All Things Compliance
7 Min Read July 30, 2019
How SaaS Companies Can Build a Compliance Roadmap
Meeting compliance requirements can be a challenge, but it can also open up new markets, speed your sales process, and improve your company’s overall security posture. When it comes to improving your security maturity, compliance can be a useful part of your strategy.
Whether you’re targeting specific industry verticals or going after international customers, entering new markets requires continuous education about the latest in compliance and regulatory standards as they relate to data privacy and security. With that in mind, this post takes a brief look at key standards in order to give you insights into the security and privacy requirements that may be pertinent to the way your SaaS company engages with prospects and customers and handles sensitive data. (more…)
3 Min Read July 25, 2019
Ensuring Compliance With EU Payment Services Directive (PSD2)
September 14, 2019 is the deadline by which all payment service providers within the European Union must comply with PSD2’s Regulatory Technical Standard (RTS) pertaining to the requirements of the revised Payment Services Directive (PSD2). In this post, we cover some of the main issues related to PSD2’s purpose, how to determine whether it applies to you, and key requirements for compliance and security. (more…)
3 Min Read July 23, 2019
Just Enough Windows Server
— A special Thank You to Jose Bañez, Threat Stack Security Solution Engineer, for editing this blog post.
If you’re like me, you grew up using a Windows PC in school, but eventually made the jump to Macs. In my career, the same shift happened: Initial brushes with corporate IT were Windows-based, but as I got corporate MacBooks, I encountered the Bash shell, remote servers, and all the Linux that comes along with it.
While Linux typically rules the world in terms of servers on the web, Windows Server is still going strong in the back office and in enterprise data centers. A lot has changed since the early days of Windows NT. With the recent introduction of the Threat Stack Agent for Windows Server, I thought it would be helpful to provide a quick overview of how most admins are managing Windows Server in the wild. It’s by no means official, but here’s what I learned. (more…)
4 Min Read July 18, 2019
Stretch Right With Threat Stack Application Security Monitoring
In our last post, we explored how Threat Stack’s Application Security Monitoring embeds security in development processes — without negatively impacting agility or speed of application development and deployment. Empowering developers to proactively address software risk is central to organizations that “stretch left” to build security into their entire software development and deployment lifecycle. But even with the best security awareness, testing, and early problem identification and mitigation, some risk may always sneak by and make it into a running application. (more…)
16 Min Read July 16, 2019
16 Cloud Security Experts Share the Most Costly Security Technology Misconceptions When It Comes to Cloud Migration
More companies are migrating their infrastructure to the cloud to take advantage of benefits like reliability, scalability, and lower costs, but cloud migration remains a complex task requiring careful consideration and planning. (For tips on planning a secure and frictionless migration, download our ebook.) Choosing the right security technology is just one of many considerations, but it’s a critically important one, particularly for organizations in sectors such as healthtech and healthcare. Not only do organizations in these areas need to protect large volumes of sensitive patient and institutional data, but they can also face serious penalties for violating privacy regulations.
When it comes to security, it is often advantageous to choose an integrated platform such as Threat Stack’s Cloud Security Platform® in order to gain visibility across all cloud providers, including hybrid cloud environments, in a single dashboard. Threat Stack also enables full stack security observability, which provides organizations with contextualized information from every part of the cloud throughout the entire software development lifecycle.
To learn more about the most common (and most costly) misconceptions companies have about security technology when considering cloud migration, we reached out to a panel of cloud security experts and asked them to answer this question: (more…)
4 Min Read July 9, 2019
Stretching Left With Threat Stack Application Security Monitoring
Developers have always been overworked. They face a constant flow of feature-focused work from the business and need to balance that with work involving performance, quality and reliability, and technical debt. While DevOps and highly automated CI/CD pipelines have made developers more productive by removing low-value non-development tasks, it has actually made the pressure to deliver even greater. According to the 2018 DORA Accelerate: State of DevOps report, high-performing DevOps teams have 46X more frequent code deploys than low-performing teams. That’s a lot more work for developers — more high-impact work, happily, but more work nonetheless. (more…)