GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps

Introduction

— by Pat Cable, Senior Infrastructure Security Engineer, Threat Stack

From time to time Threat Stack invites industry experts to share our blog space, and in today’s post, Chris Lippert, Privacy Technical Lead at Schellman & Company, LLC., takes a look at the General Data Protection Regulation (GDPR), a topic that is on everyone’s mind, whether they’re prepared for it or not.

In this post, Chris explores what’s unique about the GDPR, how it overlaps with existing frameworks including ISO/IEC 27000, NIST, and PCI, and points to how you can leverage your current controls to meet many of the security considerations for personal data under Article 32, as well as other requirements of the GDPR, such as data protection policies or vendor management.

Without further ado, here are Chris’ insights into GDPR. Read more “GDPR vs. Existing Frameworks: Overlaps, Differences, and Filling the Gaps”

How We Integrated Rust Into Threat Stack’s Operations Workflow


Note: The following post is related to Sensu, a monitoring tool for internal infrastructure health and alerting. If you use Sensu (https://sensuapp.org/) for internal monitoring of your own infrastructure health, this could be useful for you. However, this tool does not integrate with Threat Stack services and is not intended or supported for any such use case. It is a tool that we use internally, and we have released this with the intention that it may be helpful to the wider open source community.


Tooling is an integral part of operations at Threat Stack. On the Operations team, our job is to enable both ourselves and the Development team to work more effectively. When I started at Threat Stack almost a year ago, my role primarily centered on improving our tooling to create more granular control over our environment. My first project was creating “shush,” an operations tool for temporarily silencing monitoring checks in Sensu during maintenance. Up to that point, we had had less granularity in our check silencing capabilities for routine maintenance. While we could silence groups of checks and checks coming from a particular node, we were not able to silence single checks or a subset of checks on these hosts. After we discussed the requirements for this tool, I ultimately suggested that it be written in Rust.

In this post I describe our experience integrating Rust and also cover the benefits of using Rust in an operations workflow both technically and from a human factors perspective. Read more “How We Integrated Rust Into Threat Stack’s Operations Workflow”

5 Things Your SaaS Company Should Know About GDPR

The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, and despite being a European Union regulation, its effects are far reaching, as we’ll explain below. Regardless of where a company is based, it is subject to GDPR if it collects “personal data” from a person physically located in an EU country, provided the collection relates to offering goods or services or monitoring their behavior. Thus virtually any website that collects data would be subject to GDPR. Many SaaS organizations may feel overwhelmed by these new regulations or unsure of how they will (or won’t) apply to them.

Despite the flood of information that’s been published about the new regulation, many SaaS companies are still unclear about what GDPR means for them, so in this post, we have provided a brief definition of the GDPR followed by five key points you should be aware of. Read more “5 Things Your SaaS Company Should Know About GDPR”

Threat Stack Takes Home Gold in the 2018 Cybersecurity Excellence Awards

The Winter Olympics haven’t even started, but Threat Stack has already taken home two Golds and a Bronze in the 2018 Cybersecurity Excellence Awards.

The Awards, which were announced yesterday, honored Threat Stack with:

  • Gold for Intrusion Detection & Prevention
  • Gold for Insider Threat Detection
  • Bronze for Best Cybersecurity Startup

Read more “Threat Stack Takes Home Gold in the 2018 Cybersecurity Excellence Awards”

How a Cloud Security Company Runs Its Security Council

At Threat Stack, we believe in building a security culture that starts at the top and functions as a cross-organizational discipline. Achieving this goal requires education and transparency among business partners. That’s why we at Threat Stack have built our own internal security council, which meets regularly and reviews issues that are relevant and timely for our organization. Read more “How a Cloud Security Company Runs Its Security Council”

The Costs of Open Source & Point Solutions for SaaS Security

As a SaaS company, your time and resources are valuable. You need to make solid, strategic decisions about where to focus your time and energy. You also need to ensure that your organization is secure and compliant in the ways that matter to you and to your customers.

When it comes to security tools, there are a few options:

  • Build your own
  • Buy a bunch of point solutions
  • Use open source security tools
  • Invest in a security platform

Read more “The Costs of Open Source & Point Solutions for SaaS Security”

How to Answer Tough Board-Level Security & Compliance Questions in 2018

GDPR. Meltdown. Spectre. SOC 2. Coming at you like mosquitos on a hot summer night, these topics are of top concern for board members and security teams alike this year. But what do you do when these issues really aren’t of concern to your particular organization? And how can you put your board and executive team at ease when these issues hit the news?

Our CSO Sam Bisbee spoke about ways to handle and prepare for each of these hot ticket questions in yesterday’s webinar. You can view the entire webinar or read our recap below so you can begin preparing today. Read more “How to Answer Tough Board-Level Security & Compliance Questions in 2018”

Upcoming Webinar: “5 Security & Compliance Questions Your SaaS Business Should be Prepared to Answer in 2018”

Live January 30 at 1:00 p.m. EST (10:00 a.m. PST)

Click here to register.

Today’s headlines are full of dire news about the latest cybersecurity threats, and without fail, these blur the lines between hype and reality.

As a security, technology, or product leader, you need to separate fact from fiction so you can give your stakeholders an accurate picture of the security and compliance issues your company is facing along with a realistic plan for how you intend to manage them. Read more “Upcoming Webinar: “5 Security & Compliance Questions Your SaaS Business Should be Prepared to Answer in 2018””

How SaaS Companies Can Build a Compliance Roadmap for 2018

As a SaaS company, compliance is probably the last thing you want to think about as you kick off the new year. It can be complicated, but meeting compliance requirements can also open up new markets, speed up your sales process, and improve your company’s overall security posture. When it comes to improving your security maturity, compliance can serve as a useful part of your strategy.

Entering new markets, whether you’re targeting specific industry verticals or going after international customers, requires continuous education and awareness about the latest in compliance and regulatory standards as they relate to data privacy and security. With that in mind, this post takes a brief look at key standards in order to give you insights into the security and privacy requirements that may be pertinent to the way your SaaS company engages with prospects and customers and handles sensitive data. Read more “How SaaS Companies Can Build a Compliance Roadmap for 2018”