Taking Care of Basics — Lessons From the Boston Cyber Security Summit

This year’s Cyber Security Summit: Boston was a tremendous success. It was rewarding to see so many business leaders, cyber experts, government officials, and thought leaders in one place, all dedicated to advancing the security of our cyber environment.

The event’s mission is to connect C-Suite and Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts.

Parsed out, this meant that the event offered up a lot of valuable insights into the state of cyber security, an exhibit floor filled with leading solution providers demonstrating the latest products and services, and much practical advice on a multitude of security and compliance-related topics.

Threat Stack was honored to be a Gold Sponsor. We were also an exhibitor, and Sam Bisbee, our CSO, was well received for his contribution to one of the main panel discussions.

As usual with these gatherings, there was far too much going on to give a full recap here. However, I do want to focus on some of the highlights from the “Compliance Nightmare” panel, because it reminds us that we should never forget the basics. Read more “Taking Care of Basics — Lessons From the Boston Cyber Security Summit”

What’s Driving Cloud Security Investment Today? Learnings From Our Survey

Public cloud investment is expanding rapidly in 2017, with Gartner projecting 18% growth over the course of this year, including 36.8% growth for the SaaS market alone. We recently conducted a survey with ESG Strategy Group (Threat Stack Cloud Security Report 2017: Security at Speed & Scale) to find out what the business drivers are behind this growth. This is what we learned. Read more “What’s Driving Cloud Security Investment Today? Learnings From Our Survey”

New York State Cybersecurity Requirements for Financial Services Companies — 6 Things You Should Know

Recognizing that the financial services industry is a significant target of cybersecurity threats, the New York State Department of Financial Services (NYDFS) recently promulgated Cybersecurity Requirements for Financial Service Companies (23 NYCRR 500).

If 23 NYCRR 500 applies to your organization, you will need to familiarize yourself with all the details, but in the meantime, here is a summary of the 6 key things every financial institution needs to know about this set of regulations. Read more “New York State Cybersecurity Requirements for Financial Services Companies — 6 Things You Should Know”

5 Years in Review: 4 Can’t-Miss Posts From Our Archive of 450+

Five years is a blink of the eye in time, but in technology, a lot can happen. This year, we’re celebrating the fifth year of the Threat Stack blog. We’ve been digging around our archives and analyzing the metrics to see what’s changed in the market since our inception, how our own product has evolved, and what topics are still tried and true.

Some things changed, and some stayed the same. Most interesting, we saw five of our personal favorite topics rise to the top in terms of article popularity. Some written several years ago, some written this year, they’re indicative of how the market is shifting and what companies are focused on today.

Without further ado, here are the four most-read articles of all time on our blog, and if you haven’t read them, data says you should. Read more “5 Years in Review: 4 Can’t-Miss Posts From Our Archive of 450+”

5 Security Blogs Your CFO Needs to Read

5 Security Blogs Your CFO Needs to Read

Before I started working at Threat Stack, security was not always at the top of my priority list. Now, as the CFO of a leading cloud security company, I’ve learned to take a more holistic view of security: I still view it as a necessity that ensures the safety of an organization’s data and systems, of course, but I also understand that it can be a powerful business enabler and business driver.

Put another way, I no longer view security as just an expense (a “necessary evil”?), and see it as an investment that adds ongoing value throughout the organization and beyond as it not only provides foundational security, but also bolsters corporate reputation, adds confidence to customer relations, streamlines sales cycles, reassures board members and investors, helps with achieving compliance, and so on.

In spite of the huge value it adds, security can still be something of a hard sell — especially in companies where resources, including budget, are limited. With that in mind, I want to use this post to share some of the things I’ve learned as CFO at Threat Stack. Read more “5 Security Blogs Your CFO Needs to Read”

What is Continuous Cloud Compliance & How Can I Achieve It?

Continuous Compliance

Cloud compliance, like cloud security, is never a one-and-done activity. To be compliant, you need to demonstrate it continuously. Systems must be locked down properly, users must follow specific access policies, alerts must be working properly, and so on. If a server is spun up and unprotected, if a user gets too much privileged access, or if alerts are ignored, you can quickly become noncompliant.

So how do you maintain cloud compliance day-in and day-out amongst all your other priorities? In this post, we’ll outline several ways that you can ensure compliance organization-wide, even after the big audit is complete. Read more “What is Continuous Cloud Compliance & How Can I Achieve It?”

Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance

“We really appreciate Threat Stack’s great customer support and its Oversight team. Threat Stack takes feedback seriously and ensures that the customer’s voice is always heard. At HelloSign we are committed to making our users awesome, and we were pleased to see that Threat Stack shares the same belief.”Raaghav Srinivasan, Security Engineer at HelloSign

HelloSign is powering the future of intelligent business. The company’s software platform — which includes eSignature, digital workflow, and electronic fax solutions — converts process to revenue for over 50,000 companies around the world with HelloSign, HelloWorks, and HelloFax.  When HelloSign needed to strengthen its security posture, accelerate security responses, and simplify compliance as it continued to scale, they chose Threat Stack. Read more “Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance”

9 Common Questions About SOC 2 Compliance

SOC 2 compliance is a crucial framework for technology and cloud computing companies today. As with many other compliance mandates, it is not a simple connect-the-dots proposition, but rather a complex set of requirements that must be reviewed and carefully addressed. But it doesn’t have to be overwhelming. Below, we’ll break down nine of the most common basic questions that we hear about SOC 2. Think of it as a 101 on SOC 2.

Read more “9 Common Questions About SOC 2 Compliance”

3 Key Points on How Vulnerability Management Can Help You Become Compliant

Two interesting observations:

The average number of days that attackers were present on a victim’s network before being discovered is 146 days. (FireEye)

At Threat Stack, we have observed that a majority of the market is moving toward automated security vulnerability and configuration scanning.

You would be hard pressed to come by a compliance framework that did not require you to have a system to detect and manage vulnerabilities. Vulnerabilities are as old as technology itself, so to call yourself compliant, you first need to demonstrate that you have a sound vulnerability management program in place.

Vulnerability management systems identify common vulnerabilities and exposures (also known as CVEs), alerting you when a server or package is at risk so you can patch it immediately.

Simply by having a vulnerability management program in place, you can often satisfy many other major compliance requirements. In this post, we’ll explain how vulnerability management helps you to become compliant. Read more “3 Key Points on How Vulnerability Management Can Help You Become Compliant”

How to Drive Efficiencies When Meeting Compliance Under a Deadline

Let’s say you just found out that you need to be compliant with HIPAA or PCI DSS in order to win a big piece of new business for your organization.

Whether it’s a potential customer, a partner, a regulatory body or government making the demand, business often can’t move forward without demonstrable compliance with certain frameworks. And these can be thorny, complex, and time-consuming to meet.

You’ve heard the horror stories about becoming compliant — it can take twice as long as expected to get all your requirements up to par; it can cost way more than budgeted; and sometimes organizations don’t pass an audit even after all that hard work. 

So what do you do?

We know meeting compliance isn’t a walk in the park. But if you’re prepared, you can cut to the chase a lot faster, within budget, and with fewer hiccups along the way. In this post, we’ll share a framework you can follow so you can get on the fast track to compliance. While a lot of tasks are involved in meeting compliance, there are ways to gain efficiencies as you work to meet a broad range of requirements. 

Ready to dive in? Read more “How to Drive Efficiencies When Meeting Compliance Under a Deadline”