We recently discussed some pretty sobering statistics in the world of cybersecurity, ranging from astronomical misconfiguration rates to the depressing lack of speed with which breaches are detected. Not only are attacks more sophisticated than ever before, but infrastructure is too, with sensitive data spread across various servers, service providers, containers, and even SaaS platforms. No matter how worrisome these statistics, however, each and every one can be mitigated, for the most part, when an organization takes a proactive approach to security.
So what does a proactive security approach look like, exactly? It involves SecOps best practices, where Security is integrated with Development and Operations from the outset and where communication between teams takes priority. It also means putting in place repeatable processes and replacing costly, time-consuming, ad hoc procedures with automation wherever possible.
Transforming your culture to support a proactive security culture can be a daunting prospect to be sure. While 85% of respondents to our recent survey said that employing SecOps best practices is an important goal for their organizations, only 35% reported that SecOps is currently an established practice. Held back by overworked and under-resourced security professionals thanks to an industry-wide skills gap, many organizations simply don’t know where to begin when it comes to establishing a more proactive security posture.
Here’s the good news. The Threat Stack Cloud Security Platform® enables your Security and Operations teams to build security into their workflows from the start to make your organization’s approach to security more proactive. Here’s how. Read more “How to Use Threat Stack to Enable Proactive Security”
The fourth — and final — blog post in our series of AWS Security Tips and Quotes offers tips on AWS Security Best Practices. So far the series has covered:
Today’s post offers recommendations that include running a configuration audit, using automation to reduce errors, ensuring that you stay abreast of the latest best practices and recommendations provided by AWS and other resources — and more. Read more “101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices”
Here’s the third blog post in our 4-part series of AWS Security Tips and Quotes, which is designed to help you evolve and strengthen your organization’s security, building on a proactive, comprehensive security strategy.
So far we’ve covered:
Today the spotlight falls on Best Practices for Using Security Groups in AWS, (and in the final installment, Part 4, we’ll deal with AWS Security Best Practices). Read more “101 AWS Security Tips & Quotes, Part 3: Best Practices for Using Security Groups in AWS”
While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure.
SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.
Unfortunately, there seems to be a disconnect between what organizations want when it comes to security, and what they’re actually able to put into practice. In Threat Stack’s recent report, Bridging the Gap Between SecOps Intent and Reality, we found that 85% of organizations believe bridging the gap and employing SecOps best practices is an important goal. Yet just 35% say that SecOps is a completely or mostly established practice at their organizations, and 18% say it’s not established at all.
In this post, we’ll discuss a number of facets of SecOps — what it is, it’s goals, how it benefits organizations, best practices for implementing a SecOps program, to name a few — with the aim of giving you some helpful background and, perhaps, some of the motivation you need to get a SecOps program established in your organization. Read more “What is SecOps? A Definition, Benefits, Best Practices, and More”
As part of its mission, Threat Stack has always brought its readers security-related content to help them make informed decisions that will strengthen their organizations’ security.
With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s critical that organizations develop proactive, comprehensive security strategies that build security in from the very beginning and evolve as their infrastructures scale to keep systems and data secure.
So last week we kicked off a 4-part mini-series on AWS Security Tips and Quotes starting with Part 1: Essential Security Practices.
This week we’re bringing you Part 2 — Securing Your AWS Environment — and in the coming weeks we’ll wrap up with:
- Part 3: Best Practices for Using Security Groups in AWS
- Part 4: AWS Security Best Practices
Read more “101 AWS Security Tips & Quotes, Part 2: Securing Your AWS Environment”
Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. The operational benefits of containers, including optimized build times and more efficient use of infrastructure resources, have caused a surge in interest in container orchestration platforms like Kubernetes. At the same time, Kubernetes deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams.
For teams just getting started with Kubernetes deployments, here’s an overview of three things you need to know about securing your infrastructure from the outset. Read more “3 Things to Know About Kubernetes Security”
With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s imperative that organizations develop comprehensive, proactive security strategies that build security in from Day 1 and evolve as their infrastructures scale to keep systems and data secure.
To help as you create a strong security posture for your organization, we’ve compiled a list of 101 AWS security tips and quotes from cloud experts and security thought leaders (including a few from Threat Stack).
To make the list manageable, we’ve divided it into four separate blog posts, which we’ll publish over the next few weeks:
- Part 1: Essential Security Practices
- Part 2: Securing Your AWS Environment
- Part 3: Best Practices for Using Security Groups in AWS
- Part 4: AWS Security Best Practices
Read more “101 AWS Security Tips & Quotes, Part 1: Essential Security Practices”
You’re in the midst of an infrastructure transition, and you have a million and one things on your plate. Whether you are deploying containers for the first time or configuring your orchestration tool, dealing with evolving infrastructure can be overwhelming, so security can surely wait, right? Wrong!
The problem with delaying security until your new infrastructure is up and running is the exposure risk your organization will have in its environments. When you put off security until a crisis occurs, you miss the important strategic advantages gained by integrating a security program into your operations from Day 1. Meanwhile, as security sits on the backburner, your new infrastructure is left perilously exposed.
Remediating an attack is always more troublesome, costly, time consuming, and damaging than getting security right in the first place. Therefore, it’s vital to build a culture of security from the beginning and to continuously reinforce it. Here are three reasons why the perfect time to invest in security is when you’re transforming your infrastructure. Read more “Why an Infrastructure Transition is the Perfect Time to Invest in Security”
With revenue from the cloud computing sector expected to hit $411 billion by 2020, it’s no wonder that more and more companies are shifting their services to the cloud where flexibility and speed make it attractive for organizations looking to leverage a strong competitive edge. But operating in the cloud also gives rise to a range of security concerns.
We’re doing our part with the Threat Stack Cloud Security Platform® and our newly launched Threat Stack Cloud SecOps Program℠. And since we believe that informed people make better decisions, we’ve made it part of our mission since day one to pass on reliable security information through the Threat Stack blog. Given the rapid pace of change in cybersecurity — along with the growing need to deal with infrastructure in transition as organizations build and manage increasingly sophisticated tech stacks — current, expert content is essential to good security.
Now, as proud as we are of our own blog, there’s a huge amount of excellent information produced by other organizations. So in this post, we’ve compiled details on fifty leading blogs that help professionals stay abreast of the latest news, information, and technologies related to cloud security. Read more “50 Essential Cloud Security Blogs for IT Professionals and Cloud Enthusiasts”
Organizations are migrating from virtual server workloads to containers at a frenzied pace, buying into the increasingly popular technology and taking advantage of containers’ many benefits in terms of agility. The application container market is set to explode, according to 451 Research: Annual revenue is expected to increase by 400% over a period of five years, growing from $749 million in 2016 to more than $3.4 billion by 2021.
It’s not hard to see why. Containers are simple to deploy and provide users with greater operational flexibility and compute density, resulting in an optimized build pipeline. Turning to a container orchestration platform, such as Kubernetes, removes an additional layer of operational complexity for even greater ease of deployment and management.
However, a transition in infrastructure is never simple, and along with the advantages come new security challenges. In this post, we’ll discuss some of the risks you should consider before diving headfirst into a container environment, as well as some solutions for mitigating them. Read more “Infrastructure in Transition: Securing Containers”