101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices

The fourth — and final — blog post in our series of AWS Security Tips and Quotes offers tips on AWS Security Best Practices. So far the series has covered:

Today’s post offers recommendations that include running a configuration audit, using automation to reduce errors, ensuring that you stay abreast of the latest best practices and recommendations provided by AWS and other resources — and more. Read more “101 AWS Security Tips & Quotes, Part 4: Best AWS Security Practices”

101 AWS Security Tips & Quotes, Part 3: Best Practices for Using Security Groups in AWS

Here’s the third blog post in our 4-part series of AWS Security Tips and Quotes, which is designed to help you evolve and strengthen your organization’s security, building on a proactive, comprehensive security strategy.

So far we’ve covered:

Today the spotlight falls on Best Practices for Using Security Groups in AWS, (and in the final installment, Part 4, we’ll deal with AWS Security Best Practices). Read more “101 AWS Security Tips & Quotes, Part 3: Best Practices for Using Security Groups in AWS”

What is SecOps? A Definition, Benefits, Best Practices, and More

While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure.

SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle.

Unfortunately, there seems to be a disconnect between what organizations want when it comes to security, and what they’re actually able to put into practice. In Threat Stack’s recent report, Bridging the Gap Between SecOps Intent and Reality, we found that 85% of organizations believe bridging the gap and employing SecOps best practices is an important goal. Yet just 35% say that SecOps is a completely or mostly established practice at their organizations, and 18% say it’s not established at all.

In this post, we’ll discuss a number of facets of SecOps — what it is, it’s goals, how it benefits organizations, best practices for implementing a SecOps program, to name a few — with the aim of giving you some helpful background and, perhaps, some of the motivation you need to get a SecOps program established in your organization. Read more “What is SecOps? A Definition, Benefits, Best Practices, and More”

101 AWS Security Tips & Quotes, Part 2: Securing Your AWS Environment

As part of its mission, Threat Stack has always brought its readers security-related content to help them make informed decisions that will strengthen their organizations’ security.

With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s critical that organizations develop proactive, comprehensive security strategies that build security in from the very beginning and evolve as their infrastructures scale to keep systems and data secure.

So last week we kicked off a 4-part mini-series on AWS Security Tips and Quotes starting with Part 1: Essential Security Practices.

This week we’re bringing you Part 2 — Securing Your AWS Environment — and in the coming weeks we’ll wrap up with:

  • Part 3: Best Practices for Using Security Groups in AWS
  • Part 4: AWS Security Best Practices

Read more “101 AWS Security Tips & Quotes, Part 2: Securing Your AWS Environment”

3 Things to Know About Kubernetes Security

Gartner estimates that 50 percent of companies will use container technology by 2020, up from less than 20 percent in 2017. The operational benefits of containers, including optimized build times and more efficient use of infrastructure resources, have caused a surge in interest in container orchestration platforms like Kubernetes. At the same time, Kubernetes deployments have opened up a whole new set of infrastructure security concerns for Development and Operations teams.

For teams just getting started with Kubernetes deployments, here’s an overview of three things you need to know about securing your infrastructure from the outset. Read more “3 Things to Know About Kubernetes Security”

101 AWS Security Tips & Quotes, Part 1: Essential Security Practices

With more companies than ever leveraging cloud services like AWS, and with cloud environments becoming more and more complex, it’s imperative that organizations develop comprehensive, proactive security strategies that build security in from Day 1 and evolve as their infrastructures scale to keep systems and data secure.

To help as you create a strong security posture for your organization, we’ve compiled a list of 101 AWS security tips and quotes from cloud experts and security thought leaders (including a few from Threat Stack).

To make the list manageable, we’ve divided it into four separate blog posts, which we’ll publish over the next few weeks:

  • Part 1: Essential Security Practices
  • Part 2: Securing Your AWS Environment
  • Part 3: Best Practices for Using Security Groups in AWS
  • Part 4: AWS Security Best Practices

Read more “101 AWS Security Tips & Quotes, Part 1: Essential Security Practices”

Why an Infrastructure Transition is the Perfect Time to Invest in Security

You’re in the midst of an infrastructure transition, and you have a million and one things on your plate. Whether you are deploying containers for the first time or configuring your orchestration tool, dealing with evolving infrastructure can be overwhelming, so security can surely wait, right? Wrong!

The problem with delaying security until your new infrastructure is up and running is the exposure risk your organization will have in its environments. When you put off security until a crisis occurs, you miss the important strategic advantages gained by integrating a security program into your operations from Day 1. Meanwhile, as security sits on the backburner, your new infrastructure is left perilously exposed.

Remediating an attack is always more troublesome, costly, time consuming, and damaging than getting security right in the first place. Therefore, it’s vital to build a culture of security from the beginning and to continuously reinforce it. Here are three reasons why the perfect time to invest in security is when you’re transforming your infrastructure. Read more “Why an Infrastructure Transition is the Perfect Time to Invest in Security”

50 Essential Cloud Security Blogs for IT Professionals and Cloud Enthusiasts

With revenue from the cloud computing sector expected to hit $411 billion by 2020, it’s no wonder that more and more companies are shifting their services to the cloud where flexibility and speed make it attractive for organizations looking to leverage a strong competitive edge. But operating in the cloud also gives rise to a range of security concerns.

We’re doing our part with the Threat Stack Cloud Security Platform® and our newly launched Threat Stack Cloud SecOps Program℠. And since we believe that informed people make better decisions, we’ve made it part of our mission since day one to pass on reliable security information through the Threat Stack blog. Given the rapid pace of change in cybersecurity — along with the growing need to deal with infrastructure in transition as organizations build and manage increasingly sophisticated tech stacks — current, expert content is essential to good security.

Now, as proud as we are of our own blog, there’s a huge amount of excellent information produced by other organizations. So in this post, we’ve compiled details on fifty leading blogs that help professionals stay abreast of the latest news, information, and technologies related to cloud security. Read more “50 Essential Cloud Security Blogs for IT Professionals and Cloud Enthusiasts”

Infrastructure in Transition: Securing Containers

Organizations are migrating from virtual server workloads to containers at a frenzied pace, buying into the increasingly popular technology and taking advantage of containers’ many benefits in terms of agility. The application container market is set to explode, according to 451 Research: Annual revenue is expected to increase by 400% over a period of five years, growing from $749 million in 2016 to more than $3.4 billion by 2021.

It’s not hard to see why. Containers are simple to deploy and provide users with greater operational flexibility and compute density, resulting in an optimized build pipeline. Turning to a container orchestration platform, such as Kubernetes, removes an additional layer of operational complexity for even greater ease of deployment and management.

However, a transition in infrastructure is never simple, and along with the advantages come new security challenges. In this post, we’ll discuss some of the risks you should consider before diving headfirst into a container environment, as well as some solutions for mitigating them. Read more “Infrastructure in Transition: Securing Containers”

Highlights From RSA Conference 2018

Approximately 50,000 attendees descended on San Francisco’s Moscone Center April 16–20 for RSA Conference 2018. With cyberthreats on the upswing, this year’s theme of “Now Matters” was especially apt, and a wide range of keynotes, sessions, and courses covering cybersecurity today didn’t disappoint. In this post, we’ll recap some of the highlights in a day-by-day rundown of the most interesting sessions, keynotes, and events. Whether you were able to attend or not, we want to share some of the great resources and information that came out of the conference. Read more “Highlights From RSA Conference 2018”