How to Secure a Non-Production Environment (Webinar Recap)

“This code is fine, right?”

“It should be…”

“Wait… but what about this configuration?”

“Fine, I’ll test it in dev…”

This conversation sounds all too familiar, right? Your non-production environments are the foundation for the tools, applications, and services you provide to your customers. The history of every code deployment, mistake, and refinement made to create your product can be found there.

While test and dev environments serve a different purpose from production environments, they too, can be open to the outside world and introduce risk if not secured. Chances are, the data you’re storing, analyzing, or processing in non-production environments are just as sensitive as the data you push out to production. So why skimp on security here just because it’s not a production environment?

Yesterday, we hosted a brief webinar (led by our Chris Gervais,  VP of Engineering) focusing on the importance of securing non-production environments and how to do so. In case you missed it, here’s the recording along with a written  recap. Read more “How to Secure a Non-Production Environment (Webinar Recap)”

Looking Back on Cybersecurity Awareness Month and a 365 Day Outlook

Cybersecurity Awareness Month may be coming to a close, but we have already set our eyes on the future. The question is: How can we stay “security aware” year round and, more importantly, translate this awareness into actions that will help keep our companies secure?

Cybersecurity has never been more important than in the past few years. It seems that every week, a major new breach hits the news headlines, leaving every company more and more worried about whether they’re next. This month — National Cybersecurity Awareness Month — has been a great reminder to verify whether your security protocols and practices are up-to-date and effective. But with the state of things today, you can’t afford to stop there.

We believe that done right, security is a 24/365 operation. If you’ve been following our blog, you’ve learned that there are many ways to streamline and automate security so it doesn’t require an army to maintain.

In this post, we’re wrapping up our best pieces of advice for you so that every month going forward can be cybersecurity month at your company. Read more “Looking Back on Cybersecurity Awareness Month and a 365 Day Outlook”

Hybrid Security: How to Protect a Complex Environment

It is very clear by now that the cloud has reached an inflection point. Public cloud investment continues its rapid expansion, driven in large part by business imperatives for speed and scale. Gartner projects 18% cloud growth in 2017, with an increase of 36.8% for IaaS. So, the odds are your company is running at least some of its infrastructure in the public cloud.

Of course, no matter how many benefits it offers, it is often not possible for organizations to make a clean leap to the cloud. Many find themselves with infrastructures that include cloud, multi-cloud, hybrid, on-premise, and containerized environments. So what do you need to do to protect these complex structures?

We recently conducted a survey with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) to learn more about the realities of hybrid environments today. Below are some of our findings as well as recommendations on how to secure your environment, no matter what it consists of. Read more “Hybrid Security: How to Protect a Complex Environment”

What’s Driving Cloud Security Investment Today? Learnings From Our Survey

Public cloud investment is expanding rapidly in 2017, with Gartner projecting 18% growth over the course of this year, including 36.8% growth for the SaaS market alone. We recently conducted a survey with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) to find out what the business drivers are behind this growth. This is what we learned. Read more “What’s Driving Cloud Security Investment Today? Learnings From Our Survey”

The State of Container Security: What We Learned From Our Survey

Containers are a big topic of conversation right now — and for good reason. They represent a powerful and transformative shift toward infrastructure that can enable flexibility and rapid development unlike anything we’ve seen before. However, as containers continue to proliferate, so do the security and compliance issues that surround them. Many in the market do not fully understand these concerns or how to address them. Our recent report with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) bore this out.

Containers cannot solve every development or infrastructure problem; they are not the panacea that many believe them to be. But they do offer new opportunities that, when used properly, can move your organization forward. Read more “The State of Container Security: What We Learned From Our Survey”

Cloud Security: Common Gaps & How to Bridge Them

We recently conducted a survey with Enterprise Strategy Group (ESG) to gather data about the state of cloud security today. As they say, numbers don’t lie, and we wanted to know what the numbers say about how well organizations today are progressing toward a more secure future.

Many of the findings were positive, but we also discovered some critical gaps that need to be filled. The survey clarified what we already suspected: As companies invest in additional cloud environments, the associated complexity can lead to significant security lapses. Below, we’ll explain what these cloud security gaps are and what can be done to bridge them. Read more “Cloud Security: Common Gaps & How to Bridge Them”

A Straightforward Workflow to Define Your Cloud Security Strategy

Security is a big concern for organizations of pretty much every size and shape. Once you have organization-wide agreement that security is a priority (for most companies today, this is a no-brainer), it’s time to get to work.

So where do you start? Of course, you’ll need an individual or an interdisciplinary group to lead your security initiatives, but beyond that, it’s a matter of focusing on the right things at the right time to get your security program up and running as quickly and as smoothly as possible. Getting it done right should always be an objective, and getting it done quickly is also highly desirable — especially if you have a legal or customer requirement to become more secure.

In our latest webinar, “Automating Security and Compliance for Your Cloud Deployment,” Chris Gervais, Threat Stack’s VP of Engineering, and Katie Paugh, G2 Technology Group’s Security Architect discussed a simple workflow that every company can follow to successfully implement an effective security plan. Watch the full recording or read the main points below. Read more “A Straightforward Workflow to Define Your Cloud Security Strategy”

5 Years in Review: 4 Can’t-Miss Posts From Our Archive of 450+

Five years is a blink of the eye in time, but in technology, a lot can happen. This year, we’re celebrating the fifth year of the Threat Stack blog. We’ve been digging around our archives and analyzing the metrics to see what’s changed in the market since our inception, how our own product has evolved, and what topics are still tried and true.

Some things changed, and some stayed the same. Most interesting, we saw five of our personal favorite topics rise to the top in terms of article popularity. Some written several years ago, some written this year, they’re indicative of how the market is shifting and what companies are focused on today.

Without further ado, here are the four most-read articles of all time on our blog, and if you haven’t read them, data says you should. Read more “5 Years in Review: 4 Can’t-Miss Posts From Our Archive of 450+”

How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action

Want to take a peek at the World’s Worst Data Breaches? Here you go:

Now that we’ve got that out of the way, let’s start this blog post over again. Our goal isn’t to frighten you or deepen the numbness you might already be feeling from the drip, drip, drip of bad cyber news.

It’s National Cybersecurity Awareness Month (NCSAM), which was launched in October 2004 as a collaboration between the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security with the goal of raising awareness and providing education on cybersecurity issues.

The name is something of a misnomer, however. NCSAM is really designed to do more than make you aware of cyber risks. It’s bigger goal is to arm you with information and tools you can use to strengthen yourself, your social groups, and your businesses against the cyber criminals who prey on us.

In the spirit of NCSAM, we at Threat Stack want to do our part by sharing some of the advice our bloggers have offered on how to take action to protect yourself and your company from cyberattacks. With that in mind, here are summaries of four recent blogs. Read more “How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action”

11 Questions to Ask Before Investing in a Cloud Security Solution

Whether you’re in security, operations, or another related discipline, choosing the right cloud security products can be a complex process. With thousands of options, each with their own nuances, how do you know which tool, or mix of tools, is going to be right for your organization? The following questions are designed to help you identify the solutions that will fit your specific needs and requirements. Use them as you make your decision, and the entire process will be much more seamless. Read more “11 Questions to Ask Before Investing in a Cloud Security Solution”