eBooks & Reports

Threat-Stack-Security-Compliance-Quick-Reference

Issue link: https://resources.threatstack.com/i/933936

Contents of this Issue

Navigation

Page 2 of 2

55 Summer Street, Boston, MA 02110 1+ 617 337 4270 threatstack.com COPYRIGHT © 2018 THREAT STACK, INC. / QR-SAASSECURITY-2018 F O R M O R E I N F O R M AT I O N Threat Stack can help you address the latest security threats and compliance standards. Request a demo today or visit us at threatstack.com. 4 YO U G E T A S K E D How do we ensure that our S3 buckets are not open to the world? S3 Buckets H O W T H R E AT S TA C K C A N H E L P • Threat Stack integrates directly with your AWS profiles and audits the configura ons of RDS, S3, IAM, EC2, and CloudTrail. • While S3 has been the focus of media a en on recently, it is important to ensure that all of these five cri cal services are properly configured. T H E R E A L I T Y S3 buckets are extremely easy to configure, but major breaches due to misconfigura ons are con nuing to make headlines. With 73% of AWS users having cri cal misconfigura ons, that is not surprising. R E C O M M E N D E D A C T I O N As with any AWS service, ensure that proper security measures are put in place when an S3 bucket is created and that you are adhering to CIS Benchmarks and AWS Best Prac ces. 5 YO U G E T A S K E D Do we need to be SOC 2 compliant, and if so, how do we achieve it? SOC 2 Compliance H O W T H R E AT S TA C K C A N H E L P • With con nuous infrastructure monitoring and SOC 2-specific rulesets, Threat Stack ensures that you are always informed about ac vity in the infrastructure having to do with SOC 2. • Automated compliance reports are delivered each day so you can review any ac vity having to do with SOC 2. T H E R E A L I T Y SOC 2 is specifically designed for service providers storing customer data in the cloud, and is an important part of your security a esta on toolkit. Being SOC 2 compliant shows prospects and customers that you take security, availability, process integrity, confiden ality, and privacy seriously. R E C O M M E N D E D A C T I O N • Work with a third-party auditor to perform a gap analysis to understand where your processes are vs. where you want them to be. • Automate processes so compliance is easier for you and your team. By automa ng these processes, you're not only becoming compliant but are also making security part of your everyday workflows and opera ons.

Articles in this issue

Links on this page

view archives of eBooks & Reports - Threat-Stack-Security-Compliance-Quick-Reference