Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Not Ready for Cloud Security? Here Are 5 Things You Can Do in the Meantime

by Travis Wilkins , posted in Cloud Security, Cloud Migration

Not Ready Cloud Security Blog Banner.png

If you are currently running an on-premise or hybrid environment with an eye to eventually making a complete transition to the cloud, you may be feeling a bit overwhelmed by everything that needs to change in order for your security posture to be appropriate for this new environment. In this post, we’re going to explain how you can start where you are, take small but meaningful steps, and still make important progress toward where you want to be — operating securely in the cloud.

Without trying to boil the ocean, here are five key steps you can take to gently kickstart your transition toward a fully secure, all-cloud environment, no matter where you are today.

Read More [fa icon=long-arrow-right"]

Jul 25, 2017 12:29:15 PM

[fa icon="comment"] 0 Comments

5 Principles for Running Securely in a Multi-Cloud Environment

by Travis Wilkins , posted in Cloud Security, AWS, Azure, Google Cloud, Security in Multi-Cloud Environments

Multi-Cloud Blog Banner.png

AWS has long ruled the cloud platform game. But today more and more companies are branching out and using additional providers as well. Often this isn’t a matter of replacing one with another, but of different business requirements (such as managing risk and costs) being suited to different cloud vendors. Other factors for using more than one provider center on the fact that vendors work to price their offerings competitively and continually add new features. Additionally, many organizations that run Windows are offered free Azure credits. So why not take advantage and reduce your overall cloud costs?

There’s nothing wrong with running a multi-cloud environment — in fact doing so may be part of a well-crafted strategy  but when you do so, you want to make sure that you are taking appropriate security precautions. In this post, we’ll cover five principles you should strive for when you make the move to a multi-cloud environment. But first, let’s take a look at the major players.

Read More [fa icon=long-arrow-right"]

Jul 18, 2017 10:45:51 AM

[fa icon="comment"] 0 Comments

How Companies Can Provide Security Transparency to Customers and Prospects

by Jim McDonough, VP Inside Sales, Threat Stack , posted in Cloud Security, High Velocity Sales

Security Transparency Blog Banner.png

Leveraging Security in the Sales Process

Security is more than just a good business practice. It also serves as insurance for your customers that security is a top priority. With the right protections in place, you demonstrate that their data will be safe with you, and this can accelerate the sales cycle. But without good security, sales cycles can drag on or even grind to a halt. Of course, you need to start by having the right security technologies, processes, and personnel in place. Then, you need to be able to convey all of this to prospective and current customers.

In this post, we’ll explain what you need to do to guarantee robust security and how you can communicate this to customers and prospects, giving them visibility into your security measures.

Read More [fa icon=long-arrow-right"]

Jun 21, 2017 1:40:59 PM

[fa icon="comment"] 0 Comments

Jun 12, 2017 11:59:08 AM

[fa icon="comment"] 0 Comments

New eBook: Fast-Tracking Compliance in the Cloud

by Michal Ferguson , posted in Cloud Security, Compliance in the Cloud, Cloud Compliance eBook

Fast-Tracking Blog Banner.png

A Guide to Meeting Customer Requirements Now

Has the following happened to you?

A customer or key prospect is demanding that your organization become compliant so you can do business with them. You know what you need to do, but how to do it is the challenge.

Read More [fa icon=long-arrow-right"]

Jun 2, 2017 9:09:10 AM

[fa icon="comment"] 0 Comments

How to Leverage Automation to Make Your Organization Secure by Design

by Michal Ferguson , posted in Cloud Security, AWS Security Best Practices, Automating AWS Security, Security by Design

Secure by Design Webinar Recap Blog Banner.png

Yesterday, we co-hosted a webinar with Amazon’s security strategist, Tim Sandage, and SessionM’s director of technical solutions and operations, Jason LaVoie, to discuss how companies can become secure by design using automation.

With cloud providers like AWS making it easier than ever to get up and running in the cloud, the next item on the agenda for many is how to get security up to speed as well. In yesterday’s webinar, Tim, Jason, and our own senior security engineer, Patrick Cable, offered practical and strategic ways for companies to do just this.

Read More [fa icon=long-arrow-right"]

May 24, 2017 2:27:26 PM

[fa icon="comment"] 0 Comments

5 Key Takeaways From DevOpsDays Austin 2017

by Travis Wilkins , posted in Cloud Security, DevOpsDays Austin 2017

DevOpsDays Austin Recap 2017 Blog Banner.png

Once again Threat Stack was pleased to be a sponsor and a participant at DevOpsDays Austin 2017 on May 4 & 5. Right off the bat it’s clear that this vibrant conference is continuing to expand, with its year over year increase in the number of attendees (650) and sponsors (40). Of particular note: The importance that people in the DevOps space are placing on security is definitely continuing to grow — and I put together five key observations about security, compliance, and the way DevOps teams operate. So without further commentary, here’s what I learned at DevOps Days Austin.

Read More [fa icon=long-arrow-right"]

May 15, 2017 11:11:29 AM

[fa icon="comment"] 0 Comments

Why You Don't Need to Code to Run Secure on AWS

by Megan Rees Ahigian , posted in Cloud Security, AWS Security, AWS Configuration Auditing, AWS Security Best Practices

Code Secure AWS Blog Banner.png

Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.

The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need  to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with  your unique security policy and adapt to changes in your environment as needed.

Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.

Read More [fa icon=long-arrow-right"]

May 9, 2017 10:05:45 AM

[fa icon="comment"] 0 Comments

The Real Implications of The Shared Security Model

by Pete Cheslock , posted in Cloud Security, Shared Responsibility Model

Shared Responsibility Blog Banner.png

Gone are the days when the majority of businesses could point to the cloud warily and say, “I think my data’s safer on-prem.” Organizations today are far less worried about how secure the cloud is in general, and this change in attitude has sped up cloud adoption to a great degree.

What has led to this more relaxed embrace of the cloud? In part, providers like AWS have gone to great lengths to codify and transparently communicate a Shared Responsibility Model that has expressly defined the scope and boundaries of responsibility. Increasingly, customers recognize that Amazon and its brethren have all-star teams that have a security focus ingrained in them. There’s a certain level of comfort that comes with knowing you are in good, experienced hands.

But, even as the cloud is proven to be quite secure and as confidence in it increases, Security and DevOps teams still have to be vigilant about their own workloads. Organizations have to pick up their end of the shared responsibility bargain — and in some cases, even take it a step further than what is required.

With that in mind, here’s what today’s organizations need to know in order to do that successfully and continue to benefit from all that the cloud has to offer without major security concerns stymying progress.

Read More [fa icon=long-arrow-right"]

May 8, 2017 1:13:52 PM

[fa icon="comment"] 0 Comments

Compliance in the Cloud: Q&A Webinar Recap

by Chris Gervais , posted in Cloud Security, Compliance in the Cloud, Regulatory Compliance Strategy, Compliance Audit

Compliance Webinar Recap Blog Banner.png

On April 25th, I had the pleasure of speaking with Ryan Buckner, Principal at Schellman & Company and Kevin Eberman, Director of Ops at MineralTree during a webinar on compliance in the cloud.

Using the cloud as our lens, we discussed the ways in which companies can better understand and navigate compliance. You can view the entire webinar or read our recap below.

Read More [fa icon=long-arrow-right"]

Apr 26, 2017 3:34:37 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all