden Dangers of Shadow IT to Cloud Security”
Las Vegas — Tuesday, November 28, 2017
I’m out in Las Vegas at the AWS re:Invent conference, and it is definitely the best re:Invent I’ve ever attended. Like everything in Vegas, it is larger than life! Read more “Live From AWS re:Invent 2017 — Massive Scale in Real Life”
Your Guide to Intrusion Detection for Modern Infrastructure
Many organizations that need cloud security are laboring behind a cloud of myths — unable to clearly define their requirements and match them to technology solutions and best practices that will enable them to operate securely at speed and scale in the cloud. Our new eBook — Myth Busting Intrusion Detection — is designed to clarify these issues. Read more “New eBook: Myth Busting Intrusion Detection”
This year’s Cyber Security Summit: Boston was a tremendous success. It was rewarding to see so many business leaders, cyber experts, government officials, and thought leaders in one place, all dedicated to advancing the security of our cyber environment.
The event’s mission is to connect C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.
Parsed out, this meant that the event offered up a lot of valuable insights into the state of cyber security, an exhibit floor filled with leading solution providers demonstrating the latest products and services, and much practical advice on a multitude of security and compliance-related topics.
Threat Stack was honored to be a Gold Sponsor. We were also an exhibitor, and Sam Bisbee, our CSO, was well received for his contribution to one of the main panel discussions.
As usual with these gatherings, there was far too much going on to give a full recap here. However, I do want to focus on some of the highlights from the “Compliance Nightmare” panel, because it reminds us that we should never forget the basics. Read more “Taking Care of Basics — Lessons From the Boston Cyber Security Summit”
Public cloud investment is expanding rapidly in 2017, with Gartner projecting 18% growth over the course of this year, including 36.8% growth for the SaaS market alone. We recently conducted a survey with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) to find out what the business drivers are behind this growth. This is what we learned. Read more “What’s Driving Cloud Security Investment Today? Learnings From Our Survey”
Containers are a big topic of conversation right now — and for good reason. They represent a powerful and transformative shift toward infrastructure that can enable flexibility and rapid development unlike anything we’ve seen before. However, as containers continue to proliferate, so do the security and compliance issues that surround them. Many in the market do not fully understand these concerns or how to address them. Our recent report with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) bore this out.
Containers cannot solve every development or infrastructure problem; they are not the panacea that many believe them to be. But they do offer new opportunities that, when used properly, can move your organization forward. Read more “The State of Container Security: What We Learned From Our Survey”
Want to take a peek at the World’s Worst Data Breaches? Here you go:
Now that we’ve got that out of the way, let’s start this blog post over again. Our goal isn’t to frighten you or deepen the numbness you might already be feeling from the drip, drip, drip of bad cyber news.
It’s National Cybersecurity Awareness Month (NCSAM), which was launched in October 2004 as a collaboration between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security with the goal of raising awareness and providing education on cybersecurity issues.
The name is something of a misnomer, however. NCSAM is really designed to do more than make you aware of cyber risks. It’s bigger goal is to arm you with information and tools you can use to strengthen yourself, your social groups, and your businesses against the cyber criminals who prey on us.
In the spirit of NCSAM, we at Threat Stack want to do our part by sharing some of the advice our bloggers have offered on how to take action to protect yourself and your company from cyberattacks. With that in mind, here are summaries of four recent blogs. Read more “How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action”
Whether you’re in security, operations, or another related discipline, choosing the right cloud security products can be a complex process. With thousands of options, each with their own nuances, how do you know which tool, or mix of tools, is going to be right for your organization? The following questions are designed to help you identify the solutions that will fit your specific needs and requirements. Use them as you make your decision, and the entire process will be much more seamless. Read more “11 Questions to Ask Before Investing in a Cloud Security Solution”