Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Five Questions to Ask When a Customer or Partner Asks You to Become Compliant

by Kevin Durkin , posted in Regulatory Compliance

Customer Asks Compliant Blog Banner.png

If you operate in a regulated industry, or have customers or partners who do, being compliant is non-negotiable. If regulatory requirements mandate compliance, you’ll be required to produce certain evidence in order to be certifiably compliant. And in order for many customers to do business with you, you need to be able to demonstrate how you’re compliant.

But before you jump right in, there are a few questions you should be asking yourself and your customers or partners. These are designed to clarify their expectations and help to scope out their compliance requirements. Becoming compliant is a large undertaking, so knowing where to start is just as important as knowing where to end. That’s why understanding exactly what your customers or partners require of you can help to narrow the scope and keep your team focused on the right compliance initiatives.

Based on conversations we’ve had with customers, here are five clarifying questions to ask yourselves internally when a customer or prospect inquires about compliance.

Read More [fa icon=long-arrow-right"]

May 5, 2017 10:32:43 AM

[fa icon="comment"] 0 Comments

Working With Threat Stack Sample Compliance Rule Sets

by David M. Weinstein , posted in HIPAA, SOC 2, PCI, Regulatory Compliance, FFIEC, Compliance Rule Sets

Compliance Rule Sets Blog Banner.png

The Threat Stack Cloud Security Platform® is an important tool for companies with cloud compliance initiatives, including HIPAA, PCI, SOC 2, and FFIEC. To help our customers with these initiatives, Threat Stack has released four new example rulesets with monitoring rules that map to each of these compliance frameworks. This post is an introduction to these rule sets, and explains how to:

  • Request the rule sets
  • Use the compliance rule sets
  • Customize compliance rules
  • Create new compliance rules

(If you’re not a customer, this post will give you an excellent insight into one of Threat Stack’s powerful characteristics — the ability to create, clone, and edit rules in order to reflect the specific nature of your environment.)

Read More [fa icon=long-arrow-right"]

Apr 28, 2017 5:00:57 PM

[fa icon="comment"] 0 Comments

Three Good Reasons to Get Compliant Now

by Tim Armstrong , posted in Compliance, Regulatory Compliance, Compliance in the Cloud, Compliance Playbook

Three Reasons Compliance Blog Banner.jpg

When things are hectic at your organization, compliance may not feel like the highest priority. If you aren’t in an industry that absolutely requires compliance, it can feel like a box to check — more of a nice-to-have than a must-do. In other cases, it may seem like a good idea . . . but one that can be kicked down the road indefinitely. However, we believe it’s a good idea to approach compliance early — often earlier than you may think.

Indeed, there are some situations in which compliance can actually move the needle in a big way for your business, either positively or negatively. Here are three specific, value-driven reasons why you should consider being proactive about compliance and get out ahead of it before it’s too late.

Read More [fa icon=long-arrow-right"]

Feb 1, 2017 11:21:24 AM

[fa icon="comment"] 0 Comments

Allocating Resources for a Compliance Audit: A Practical Framework

by Anthony Alves , posted in HIPAA, Regulatory Compliance, Compliance in the Cloud, PCI DSS, Compliance Audit, Resources


When companies prepare to meet compliance, whether it’s PCI DSS, HIPAA, or SOC 2, one thing that can be estimated inaccurately is the stakeholders who need to be involved — who they are, what departments they come from within your organization, what their roles are, what knowledge and skill sets they require, how long they’ll be needed, etc. This post is intended as a practical guide to help you develop a thorough and realistic resource plan for your next compliance audit.

Read More [fa icon=long-arrow-right"]

Oct 6, 2016 1:28:29 PM

[fa icon="comment"] 0 Comments

File Integrity Monitoring and Its Role in Meeting Compliance

by Anthony Alves , posted in HIPAA, Cloud Security, File Integrity Monitoring, Regulatory Compliance, PCI DSS, FIM


When’s the last time someone made an unauthorized change to your system files?

To answer this and other important security questions, as well as to meet many compliance requirements, you first need to have file integrity monitoring. In case you aren’t familiar with the term, file integrity monitoring (sometimes abbreviated to FIM) is the method for knowing exactly when and how your files are being changed at any moment in time. This includes critical system files, configuration files, and content files.

Read More [fa icon=long-arrow-right"]

Sep 27, 2016 11:14:32 AM

[fa icon="comment"] 0 Comments

Budgeting for a Compliance Audit: A Practical Framework

by Anthony Alves , posted in HIPAA, Regulatory Compliance, Compliance in the Cloud, PCI DSS, Compliance Audit


Companies can easily underestimate the investment required to meet compliance. Thinking compliance is a one-and-done activity that you can skate by with minimal spend only sets you up for unpleasant surprises later on. Compliance can be a long, drawn-out process, involving everyone including HR, finance, security, and leadership. So it’s important to look at all the costs up front in order to set aside a realistic budget.

A good way to approach compliance is to treat it like a new product launch. You’ll need a dedicated project team, new technology, a reasonable budget, and more to get it off the ground.

Read More [fa icon=long-arrow-right"]

Sep 21, 2016 3:30:42 PM

[fa icon="comment"] 0 Comments

The Compliance Playbook: How to Build PCI & HIPAA Compliant Businesses in the Cloud

by Anthony Alves , posted in HIPAA, Cloud Security, Regulatory Compliance, Compliance in the Cloud, PCI DSS



The Threat Stack Compliance Playbook for Cloud Infrastructure is now available!

The Compliance Playbook is intended for readers who want to understand what’s involved in becoming compliant in a cloud environment — without getting caught up in the details and complexity that the compliance process is well known for.

Read More [fa icon=long-arrow-right"]

Sep 14, 2016 1:04:41 PM

[fa icon="comment"] 0 Comments

The Importance of Security Monitoring to Achieving Compliance in the Cloud

by Anthony Alves , posted in Security Monitoring, HIPAA, Cloud Security, Compliance, Regulatory Compliance, PCI DSS


Monitoring is the most reliable method of identifying and tracking users who are accessing data on company systems. Whether you’re on the lookout for an unauthorized employee viewing confidential patient data, or a malicious outsider trying to steal cardholder data, monitoring is indispensable to a strong security posture.

As well, monitoring is a requirement for just about every major compliance framework and regulation, from PCI DSS to HIPAA and beyond. For the sake of this post, we’ll be focusing on security monitoring requirements for PCI DSS and HIPAA, two of the most widely applicable regulations today.

Read More [fa icon=long-arrow-right"]

Sep 8, 2016 10:19:01 AM

[fa icon="comment"] 0 Comments

Aug 25, 2016 10:39:03 AM

[fa icon="comment"] 0 Comments

Can You Afford NOT To Be HIPAA Compliant?

by Anthony Alves , posted in HIPAA, Regulatory Compliance, Compliance in the Cloud, Compliance Audit


The Office of Civil Rights (OCR) has been alluding to a large-scale HIPAA audit for quite some time now — and it looks like that threat will soon come to pass.

Read More [fa icon=long-arrow-right"]

Aug 18, 2016 2:30:33 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all