New eBook: Moving to the Cloud? Your Guide to Planning a Secure & Frictionless Migration

At the beginning of this year, Gartner projected that the global public cloud services market would grow to $246.8 billion in 2017, up 18% from $209.2 billion in 2016. Given the many high-value benefits it promises, it’s no wonder that moving to the cloud is the holy grail for many organizations.

When the decision to migrate is based on the right reasons, and when a migration is planned and managed according to proven best practices, the results can fundamentally transform an organization’s business model and create major competitive advantages. But migrating is a complex process, and if best practices aren’t followed, the promises of the cloud can remain out of reach or be delivered in a sub-optimal manner.

To make sure your migration gets off to a strong start, we are releasing our latest eBook — Moving to the Cloud? Your Guide to Planning a Secure and Frictionless Migration.
Read more “New eBook: Moving to the Cloud? Your Guide to Planning a Secure & Frictionless Migration”

Not Ready for Cloud Security? Here Are 5 Things You Can Do in the Meantime

If you are currently running an on-premise or hybrid environment with an eye to eventually making a complete transition to the cloud, you may be feeling a bit overwhelmed by everything that needs to change in order for your security posture to be appropriate for this new environment. In this post, we’re going to explain how you can start where you are, take small but meaningful steps, and still make important progress toward where you want to be — operating securely in the cloud.

Without trying to boil the ocean, here are five key steps you can take to gently kickstart your transition toward a fully secure, all-cloud environment, no matter where you are today. Read more “Not Ready for Cloud Security? Here Are 5 Things You Can Do in the Meantime”

5 Principles for Running Securely in a Multi-Cloud Environment

AWS has long ruled the cloud platform game. But today more and more companies are branching out and using additional providers as well. Often this isn’t a matter of replacing one with another, but of different business requirements (such as managing risk and costs) being suited to different cloud vendors. Other factors for using more than one provider center on the fact that vendors work to price their offerings competitively and continually add new features. Additionally, many organizations that run Windows are offered free Azure credits. So why not take advantage and reduce your overall cloud costs?

There’s nothing wrong with running a multi-cloud environment — in fact doing so may be part of a well-crafted strategy — but when you do so, you want to make sure that you are taking appropriate security precautions. In this post, we’ll cover five principles you should strive for when you make the move to a multi-cloud environment. But first, let’s take a look at the major players. Read more “5 Principles for Running Securely in a Multi-Cloud Environment”

5 Considerations for Evaluating a Cloud Security Solution

Many companies today are turning to cloud security solutions — from security monitoring platforms to orchestration tools to alerting systems — in order to manage both strategic and tactical security initiatives. Purpose-built technological solutions — especially if you’re a company with limited in-house expertise and resources — can help you stay on top of security without having to hire more people or add to your already long list of things to do.

Before choosing a cloud security solution, however, you need to take many considerations into account — some that focus on the solution itself, and others that focus more squarely on the provider of the solution (because, ultimately, you can’t separate the solution from the provider). In this post, we’ll cover some of the most important considerations. Read more “5 Considerations for Evaluating a Cloud Security Solution”

5 Pieces of Advice for Navigating the Security Culture Shift

As security threats become a bigger part of the day-to-day concerns at all types of organizations, it has become vital to inculcate and promote a “culture of security.” Yes, security is everyone’s responsibility — but it requires a shift in culture for people to begin accepting that responsibility.

Triggering this shift can be harder than it sounds on the surface. Why? Well, for one thing, most people in the organization don’t have their success measured on security. When the marketing team gets a performance review, no one brings up security. When a direct reward or consequence isn’t on the line, it can be more difficult to get people to buy in to their responsibility to help keep the company secure.

That said, it’s not impossible by any means. It just requires focused and sustained effort to change the culture. As with any culture shift, it won’t necessarily be easy or linear, but it is achievable. Here are a few steps you can take to help your team more security-minded. Read more “5 Pieces of Advice for Navigating the Security Culture Shift”

14 Questions to Ask Yourself Before Committing to a Cybersecurity Vendor

Update: For an interesting discussion of this post, take a listen to this Security Weekly podcast. The discussion starts at 8 minutes, 10 seconds.

The cybersecurity tech market is crowded. Very crowded.

Whether you’re in security, IT, or another related discipline, choosing vendors and products can be overwhelming and frustrating — and making bad choices can be costly up front as well as down the road. To bring some clarity to the process, we’ve put together a brief list of questions. Together, they should help you develop a basic understanding of your needs and capabilities so you can start identifying appropriate offerings and vendors in the cybersecurity marketplace.

(Note: In an upcoming post, we’ll examine some of the key technical issues you need to consider before selecting a security product or solution.)

Read more “14 Questions to Ask Yourself Before Committing to a Cybersecurity Vendor”

Security Vendor Assessment Worksheet

If you've been tasked with evaluating cloud security vendors, this is your starting point.

Download Now

How to Prioritize Security Tasks When You Have Limited Resources

Many organizations have limited resources (time, personnel, and money) for IT, and oftentimes only a small portion of that is devoted to security. Given the limited resources available to create and execute a best practice security plan, you will need to face up to these constraints and prioritize security tasks.

But how, exactly, should you go about strategically prioritizing your security needs? How can you determine which aspects need to be addressed first and which can be dealt with later? After all, aren’t they all important? Read more “How to Prioritize Security Tasks When You Have Limited Resources”

How to Leverage Automation to Make Your Organization Secure by Design

Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.

With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this. Read more “How to Leverage Automation to Make Your Organization Secure by Design”

Assessing the State of the Shared Responsibility Model

We hear (and at Threat Stack, we write) a lot about the shared security responsibility model. This is the idea that, when it comes to the cloud, businesses are responsible for the security of their data and applications in the cloud, while providers are responsible for the security of the cloud infrastructure.

But are companies prepared to take responsibility for their end of the bargain? How far do we still have to go to reach the promised land of a successfully shared responsibility model? Below, we’ll explore where we stand today and what it will take to reach that holy grail. Read more “Assessing the State of the Shared Responsibility Model”

Join Threat Stack’s Automating AWS Security Webinar

Secure by Design: Automating Security for Your Cloud Deployment

Security and DevOps teams are both being asked to make their organizations run faster and more securely while proving it in the form of compliance audits and completed security questionnaires. But no one has the time — and few have the knowledge — to do all this, let alone do it well.

Read more “Join Threat Stack’s Automating AWS Security Webinar”