How Companies Can Provide Security Transparency to Customers and Prospects

Leveraging Security in the Sales Process

Security is more than just a good business practice. It also serves as insurance for your customers that security is a top priority. With the right protections in place, you demonstrate that their data will be safe with you, and this can accelerate the sales cycle. But without good security, sales cycles can drag on or even grind to a halt. Of course, you need to start by having the right security technologies, processes, and personnel in place. Then, you need to be able to convey all of this to prospective and current customers.

In this post, we’ll explain what you need to do to guarantee robust security and how you can communicate this to customers and prospects, giving them visibility into your security measures. Read more “How Companies Can Provide Security Transparency to Customers and Prospects”

Join Threat Stack at Velocity 2017

BUILDING & MAINTAINING COMPLEX DISTRIBUTED SYSTEMS

According to its organizers, the upcoming O’Reilly Velocity Conference is the “best place on the planet for web ops and systems engineering professionals” to learn from their peers, exchange ideas with experts, and share best practices and lessons learned for handling modern systems and applications.
Read more “Join Threat Stack at Velocity 2017”

How to Leverage Automation to Make Your Organization Secure by Design

Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.

With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this. Read more “How to Leverage Automation to Make Your Organization Secure by Design”

5 Key Takeaways From DevOpsDays Austin 2017

Once again Threat Stack was pleased to be a sponsor and a participant at DevOpsDays Austin 2017 on May 4 & 5. Right off the bat it’s clear that this vibrant conference is continuing to expand, with its year over year increase in the number of attendees (650) and sponsors (40). Of particular note: The importance that people in the DevOps space are placing on security is definitely continuing to grow — and I put together five key observations about security, compliance, and the way DevOps teams operate. So without further commentary, here’s what I learned at DevOps Days Austin.

Read more “5 Key Takeaways From DevOpsDays Austin 2017”

Why You Don’t Need to Code to Run Secure on AWS

Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.

The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need  to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with  your unique security policy and adapt to changes in your environment as needed.

Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.

Read more “Why You Don’t Need to Code to Run Secure on AWS”

The Real Implications of The Shared Security Model

Gone are the days when the majority of businesses could point to the cloud warily and say, “I think my data’s safer on-prem.” Organizations today are far less worried about how secure the cloud is in general, and this change in attitude has sped up cloud adoption to a great degree.

What has led to this more relaxed embrace of the cloud? In part, providers like AWS have gone to great lengths to codify and transparently communicate a Shared Responsibility Model that has expressly defined the scope and boundaries of responsibility. Increasingly, customers recognize that Amazon and its brethren have all-star teams that have a security focus ingrained in them. There’s a certain level of comfort that comes with knowing you are in good, experienced hands.

But, even as the cloud is proven to be quite secure and as confidence in it increases, Security and DevOps teams still have to be vigilant about their own workloads. Organizations have to pick up their end of the shared responsibility bargain — and in some cases, even take it a step further than what is required.

With that in mind, here’s what today’s organizations need to know in order to do that successfully and continue to benefit from all that the cloud has to offer without major security concerns stymying progress. Read more “The Real Implications of The Shared Security Model”

Compliance in the Cloud: Q&A Webinar Recap

On April 25th, I had the pleasure of speaking with Ryan Buckner, Principal at Schellman & Company and Kevin Eberman, Director of Ops at MineralTree during a webinar on compliance in the cloud.

Using the cloud as our lens, we discussed the ways in which companies can better understand and navigate compliance. You can view the entire webinar or read our recap below. Read more “Compliance in the Cloud: Q&A Webinar Recap”

Why Automated Security Threats are Proliferating and How to Fight Back

We’ve written before about the importance of looking inward, rather than out, when it comes to evaluating what types of cyberattacks are the biggest threat to your unique organization. A large part of the attack landscape today includes automated threats. Rarely do we come across handcrafted attacks targeting specific organizations. A far cry from bespoke and laser-targeted, the vast majority of today’s cyberattacks are built for volume and trolling for the weakest point of entry.

So, what exactly are automated security threats and how can you best protect your organization from them? Read more “Why Automated Security Threats are Proliferating and How to Fight Back”

73% of Companies Have Critical AWS Security Misconfigurations

Threat Stack Delivers Wake Up Call

Wide open SSH and infrequent software updates among top risks identified in the majority of cloud-based environments

How effective are your AWS security configurations? And how do you know for sure?

In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. By “critical”, we mean configuration lapses that enable an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies.

If we caught your attention with that opening statistic, please read on. Read more “73% of Companies Have Critical AWS Security Misconfigurations”