How to Benchmark Your SecOps Maturity and Make Continuous Improvement

Over 50% of companies admit to cutting back on security measures to meet a business deadline or objective, according to our recent SecOps Report. In other words, security is falling by the wayside, even as companies invest heavily in DevOps. With DevOps able to move more swiftly than ever in the cloud, security is often mistakenly viewed as a business decelerator, serving as an impediment to DevOps’ efficiency.

But strong security is not only vital to a healthy business in its own right; it can also speed sales cycles, drive revenue, and clear the way for new business opportunities. The key is integrating security with development and operations workflows and embedding it within business practices from the outset.

To do this, it’s necessary to get all stakeholders on the same page around security goals. One way to do that is to build a shared framework. With the help of the new Threat Stack® Cloud SecOps Maturity Framework, benchmarking your security maturity is a straightforward process of evaluating your strengths and weaknesses, and this enables you to develop a clear and actionable plan to move forward. Read more “How to Benchmark Your SecOps Maturity and Make Continuous Improvement”

Understanding Shared Responsibility For a SaaS Environment

As a SaaS organization, you may be well-versed in the world of cloud computing and feel confident that the cloud is as secure as any on-prem or data center network — as you should. Cloud Service Providers (CSPs) have gone to great lengths to secure their infrastructure, employing in-house security teams with deep expertise and world-class security tools. Few SaaS companies alone can achieve the same level of collective cloud security prowess that an IaaS provider such as AWS or Azure can.

But security of the cloud is different from security in the cloud, which is to say that you — as a SaaS organization — are not off the hook completely. The shared responsibility model that cloud providers subscribe to means that, while they are responsible for the security of cloud infrastructure, you are responsible for the security of your own data, platform, applications systems, and networks.

The better you understand this division of labor, the better you can secure your SaaS environment. In this post, we’ll explore when you need to embrace your responsibility and when it’s okay to let your CSP drive — so you know exactly where to focus your cloud security efforts. Read more “Understanding Shared Responsibility For a SaaS Environment”

Threat Stack Launches Cloud SecOps Program

Security + Operations — Better Together!

Yesterday was a game-changer for Threat Stack and the cybersecurity community! That’s when we launched the Threat Stack Cloud SecOps Program, offering a radical transformation in the way Security and Operations teams can work together.

The Threat Stack Cloud SecOps Program has been purpose-built to give organizations the roadmap, technology, and people they need to integrate Security and Operations. Now companies of all sizes can securely leverage modern infrastructure and DevOps at scale!

To see for yourself, take a look at the following video where core members of the Threat Stack team give insights into the what, why, and how: Read more “Threat Stack Launches Cloud SecOps Program”

The Threat Stack Cloud SecOps Program: Why We Built It & How It Can Help Your Organization Become More Secure

An Interview With Brian M. Ahern

Cybercrime stands out as the greatest threat posed to every business around the world today. That’s fact, not FUD. Cybercrime is forecast to cost organizations around the globe $6 trillion annually by 2021, doubling its toll from 2015. To put it plainly, this represents the greatest economic wealth transfer in history, and cements cybercrime as a more profitable enterprise than the entire global illegal drug trade.

If you want to build an organization that will survive this onslaught intact, then the question you must answer today is: “What is your team doing to proactively reduce and remediate your security risks?

To help you answer that question, we are thrilled to announce our brand-new Threat Stack Cloud SecOps Program℠. This new program empowers organizations to revolutionize the way security and operations teams collaborate, proactively fortify infrastructure, and reduce attack surface. The program enables companies of all sizes to minimize their risk profiles without straining security or operations teams. And it accomplishes these goals by applying DevOps principles (like shared KPIs, automation, and continuous feedback) to security. Read more “The Threat Stack Cloud SecOps Program: Why We Built It & How It Can Help Your Organization Become More Secure”

How to Make SecOps Work in the Real World

Smart organizations already know that running securely is key to success in today’s competitive landscape. So why isn’t security table stakes in 2018?

Unfortunately, there seems to be a disconnect between what organizations want when it comes to security, and what they’re actually able to put into practice. In Threat Stack’s recent report, Bridging the Gap Between SecOps Intent and Reality, we found that 85% of organizations believe bridging the gap and employing SecOps best practices is an important goal, yet just 35% say that SecOps is a completely or mostly established practice at their organizations, and 18% say it’s not established at all.

It’s clear that the challenge is how to make SecOps work in the real world. Whether you’re challenged by a security talent shortage, siloing between teams, out-of-date skills, or major rifts in perception, it is possible to better integrate SecOps using the right strategy.

To help you apply security best practices to your organization, let’s take a look at four concrete ways that teams can begin to close the SecOps chasm. Read more “How to Make SecOps Work in the Real World”

Are You Ready for GDPR Compliance? Here’s a Checklist.

The European Union’s General Data Protection Regulation (GDPR) is going into effect in just two months — on May 25, 2018. Yet a recent Forrester report indicates that only about 30% of companies say they’re ready to comply, and at least some of those firms are actually overstating their readiness.

If you haven’t completed your preparations or you’re not confident about your status, we’ve created the following checklist to help your organization prepare for the upcoming changes. We hope you find it useful. Read more “Are You Ready for GDPR Compliance? Here’s a Checklist.”

Threat Stack Introduces Rapid Baselining — Transforming Data Into Actionable Intelligence

One of the biggest challenges with alert-based IDS solutions is handling the sheer volume of alerts that can be generated on a daily basis. Teams need a way to navigate this data so they can quickly and effectively hone in on the critical details that indicate anomalous activity and tune alerts that are unique to their environment — thereby ensuring ongoing protection against threats and continuously enhancing their organization’s security posture.

At Threat Stack, we have always made sure that customers are seeing the most important security alerts so they can run efficient workflows. To strengthen that capability, we have just introduced Rapid Baselining — a new feature that groups alerts based on the associated rule. By leveraging the metadata within the alerts, we add deeper intelligence to the alert information. Read more “Threat Stack Introduces Rapid Baselining — Transforming Data Into Actionable Intelligence”

Upcoming Webinar — Good, Fast, or Secure? Why DevOps Means You Don’t Have to Choose

Live Tuesday, March 27 at 1:00 p.m. EST

Click here to register.

Overview

Common wisdom holds that, when it comes to software releases, you can only have two of: good, fast, or secure. But we don’t agree at all. When DevOps is implemented thoughtfully and holistically — and when security is brought into the process early — it’s entirely possible to release high-quality, secure code as quickly as the market demands.

In this webinar, we’ll walk you through exactly how Threat Stack has avoided sacrificing security on the altar of speed and share best practices to help you achieve the holy trinity of good, fast, secure code at your organization. Read more “Upcoming Webinar — Good, Fast, or Secure? Why DevOps Means You Don’t Have to Choose”

How Threat Stack Does DevOps — Series Overview

Pete Cheslock, Threat Stack’s Senior Director of Operations, has just published a four-part blog series that gives deep insights into his experience “doing DevOps” at a variety of companies — in particular, his highly successful experience building DevOps practices into the fabric of Threat Stack virtually from day one.

We encourage you to read the entire series: It’s loaded with great accounts of what works and doesn’t work in real-life environments  — there’s nothing academic about Pete’s approach — and also offers up lots of practical advice you can draw on if you’re trying to figure out the best way to implement DevOps in your organization. But before you dive in, we thought we’d offer up a reader’s digest version to get you going. Read more “How Threat Stack Does DevOps — Series Overview”

The Best Cloud Security Conferences to Attend in 2018 and Beyond

Securing any cloud infrastructure is a big job. You have to be constantly up to date when it comes to skills, tools, and technology, as well as the vulnerabilities and threats that crop up continuously. When it comes to security, being stagnant isn’t an option. A good cloud security professional only remains top notch by staying on top of the latest cloud security trends, emerging threats, and best practices.

That’s where cloud security conferences come in, bringing together top experts, cloud security thought leaders, and industry professionals to share tips, tricks, and tactics for bolstering cloud security in the modern landscape.

With the spring conference season kicking off,  we’ve rounded up 50 cloud security conferences you should attend in 2018, grouped by quarter so you can easily plan your schedule for the remainder of the year:

Read more “The Best Cloud Security Conferences to Attend in 2018 and Beyond”