Before I started working at Threat Stack, security was not always at the top of my priority list. Now, as the CFO of a leading cloud security company, I’ve learned to take a more holistic view of security: I still view it as a necessity that ensures the safety of an organization’s data and systems, of course, but I also understand that it can be a powerful business enabler and business driver.
Put another way, I no longer view security as just an expense (a “necessary evil”?), and see it as an investment that adds ongoing value throughout the organization and beyond as it not only provides foundational security, but also bolsters corporate reputation, adds confidence to customer relations, streamlines sales cycles, reassures board members and investors, helps with achieving compliance, and so on.
In spite of the huge value it adds, security can still be something of a hard sell — especially in companies where resources, including budget, are limited. With that in mind, I want to use this post to share some of the things I’ve learned as CFO at Threat Stack. Read more “5 Security Blogs Your CFO Needs to Read”
Threat Stack Welcomes New Massachusetts Cybersecurity Growth and Development Center
Last week, during the inaugural Cybersecurity Forum, Massachusetts Governor Charlie Baker announced the brand new, Cybersecurity Growth and Development Center at the Massachusetts Technology Collaborative. The goal of the new public institution is to unite the cybersecurity sector in Massachusetts, while also training new talent — a huge win given the acute skills shortage that exists today. At Threat Stack, we couldn’t be more pleased or supportive. Read more “Massachusetts Takes Leadership Role in Cybersecurity”
How to compress Mean Time To Resolution (MTTR) and drive operational efficiency
Slashing MTTR is one way of shifting into a high-velocity security mode so your team can operate faster to drive innovation, scale, and create a strong competitive advantage.
Read more “Shifting to High-Velocity Cloud Security Operations”
Aligning security with your organization’s greater business needs is becoming increasingly important, but how do you actually do it? What it comes down to is being able to map security to business objectives. Done right, security can be a major business driver. Today, everyone from finance to DevOps to sales and engineering has security top of mind, at least if they know what’s good for them.
In this post, we’ll offer several ways to bridge the gap between security and the rest of the business, allowing you to successfully bring it into the organization in order to meet any number of business objectives. Read more “How to Align Security With Your Business Objectives”
Good security takes effort. But it’s not impossible — far from it. The key to achieving better security is to focus on embedding the right types of thinking early on. Make good security hygiene as natural as muscle memory. And before you start to worry about budget, take note: There are many low-cost, relatively easy measures you can take that will have a big impact on your organization’s security posture.
Recently, we hosted a webinar to outline what some of these low-cost practices look like. We want to show you that it isn’t impossible to achieve security on a budget, especially if you focus on implementing it collaboratively with your teams and building a truly security-conscious culture.
Here’s where we think you should be focusing your energies to achieve big results for little or no cost.
You can listen to the full webinar and read our recap below. Read more “12 Low-Cost Cloud Security Practices With Big Payoffs”
The absence of a common framework for assessing Cloud Service Providers (CSPs), combined with the fact that no two CSPs are the same, complicates the process of selecting one that’s right for your organization. To help you work through this, we’re using this post to discuss seven basic factors you can use to identify a provider that can best match your business, technical, and operational needs.
In this post, we’re going to assume that you will be relying on public cloud infrastructure. There’s no reason to DIY (which can be costly, complex, and frustrating) when there are experts who can do it far better (no offense!). The shared responsibility model is such that you should be able to rely on cloud service providers to take care of the cloud itself while you focus on what’s in the cloud (your data and applications).
So, how do you choose a public cloud provider? First, it’s helpful to know who the major players are today. Read more “7 Factors to Help You Choose the Right Cloud Service Provider”
Security has always been about accepting and managing risk. It’s not about becoming the most secure company; its goal is to protect against likely threats to your unique organization. But how do you know when a new risk crops up? And how can you stay on top of this in a rapidly changing cloud environment with more endpoints to monitor?
Fortunately, the cloud doesn’t just introduce new risks. It also offers new opportunities for successful risk management. And while managing risk in the cloud may seem overwhelming, it can actually become a lot more streamlined if you do it right. In this post, we’ll explain how risk management is different in the cloud and how you can adapt with a few simple shifts to your current approach. Read more “How to Adapt Your Risk Management Strategy for the Cloud”
True or false: Companies born in the cloud naturally understand security.
Young and tech-savvy companies running in the cloud often deal with the same cloud security issues as larger organizations that are moving to the cloud from legacy or on-prem solutions. In fact, the unique requirements of tech companies — like continuous development cycles and cutting-edge, rapidly evolving processes — can sometimes add even more complexity to security. If you fall into this camp, you may find this blog useful. In it, we’ve rounded up some of our best advice so you can learn how to strengthen your cloud security posture and start building out a cloud security strategy starting now, without a big drain on your budget and resources. Read more “5 Cloud Security Tips for Emerging Tech Companies”
How would you know if your prevention methods failed to catch a critical threat? One of two ways: Either a customer, an auditor, or another third party would find out about it (an embarrassing situation for you) or you could get lucky and find it yourself — which is rare without detection.
Prevention techniques and technologies (e.g., security controls, firewalls, encryption, antivirus), are designed to block an attacker from getting in, and can be critical to your security strategy. However, they can’t be the only defense you have in place. If history is any indicator (and we believe it is), attackers will find a way in. So, as a defender, you also need the ability to detect threats once they are inside your modern cloud infrastructure. That’s why companies are shifting their focus to detection techniques and technologies (e.g., monitoring, alerting).
In this post, we’ll explain what detection does that prevention cannot, what to watch out for if you’re relying on prevention alone, and how you can use them in parallel. Read more “Prevention Isn’t Enough. Why All Companies Need Detection Too”
As you probably know by now, containers are a high-priority topic at companies of all sizes. But there are a lot of myths surrounding this technology as well, in part because it is new and unfamiliar territory for most, and simply because the technology is so young.
In this post, we’ll debunk five of the pervasive myths and misunderstandings that surround containers, with a focus on Docker (since it is currently the most widely adopted container technology by a sizeable margin). Let’s dive in. Read more “5 Common Myths Around Moving to Docker”