Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Assessing the State of the Shared Responsibility Model

by Michal Ferguson , posted in Shared Responsibility Model, AWS Shared Responsibility Model, Azure Shared Responsibility Model

Assessing Shared Responsibility Model Blog Banner.png

We hear (and at Threat Stack, we write) a lot about the shared security responsibility model. This is the idea that, when it comes to the cloud, businesses are responsible for the security of their data and applications in the cloud, while providers are responsible for the security of the cloud infrastructure.

But are companies prepared to take responsibility for their end of the bargain? How far do we still have to go to reach the promised land of a successfully shared responsibility model? Below, we’ll explore where we stand today and what it will take to reach that holy grail.

Read More [fa icon=long-arrow-right"]

May 23, 2017 9:42:32 AM

[fa icon="comment"] 0 Comments

The Real Implications of The Shared Security Model

by Pete Cheslock , posted in Cloud Security, Shared Responsibility Model

Shared Responsibility Blog Banner.png

Gone are the days when the majority of businesses could point to the cloud warily and say, “I think my data’s safer on-prem.” Organizations today are far less worried about how secure the cloud is in general, and this change in attitude has sped up cloud adoption to a great degree.

What has led to this more relaxed embrace of the cloud? In part, providers like AWS have gone to great lengths to codify and transparently communicate a Shared Responsibility Model that has expressly defined the scope and boundaries of responsibility. Increasingly, customers recognize that Amazon and its brethren have all-star teams that have a security focus ingrained in them. There’s a certain level of comfort that comes with knowing you are in good, experienced hands.

But, even as the cloud is proven to be quite secure and as confidence in it increases, Security and DevOps teams still have to be vigilant about their own workloads. Organizations have to pick up their end of the shared responsibility bargain — and in some cases, even take it a step further than what is required.

With that in mind, here’s what today’s organizations need to know in order to do that successfully and continue to benefit from all that the cloud has to offer without major security concerns stymying progress.

Read More [fa icon=long-arrow-right"]

May 8, 2017 1:13:52 PM

[fa icon="comment"] 0 Comments

How to Stay Secure on Slack

by Pete Cheslock , posted in Cloud Security, Shared Responsibility Model, Slack

How to Stay Secure on Slack Blog Banner.png

If you’re already on the Slack bandwagon, then you probably have experienced first-hand how it can make communications between teams far simpler and more streamlined. With 1.7 million daily active users, it’s clear Slack has come to dominate the team chat world, especially in tech and tech-savvy industries.

From a security perspective, Slack has done a solid job of keeping its assets on lock. In 2016, they scored Geoff Belknap from Palantir to become chief security officer. And they have been pretty transparent about their approach to security. They have dedicated a whole section of their website to it and published interviews with Belknap and others that delve into Slack’s precautions and philosophy around security. Belknap says, “My job is to worry. Professionally. So that our customers don’t have to.” We love that attitude!

The company has also gone to the trouble of certifying many of its products to meet stringent compliance regulations like FINRA, HIPAA, and SOC 2 and 3, which makes it a no-brainer for small teams and enterprises alike.

So, we feel that it’s perfectly possible for companies of all shapes and sizes to lean on Slack for team chat and ops without worrying too much about security. But, we also believe in the shared responsibility model when it comes to any form of online security. No one’s perfect, and Slack’s ubiquity and popularity mean that it will always be a target for cybercriminals looking to steal information.

There’s no need to run scared, but you do need to be smart about how you use this valuable tool. Here are our tips for running Slack securely at your organization.

Read More [fa icon=long-arrow-right"]

Feb 27, 2017 2:27:41 PM

[fa icon="comment"] 0 Comments

The Impact of the Cloud's Shared Responsibility Model on Compliance

by Anthony Alves , posted in HIPAA, Compliance, AWS, Shared Responsibility Model, Compliance in the Cloud, PCI DSS


Amazon Web Services (AWS) has pioneered the Shared Responsibility Model in the cloud. Basically, this model outlines how cloud service providers and consumers of these cloud-based services should share responsibilities when it comes to ensuring security in the cloud. AWS and other cloud service providers (CSPs) are responsible for ensuring that cloud infrastructure is secure. Meanwhile, companies (those using the cloud services) are responsible for their data, networks, applications, and operating systems — anything they own that lives in the cloud.

Read More [fa icon=long-arrow-right"]

Sep 1, 2016 12:48:59 PM

[fa icon="comment"] 0 Comments

Dec 24, 2015 8:00:00 AM

[fa icon="comment"] 0 Comments

Trust the cloud, they said. It’ll be safe, they said.

by Brian Ahern , posted in Shared Responsibility Model, Cloud, CIA, Arlette Hart, Government, CSP, Government Security, FBI,


Speaking recently in a Google webcast, U.S. CIO Tony Scott declared major cloud providers like Google, Amazon or Microsoft just as secure as the world’s largest financial institutions. He even implied that there’s no safer place to store data than in the cloud.

Read More [fa icon=long-arrow-right"]

Nov 25, 2015 10:52:15 AM

[fa icon="comment"] 0 Comments

What All DevOps Teams Should Know About The AWS Shared Responsibility Model

by Sam Bisbee , posted in AWS Security, Security in the cloud, Shared Responsibility Model


Keeping your cloud workloads secure, compliant, and protected while moving at the speed of DevOps is no easy task. Our team at Threat Stack knows this truth very well. There are many different viewpoints on the best approach to take to keep your customer data and systems protected in the cloud, and it all starts with understanding where your cloud provider’s responsibility for security ends and where yours begins. Let’s use AWS as an example throughout this post as they have a Shared Responsibility Model that demonstrates this well.

Read More [fa icon=long-arrow-right"]

Jun 10, 2015 2:06:51 PM

[fa icon="comment"] 0 Comments

Subscribe via email:

Posts by Topic

see all