How to Create an Effective Cloud Security Alerting Process

The first component of any security program should be an alert system. Alerts are typically the fastest and most effective way to be notified when something goes wrong so you can jump into action. But alerts also have the stigma of being too noisy, throwing out false positives, or requiring a lot of fine tuning to get right. After all, a minor bug in the code that doesn’t affect end users isn’t the type of thing you should be woken up in the middle of the night for.

Read more “How to Create an Effective Cloud Security Alerting Process”

A Guide to Assess Where You Stand With Cloud Security

Cloud security is a sprint and a marathon. A sprint in that security teams must quickly put the right defenses in place to address zero-day attacks and persistent threats in the short term, and a marathon in that an organization’s security posture needs to be regularly evaluated and improved on over the long term to address new and evolving threats and compliance regulations.

Read more “A Guide to Assess Where You Stand With Cloud Security”

How to Get Buy-In for Your Cloud Security Strategy

“All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved.” – Sun Tzu

Ah, team buy-in. It’s often one of the toughest processes to go through! Getting the green light on a new cloud security strategy (including the workflows, tools, and processes that go along with it) can require several layers of definition and validation, and often times, security teams are just too busy to fight the battle and see it through to the end. When it comes to implementing better cloud security practices, however, there is a real risk to delaying — or worse — giving up on your strategy because of a difficult approval process.

Read more “How to Get Buy-In for Your Cloud Security Strategy”

How to Use SOSTAC to Build Your Security Strategy

Some people go to great lengths to find things to disagree about, but I think there’s one thing all of us can agree on: cloud security keeps us on our toes. That’s because the cloud requires a fundamental change in the way we approach security challenges. As the scale and complexity of cloud environments increase, traditional tools and tactics become less and less effective, and security gaps widen. That is, if you don’t have a sound security strategy in place. 

Read more “How to Use SOSTAC to Build Your Security Strategy”

How to Pick a Cloud Security Technology that Works for Everyone at Your Organization

Does the ownership of security within your organization look like a disorganized football scrimmage with no clear offense or defense?

This is often the case since many organizations launch their cloud security programs in response to an acute pain point, such as a security incident or compliance obligation, without an overall strategy in place. Typically, whoever’s role that pain point affects most directly is put in charge of finding a solution to address it.

If your organization has taken this approach, you’re probably dealing with significant confusion around who owns what part of the security process. Chances are you’re also facing resource constraints, challenges and frustrations. And you’re probably hungry for a more organized and defined approach. Don’t worry. We have you covered.

Read more “How to Pick a Cloud Security Technology that Works for Everyone at Your Organization”

Strategy Before Tactics: Getting Your Cloud Security Playbook in Order

The conversations are evolving, the threats are advancing and the strategies are shifting. Cloud adoption has surged forward in recent years, with 93 percent of companies now using cloud technology in some form or another. But far less than that have a proper cloud security strategy in place, and that means they are vulnerable to threats. Here’s where cloud security stands today. Read more “Strategy Before Tactics: Getting Your Cloud Security Playbook in Order”