Latest Blogs

Cloud Security Insights, Thoughts, and Ideas

4 Min Read
Lessons Learned From Lola: Demonstrating PCI Compliance in a Cloud-Native, Containerized Environment

Tim Buntel

December 3, 2019

Lola.com initially became PCI compliant about a year ago, and this fall completed a successful PCI audit. Recently Katie Paugh, Lola’s Senior ...

5 Min Read
8 Best Practices for Strengthening Security in Cloud-Native Environments

Stephen Fitzgerald

November 19, 2019

Cloud-native companies and larger companies migrating to cloud environments continue to see the cloud as a way to gain speed, reliability, and ...

3 Min Read
Cut Time & Costs: 7 Best Practices to Follow When Choosing a Cloud Security Solution

Mark Moore

November 14, 2019

In a SaaS world, everyone wants to move fast! Rapid development can slash time to market and put you in a strong competitive position, and of ...

5 Min Read
HIPAA Compliance Tips & Best Practices — Training Considerations

Bob Allin

November 12, 2019

What kind of training does your organization need to support HIPAA compliance? A good way to start answering this question is to reference the ...

8 Min Read
Testing Tool Profile: Why Threat Stack Uses ThoughtWorks Gauge

T.J. Maher

October 31, 2019

 Threat Stack has numerous tests running daily, verifying that things are working as expected in our Threat Stack Cloud Security ...

7 Min Read
HIPAA Compliance Tips & Best Practices — Factors to Consider When Developing Effective Policies & Procedures

Mark Moore

October 29, 2019

Our last post on HIPAA compliance — HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge — provided expert ...

4 Min Read
How to Create a Security Risk Assessment for Containers in 5 Steps

Mark Moore

October 24, 2019

When adopting containers, organizations need to create a risk profile for the types of threats and vulnerabilities they expect to experience. This ...

11 Min Read
HIPAA Compliance Tips & Best Practices — Building Your Foundational Knowledge

Mark Moore

October 22, 2019

The last few years have seen a number of failures in the field of HIPAA compliance and fines that would put many smaller-scale practices out of ...

5 Min Read
NYDFS Cybersecurity Regulation: Two Years Later, Let’s Check-In

Collin Varner

October 16, 2019

Introduction  — by Lindsey Ullian, Threat Stack Compliance Manager Back in 2017, we brought our readers up to date on NYDFS Cybersecurity ...

19 Min Read
20 DevSecOps Pros Reveal the Most Important Considerations in Building a DevSecOps Pipeline

Pan Chhum

October 10, 2019

In a recent Threat Stack report, 44 percent of DevOps professionals we surveyed said that when it comes to security-related issues, they'd have to ...

3 Min Read
Findings From the Threat Stack Q3, 2019 SOC Report

Blaine Connaughton

October 8, 2019

Going ahead, the Threat Stack Security Operations Center (SOC) will be publishing a quarterly report summarizing lessons we’ve learned, trends ...

5 Min Read
Cloud Security Professional Development & Educational Resource Roundup

Bob Allin

October 3, 2019

The flexibility and speed of cloud computing make is enormously appealing to organizations that are looking to leverage a strong competitive edge. As ...

4 Min Read
The Top 3 Security Mistakes SaaS Companies are Making

Stephen Fitzgerald

October 1, 2019

The more data you store, the more attractive you become to cybercriminals, so SaaS companies need to recognize the importance of following security ...

14 Min Read
Industry Experts Provide Tips For Successful Cyber Diligence in M&A

Tim Buntel

September 26, 2019

Mergers and acquisitions can be successful growth strategies for many companies. They bring together customers, IP, and assets — but they also ...

14 Min Read
16 Kubernetes Experts Share the Most Interesting Current Trends to Look for in Kubernetes

Sabin Thomas

September 24, 2019

Kubernetes is a popular DevOps tool thanks to its container-centric environment and portability across infrastructure providers. In 2018, Kubernetes ...

9 Min Read
10 Automated Testing Tools That Threat Stack Uses — and Why

Laura Haiduck

September 19, 2019

All software development projects, whether they’re large or small, can benefit from well-planned and well-executed testing. It’s your way to ...

4 Min Read
4 Things You Need to Know About SOC 2 Compliance

Mark Moore

September 17, 2019

Compliance isn’t as simple as a connect-the-dots exercise. When you consider how fast companies are moving to and expanding in the cloud, and ...

6 Min Read
Protecting Infrastructure With TLS Client Authentication

Pat Cable

September 12, 2019

Here at Threat Stack we really like Yubikeys — and they’re a critical part of our security program. Many folks know Yubikeys for their ability to ...

7 Min Read
Ten Application Security Terms That Every Developer Should Know

Tim Buntel

September 10, 2019

A few months ago I gave a talk about securing microservices at the Boston Cloud Native Computing Meetup. After the presentation, a young developer (a ...

7 Min Read
HIPAA Compliance Checklist

Mark Moore

September 5, 2019

Any organization that has access to electronic Protected Health Information (ePHI) must comply with HIPAA. If your organization needs to be ...

5 Min Read
How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack

Tim Buntel

September 4, 2019

The current version of the PCI DSS is 3.2.1, published in May 2018. Requirement 6 states that you must “Develop and maintain secure systems and ...