Whose Fault is That? How NOT to Be a Cloud Security Statistic

Gartner predicts that 95% of cloud security failures from now until 2020 will be the customer’s fault. That means when something goes wrong, it’s probably not AWS or Azure’s fault. Chances are, you have to point the finger at your organization.

Or — better yet — you could take the necessary and proactive steps to minimize the likelihood that you’ll become one of the cloud security failures. The good news is that it’s pretty easy to find out what you need to do. Below we’ll outline the steps to make sure that you stay out of the headlines and out of the statistics. Read more “Whose Fault is That? How NOT to Be a Cloud Security Statistic”

How to Prioritize Security Tasks When You Have Limited Resources

Many organizations have limited resources (time, personnel, and money) for IT, and oftentimes only a small portion of that is devoted to security. Given the limited resources available to create and execute a best practice security plan, you will need to face up to these constraints and prioritize security tasks.

But how, exactly, should you go about strategically prioritizing your security needs? How can you determine which aspects need to be addressed first and which can be dealt with later? After all, aren’t they all important? Read more “How to Prioritize Security Tasks When You Have Limited Resources”

IoT Meets Continuous Security Monitoring at Ayla Networks

Ayla Networks is an Internet of Things (IoT) cloud platform-as-a-service (PaaS) company that enables manufacturers to build connected products. With more than 75 customers worldwide, many of whom are Fortune 1000 companies, Ayla knows that delivering a fast and secure platform is vital to our business. As a security-conscious company running completely in the cloud, we take a cloud-native approach to security and compliance. In this post, I’ll explain why we chose this approach and how we are implementing it today. Read more “IoT Meets Continuous Security Monitoring at Ayla Networks”

“The Call is Coming from Inside the House” Insider Threats Pose Major Security Concerns for Enterprise

Security is a major concern and potential road block for companies starting up in the cloud or considering a move into the cloud. Incidents such as the most recent high-profile attack on “online cheating site” Ashley Madison do little to assuage those fears as companies must consider how to best protect themselves from external and insider threats

Read more ““The Call is Coming from Inside the House” Insider Threats Pose Major Security Concerns for Enterprise”

Iron Clad DevOps Security for your EC2 Environments: Webinar with GigaOM

Join Threat Stack’s Director of Ops & Support, Pete Cheslock, as he discusses the security needs of modern, DevOps-managed infrastructures with Greg Ferro, Independent Analyst, and Matt Sarrel, Executive Director of Sarrel Group, in next week’s GigaOM webinar. 

With the lack of sophisticated security features in public cloud infrastructure environments like AWS, it’s critical for DevOps teams to implement audit trails in order to adhere to compliance and regulation mandates. Continuous security monitoring is the answer and on February 11th, Pete, Greg and Matt will be discussing the importance of having this new level of visibility into an entire EC2 attack surface. 

Read more “Iron Clad DevOps Security for your EC2 Environments: Webinar with GigaOM”

SaaS Platform Runs a Tight Ship Using Threat Stack’s Cloud Security Monitoring

Case Study: Populi Runs a Tight Ship Using Threat Stack’s Complete Cloud Security Monitoring


Populi provides a SaaS-based college management platform, allowing people, academics, admissions, billing, scheduling, and communications to work together seamlessly in the cloud. A customer and security-focused company, Populi cares deeply about what customer data their tools and systems are transmitting. They know what’s at stake and provide to users everything from encrypted logins to PCI-compliant technology and daily backups.


While Populi has many enterprise-grade security practices in place, they were still not confident that every aspect of their environment was being properly monitored. Populi had a network IDS in place but did not have complete visibility into the activity on their growing number of hosted systems. James Hill, CTO of Populi, needed the peace of mind that he could view everything from server logins to logged in activity so he could be alerted as soon as possible about any potential malicious activity.

In addition, it is important that they always meet and exceed PCI requirements since they work with highly confidential information. “Anyone who is responsible should go beyond regulations to protect customer data,” Hill explained. To do this, they needed to move their logs off site to a centralized location. This all led him to Threat Stack’s flagship product, Cloud Sight.


“I selected Cloud Sight because it allows me to centrally monitor the security of our systems and reassures me that no one has been on our servers since the last time my team and I logged in,” said Hill. “Cloud Sight does everything I need; it acts as a ‘burglar alarm’, alerting me when anything suspicious happens.”

In addition, they now have centralized off-server logs available indefinitely on Cloud Sight, exceeding their compliance regulations.


Now, Hill and his team can confidently say that they have a proactive security posture across their entire environment. Especially after the Heartbleed Bug was announced, he was glad to have Cloud Sight in place. “Getting Cloud Sight allowed us to stop maintaining individual packages on individual boxes and aggregate ourselves,” said Hill. While Cloud Sight monitors their systems 24/7, the Populi team is able to focus on the core of their business and sleep easier at night.

Populi is also even better positioned to protect their client data from any incident small or large, as they are now exceedingly compliant to PCI, HIPAA, and FERPA regulations.

Since installing Cloud Sight by Threat Stack, Populi:

  • Rests assured that they have the right heterogeneous cloud security monitoring in place
  • Exceeds PCI, HIPAA, and FERPA regulations to protect client data
  • Can fix potential security issues before anyone else can try to capitalize on a vulnerability

Unlike traditional providers, Cloud Sight is built for heterogeneous cloud environments and instantly provisions new instances, alleviating resources so that Populi can instead focus on the core of their business.

Threat Stack offers Cloud Sight worldwide on subscription and consumption-based cloud appropriate pricing models with an easy self-service account set up. If you are interested in deploying Cloud Sight’s security monitoring solution for your business, visit http://threatstack.com or contact us today at [email protected].

Cloud Security Is Always Your Responsibility

Too many times we hear and read about how insecure the cloud is or worse — that the cloud is already secure because IaaS providers have security groups and protection capabilities. These ideologies are all too common and far too wrong. By using outsourced cloud infrastructure, you are only outsourcing your infrastructure, not your security. Security is always your responsibility.  

Read more “Cloud Security Is Always Your Responsibility”