5 Tips for Managing Security for APIs

Creating APIs for your SaaS products provides invaluable benefits to your customers, allowing developers to plug into your resources and bring their products to market more quickly and efficiently than ever before. An API also allows you to integrate easily with other SaaS organizations, expanding your range of functionality to offer customers new features, increase your inherent value as a provider, and gain a competitive edge in the marketplace.

As with most beneficial technology, however, APIs are not without their risks. Exposing your APIs can leave you vulnerable to theft of API keys, a fairly easy way for cybercriminals to carry out denial of service attacks if you haven’t implemented the right security measures. These attacks overwhelm your server with data requests, crippling the availability of your product, and even costing you money, should the attackers demand a ransom.

At Threat Stack, we recently released Version 2 of our REST API, which serves as a way for customers to connect to our organization and extract critical information around security concerns in their environments. With Version 2, we have incorporated updates to meet industry best practices and to better protect ourselves and our customers’ data. Drawing on this experience, we have outlined below the ways in which you as a SaaS company can better manage security for your own APIs. Read more “5 Tips for Managing Security for APIs”

Three Unique Things About DevOpsDays Austin 2018

I’ve always found DevOpsDays to be some of the best gatherings for practitioners — the people in the trenches every day. I’m a regular at these events and consistently learn a ton from my peers — it’s some of the best DevOps training you can get! And I often get the chance to talk about some of my own experiences as well. At the April DevOpsDays in Denver, I had the opportunity to share some advice on integrating security into DevOps.

The upcoming Austin summit promises to switch up the format a bit, focusing more on interactions between practitioners and less on preselected talks. Ernest Mueller has a great post about the organizers’ motivations for changing the format and what to expect, but here are the three things I’m most excited about. Read more “Three Unique Things About DevOpsDays Austin 2018”

3 Security Best Practices We Used to Build a Strong Foundation at Threat Stack

As a security company, Threat Stack prioritized the implementation of security best practices from day one. To share our experience, this post focuses on three basic best practices our engineering team implemented when we first started out. They’re quick to set up and can produce measurable improvements right out of the gate — and for that reason, we believe they’re table stakes for anyone building a technology business in the cloud. Read more “3 Security Best Practices We Used to Build a Strong Foundation at Threat Stack”

How Sigstr Built Customer Trust with Threat Stack and AWS Security

Recently, I had a great conversation with Sam Smith, the Chief Architect for Sigstr, a fast-growing SaaS platform for email signature marketing. Sigstr’s infrastructure is hosted and managed on AWS and secured by Threat Stack. Every day, Sigstr consumes and processes employee contact information from HRIS systems, customer information from marketing automation platforms, and email behavior data — which makes cloud security and data privacy key concerns for both Sigstr and its customers.

Sam’s team is a great model of how to make security a top business differentiator and sales driver. Since many of Sigstr’s customers are enterprise companies with significant risk concerns, the team has consistently been responsive to questions such as:

  • How does Sigstr access, store, and protect data?
  • How is the application’s infrastructure monitored and secured?
  • Had Sigstr undergone SOC 2 compliance or ISO 27001 compliance audits?
  • How could Sigstr help them meet GDPR requirements?

During the webinar, he shared information on how the startup managed to be so responsive to its customers’ security needs, while still maintaining a rapid pace of growth. Read more “How Sigstr Built Customer Trust with Threat Stack and AWS Security”

Highlights From RSA Conference 2018

Approximately 50,000 attendees descended on San Francisco’s Moscone Center April 16–20 for RSA Conference 2018. With cyberthreats on the upswing, this year’s theme of “Now Matters” was especially apt, and a wide range of keynotes, sessions, and courses covering cybersecurity today didn’t disappoint. In this post, we’ll recap some of the highlights in a day-by-day rundown of the most interesting sessions, keynotes, and events. Whether you were able to attend or not, we want to share some of the great resources and information that came out of the conference. Read more “Highlights From RSA Conference 2018”

How to Use Alerts to Become More Proactive About Security

We all understand the importance of being proactive about our health. Rather than waiting for symptoms of disease to land us in the ER, we eat healthy, exercise, and see our doctors annually (or at least we know we should!). So why do so many organizations fail to understand the importance of taking a proactive approach to security?

While many companies today are stuck in a mode where they’re continually reacting to alerts, true security maturity means using actionable alerts to proactively become more effective and to reduce risk over time. In this post, we’ll discuss how you can take a more proactive approach to alerting in order to strengthen your overall cloud security posture.

Read more “How to Use Alerts to Become More Proactive About Security”

Understanding Cryptojacking — Why It Matters to You and How to Defend Against It

Security researchers have recently uncovered several high profile cases of cryptojacking involving companies like Tesla and the LA Times. In these incidents, cryptocurrency “miners” illegally gained access to an organization’s public cloud services and exploited their computing power to generate more digital coins.

In this blog post, we’ll give you a basic primer on what cryptomining is, how it’s typically done, and how to avoid unintentionally exposing your company to cryptojackers. Read more “Understanding Cryptojacking — Why It Matters to You and How to Defend Against It”

Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)

With the challenges presented by today’s cloud security landscape, organizations with limited time and resources are taking a variety of approaches in their attempts to incorporate security into their operations practices. Some approaches work better than others, but none provide the silver-bullet solution that some organizations seek. Below, we’ll explore three popular strategies that sound promising but prove to be problematic — and we’ll propose a better way going forward. Read more “Three Mistakes Teams Make in Operationalizing Security (and a Better Alternative)”

8 SecOps-Related Sessions You Don’t Want to Miss at RSA Conference 2018

As you likely know, RSA Conference is one of the largest and most comprehensive security events held each year. Choosing which sessions to attend and how to prioritize your time can be a big job.

At Threat Stack, we have SecOps on our minds big-time, so in this post we put together a list of related sessions that we think are absolutely can’t-miss.

Before you start reading, however, make a note to join us at Booth #S2504 to meet with one of our experts for tips on how to Secure the Strange Things Happening in Your Cloud! Read more “8 SecOps-Related Sessions You Don’t Want to Miss at RSA Conference 2018”