Ensuring Compliance With EU Payment Services Directive (PSD2)

All Things Compliance
3 Min Read

September 14, 2019 is the deadline by which all payment service providers within the European Union must comply with PSD2’s Regulatory Technical Standard (RTS) pertaining to the requirements of the revised Payment Services Directive (PSD2). In this post, we cover some of the main issues related to PSD2’s purpose, how to determine whether it applies to you, and key requirements for compliance and security. Read more “Ensuring Compliance With EU Payment Services Directive (PSD2)”

Just Enough Windows Server

Windows Server Agent
3 Min Read

— A special Thank You to Jose Bañez, Threat Stack Security Solution Engineer, for editing this blog post.

If you’re like me, you grew up using a Windows PC in school, but eventually made the jump to Macs. In my career, the same shift happened: Initial brushes with corporate IT were Windows-based, but as I got corporate MacBooks, I encountered the Bash shell, remote servers, and all the Linux that comes along with it.

While Linux typically rules the world in terms of servers on the web, Windows Server is still going strong in the back office and in enterprise data centers. A lot has changed since the early days of Windows NT. With the recent introduction of the Threat Stack Agent for Windows Server, I thought it would be helpful to provide a quick overview of how most admins are managing Windows Server in the wild. It’s by no means official, but here’s what I learned. Read more “Just Enough Windows Server”

Stretch Right With Threat Stack Application Security Monitoring

Security Research & Strategy
4 Min Read

In our last post, we explored how Threat Stack’s Application Security Monitoring embeds security in development processes — without negatively impacting agility or speed of application development and deployment. Empowering developers to proactively address software risk is central to organizations that “stretch left” to build security into their entire software development and deployment lifecycle. But even with the best security awareness, testing, and early problem identification and mitigation, some risk may always sneak by and make it into a running application.  Read more “Stretch Right With Threat Stack Application Security Monitoring”

16 Cloud Security Experts Share the Most Costly Security Technology Misconceptions When It Comes to Cloud Migration

Security Research & Strategy
16 Min Read

More companies are migrating their infrastructure to the cloud to take advantage of benefits like reliability, scalability, and lower costs, but cloud migration remains a complex task requiring careful consideration and planning. (For tips on planning a secure and frictionless migration, download our ebook.) Choosing the right security technology is just one of many considerations, but it’s a critically important one, particularly for organizations in sectors such as healthtech and healthcare. Not only do organizations in these areas need to protect large volumes of sensitive patient and institutional data, but they can also face serious penalties for violating privacy regulations.

When it comes to security, it is often advantageous to choose an integrated platform such as Threat Stack’s Cloud Security Platform® in order to gain visibility across all cloud providers, including hybrid cloud environments, in a single dashboard. Threat Stack also enables full stack security observability, which provides organizations with contextualized information from every part of the cloud throughout the entire software development lifecycle.

To learn more about the most common (and most costly) misconceptions companies have about security technology when considering cloud migration, we reached out to a panel of cloud security experts and asked them to answer this question: Read more “16 Cloud Security Experts Share the Most Costly Security Technology Misconceptions When It Comes to Cloud Migration”

Stretching Left With Threat Stack Application Security Monitoring

Containers, Orchestration & Security, Security Research & Strategy
4 Min Read

Developers have always been overworked. They face a constant flow of feature-focused work from the business and need to balance that with work involving performance, quality and reliability, and technical debt. While DevOps and highly automated CI/CD pipelines have made developers more productive by removing low-value non-development tasks, it has actually made the pressure to deliver even greater. According to the 2018 DORA Accelerate: State of DevOps report, high-performing DevOps teams have 46X more frequent code deploys than low-performing teams. That’s a lot more work for developers — more high-impact work, happily, but more work nonetheless.  Read more “Stretching Left With Threat Stack Application Security Monitoring”

Tips for Choosing the Right CI/CD Tools

Budgeting and Buying Tips, Dev & DevOps Knowledge, Security Research & Strategy
26 Min Read

Building an effective CI/CD pipeline can be a complex process with countless decisions that require a great deal of planning. Whether it’s a massive DevOps team or a single developer working alone, the more you can draw on practical, real-world knowledge in making decisions about CI/CD tools the better off you are. While highly experienced developers can pass along tips to less experienced team members, the constantly changing nature of DevOps means that even the most experienced developer can benefit. 

Like all workflows, CI/CD workflows are susceptible to security concerns, so it’s a best practice to integrate security into your DevOps world (something commonly known as DevSecOps). By pairing leading continuous integration tools with a cloud security and compliance solution like the Threat Stack Cloud Security Platform®, you can build security directly into the entire software development lifecycle. With security across the CI/CD pipeline, you can ensure that your team is developing more reliable and secure applications, without compromising your team’s efficiency.

In this post, we offer 50 tips offered up by a variety of industry experts as a good place for software engineers to start building a knowledge base. To make things easier, we’ve divided the list into the following categories, beginning with a few general tips that are useful no matter the team or project: Read more “Tips for Choosing the Right CI/CD Tools”

AWS re:Inforce 2019 Recap: A Look Back at the First AWS Security Show

AWS Security
4 Min Read

The last day of the first AWS re:Inforce conference has wrapped up and it’s time to take the lessons we learned back to the office and put them into practice. In this post, we’ve compiled a few of the key takeaways from our team on the ground at re:Inforce broken into Day 1 and Day 2. We did a deep dive into Day 1 already, so check out the full post if you want to dig into the details. Read more “AWS re:Inforce 2019 Recap: A Look Back at the First AWS Security Show”

AWS re:Inforce 2019 — Day 1 Recap

AWS Security
4 Min Read

Note: For a recap of Day 2,  please take a look at AWS re:Inforce Recap: A Look Back at the First AWS Security Show.

Day 1 of AWS re:Inforce 2019 — the first-ever AWS conference dedicated entirely to security — has wound down, and Day 2 is already underway, but we wanted to provide a quick recap for those of you who couldn’t make it to the show or were too busy to get the big picture. Here are a few of the high-level takeaways from the Threat Stack Team on the ground at re:Inforce 2019. Read more “AWS re:Inforce 2019 — Day 1 Recap”

50 of the Best DevOps Podcasts

Cloud Security Professional Development
21 Min Read

DevOps is a challenging and complex field, requiring professionals to constantly seek knowledge and acquire new skills and techniques to improve their productivity and effectiveness. Fortunately, software engineers are great at compartmentalization and multitasking, which is where these DevOps podcasts come in. We’ve assembled a list of 50 of the best DevOps podcasts that both educate and entertain, provide tips and insights to make you a better software engineer, keep you up-to-date on industry news and innovations, and expand your knowledge of the vast DevOps ecosystem. This list is all about learning from your peers as well as the thought leaders in the industry who have been there and done that. Read more “50 of the Best DevOps Podcasts”