Threat Stack’s 2018 New Year’s Security Resolutions

Insights from
Chris Ford, VP of Product, and Pete Cheslock, Senior Director of Operations and Support

Instead of the “predictions” that are usually offered up at this time of year, we decided to focus on security resolutions. So rather than surveying a variety of issues that might (or might not) affect your security operations in the coming year, we want to talk about resolutions that, if you put them into play and follow through rigorously, will offer a sure way of strengthening your organization’s security habits and posture.

Security should never be thought of as a one-and-done proposition. It’s an ongoing, evolving process, and instead of “getting secure,” smart organizations focus on continuously improving their security postures. As with any other type of improvements you want to make, it can be helpful to take a moment to pause and consider your goals for the coming year. Instead of good intentions that don’t translate into action, make resolutions around the reality of today’s security landscape and the very real challenges that are likely to arise in your organization in 2018.

To help you do this, we sat down with two of our cloud security experts, Chris Ford, VP of Product, and Pete Cheslock, Senior Director of Operations and Support, to ask them what resolutions they recommend companies make regarding security in 2018. Here’s what they had to say. Read more “Threat Stack’s 2018 New Year’s Security Resolutions”

How to Get The Security Conversation Started at Your Organization

Security is critical to any business operating in the cloud — in fact, it needs to be a top business priority for the reasons outlined below — and its importance leads many companies to serious conversations about it as early as Day One of operations (if not while the company is still in the planning stages).

If you’re not proactively building out a security program from the earliest days, your turning point could come after a security breach.

But why live under the threat of an incident or put off implementing security measures until something bad happens? It’s much wiser to take a proactive approach to reduce your organization’s risk — and, as we point out below — to reap the other operational and business benefits that are directly connected to good cloud security.

Whatever motivates you to start a security program, the question is “How can you get the initial conversation started in a way that fosters an understanding of the real value of cloud security and wins you the support your project will need to carry it from a concept to an ongoing program?”

The good news is there are best practices that can help your program gets traction. In this post, we explore four that will help you successfully prepare for and manage the initial security conversation at your company. Read more “How to Get The Security Conversation Started at Your Organization”

Lean Guidelines for Selecting and Managing Cloud Security Solutions

Today’s marketplace is cluttered with solutions to an extensive array of security risks, from data loss to malware. However, when building your own security arsenal — especially if you are running lean — it’s essential to take a step back and think holistically about what you actually need, rather than to buy products willy nilly and end up with a pile of single-use tools that don’t integrate well.

Below are four recommendations to help you get what you actually need when it comes to cloud security tools, no matter your budget or team size. Read more “Lean Guidelines for Selecting and Managing Cloud Security Solutions”

Is Your Infrastructure Too Unique for a Cloud Security Tool?

Every organization orchestrates their infrastructure in their own way, but more often than not, most cloud environments have a lot in common. Since infrastructure security is embedded at the technology layer of your stack, many security tools on the market today can meet the needs of even the most unique cloud configurations. In this post, we’ll explain why that is. Read more “Is Your Infrastructure Too Unique for a Cloud Security Tool?”

Lean Security Webinar ReCap: Achieving SecOps Efficiency in the Cloud

On December 14, Chris Gervais, Threat Stack’s VP of Engineering, was joined by Sabino Marquez, the CISO of Allocadia for our latest webinar: Lean Security: Your Guide to SecOps Efficiency in the Cloud. We’ve written before about lean security and the importance of aligning people, processes, and technology to create a successful security organization. In this webinar, we learned first-hand how Allocadia does it with Threat Stack.

You can view the entire webinar here, or read a recap of the key points that Chris and Sabino covered. Read more “Lean Security Webinar ReCap: Achieving SecOps Efficiency in the Cloud”

How to Work Backwards to Develop a Sound Security Strategy

In today’s cloud-based environments, security threats can move faster and do more damage than ever before. To avoid a financial and technological repercussions, companies must be proactive with their security strategies and have the ability to act fast.

A common approach is to “over-secure” company systems, but this can unnecessarily limit employee access to important tools and hinder productivity. Alternatively, those who know security well realize that if you offer employees too much access, it can open your business to security vulnerabilities.

A better approach centers on striking the right balance between security and practicality, and the way companies can achieve this is by working backwards from the ideal security scenario to formulate their strategy.

In this post, we’ll explore ways that security leaders can approach technology in a manner that is both usable for employees but also secure for the company. To do this, they must begin with an analysis of the risks and the needs of their employees. Let’s dive in. Read more “How to Work Backwards to Develop a Sound Security Strategy”

How to Balance Risk and Reward When it Comes to Cloud Security

It’s difficult to quantify the money saved by preventing a cyber attack that never happened. This is why proving the ROI of security measures can be tricky and can sometimes make security feel more like a cost-center than an investment.

In truth, being a great security organization is a competitive advantage. It’s both a sales driver and a compliance linchpin. It’s not simply a cost of doing business. In fact, it can really give you a leg up, particularly when selling to customers with HIPAA, SOC 2, ISO27000, or other compliance requirements.

In this post, we’ll explore a number of ways to balance risk and reward as you pursue cloud security and ensure the vitality of your business. Read more “How to Balance Risk and Reward When it Comes to Cloud Security”

People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization

In our recent webinar, Automating Security & Compliance for Your Cloud Deployment, we explored ways that firms can scale their cloud security strategies through visibility and intrusion detection, security and compliance automation, and low-cost security practices.

Some organizations are especially successful when it comes to security preparedness. In the webinar, we discussed what makes the strongest teams stand out. It boils down to their unique approaches to people, processes, and technology and how theses elements are bound together by a common set of goals.

In this post, we’ll dig further into these three areas and define what you really need to create a rockstar security organization. Read more “People, Processes, & Technology: The 3 Elements of a Rockstar Security Organization”

New eBook: Myth Busting Intrusion Detection

Your Guide to Intrusion Detection for Modern Infrastructure

Many organizations that need cloud security are laboring behind a cloud of myths — unable to clearly define their requirements and match them to technology solutions and best practices that will enable them to operate securely at speed and scale in the cloud. Our new eBook — Myth Busting Intrusion Detection — is designed to clarify these issues. Read more “New eBook: Myth Busting Intrusion Detection”