True or false: Companies born in the cloud naturally understand security.
Young and tech-savvy companies running in the cloud often deal with the same cloud security issues as larger organizations that are moving to the cloud from legacy or on-prem solutions. In fact, the unique requirements of tech companies — like continuous development cycles and cutting-edge, rapidly evolving processes — can sometimes add even more complexity to security. If you fall into this camp, you may find this blog useful. In it, we’ve rounded up some of our best advice so you can learn how to strengthen your cloud security posture and start building out a cloud security strategy starting now, without a big drain on your budget and resources. Read more “5 Cloud Security Tips for Emerging Tech Companies”
As security threats become a bigger part of the day-to-day concerns at all types of organizations, it has become vital to inculcate and promote a “culture of security.” Yes, security is everyone’s responsibility — but it requires a shift in culture for people to begin accepting that responsibility.
Triggering this shift can be harder than it sounds on the surface. Why? Well, for one thing, most people in the organization don’t have their success measured on security. When the marketing team gets a performance review, no one brings up security. When a direct reward or consequence isn’t on the line, it can be more difficult to get people to buy in to their responsibility to help keep the company secure.
That said, it’s not impossible by any means. It just requires focused and sustained effort to change the culture. As with any culture shift, it won’t necessarily be easy or linear, but it is achievable. Here are a few steps you can take to help your team more security-minded. Read more “5 Pieces of Advice for Navigating the Security Culture Shift”
Key Takeaways From the Gartner Security & Risk Management Summit 2017
I just got back from the Gartner Security & Risk Management Summit with three key takeaways that I would like to share. Overall, industry leaders indicate that cybersecurity should be treated as a business function, not as a tax, and to achieve this, we need to base our security approach on:
- An attitude and culture of Risk Acceptance
- A Risk Management Methodology that enables us to detect and manage risk
- Effective alignment with the CEO and BoD by making risk-based decisions focused on business goals
Let’s get into the details. Read more “Risk Acceptance & Business Payout”
Conferences can be an amazing way to connect with like-minded folks and educate yourself on what’s new and trending in your industry. At Threat Stack, we regularly attend and speak at conferences like BSides and DevOpsDays, and it’s been exciting to see a bigger focus on security topics in the DevOps world in recent years. Since we attend so many conferences ourselves, we wanted to offer some helpful advice on how you can keep your devices secure while you’re attending conferences. Read more “How to Stay Secure at Conferences”
You don’t have to look far to see that data breaches are running rampant among healthcare organizations. In 2015, three of the highest-profile cases – Community Health Systems, Anthem and Premera – resulted in the breach of over 96 million personal health records.
Read more “How to Protect Healthcare Data in the Cloud”
As National Cyber Security Awareness month comes to a close, it seems appropriate to reflect on the state of cyber security today. The ugly truth is that the cyber threat environment has never been more volatile. Breaches are commonplace, headlines on data loss and sophisticated hacks bombard us daily and technology continues to progress and move forward, in spite of security concerns and compromise. A huge portion of the general population’s personal data is exposed and, while seemingly everyone is aware there’s a problem, few are willing to take the preventative measures necessary to stop it.
Read more “Observations as Cyber Security Awareness Month Comes to a Close”