New SaltStack SecOps Products Automate Vulnerability Remediation and Continuous Security Compliance

LEHI, Utah – Nov. 19, 2019 – SaltStack, the creators of intelligent automation for IT operations and security teams, today announced the general availability of SaltStack Protect for automated discovery and remediation of security vulnerabilities across web-scale infrastructure. SaltStack Protect is a new product now available in the SaltStack SecOps family of products and is additive to SaltStack Comply.


Compliance in Serverless - A Protego Use Case

Companies choose to transition to serverless computing for various reasons; two main reasons including faster time-to-market and reduced infrastructure costs. However, their serverless security requirements differ based on a myriad of factors. One of those factors is compliance. Today we highlight compliance in serverless, with a compliance-driven client. We will showcase their security driver and challenges, their chosen solution, and ultimately, results.


Sox Management Review Controls

The Sarbanes-Oxley Act of 2002 (SOX) designates management review controls (MRCs) as one of the required internal controls. MRCs are the reviews of key financial information conducted by a company’s management to assess its reasonableness and accuracy. They are a key aspect of a public company’s internal control over financial reporting (ICFR).


Audit Log: Feature Guide for Security and Compliance

In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.

Why You Should Create Meaningful Compliance KPIs

In an era where the breach of internal corporate ethics and external policies is becoming common, businesses need to implement robust compliance management systems for their own good. The cost of non-compliance is high; from lost data to regulatory fines. To ensure your company is compliant with regulatory rules and standards, it is critical to set relevant Key Performance Indicators (KPIs). Having meaningful KPIs is vital to corporate compliance.

How to Make Your Business HIPAA Compliant

Ensuring that your health industry business complies with the Health Insurance Portability and Accountability Act or HIPAA is often considered a costly burden and another red-tape requirement. A majority (69%) of businesses view compliance as the cost driver for setting up compliance programs. But a similar number of companies (64%) note that HIPAA is a very effective method to keep health data safe. It is a crucial step to take to protect both your clients and your company from data breaches and.additionally from non-compliance fines if a breach occurs.
blue medora

Compliance in A Code Driven Infrastructure

Blue Medora has recently completed a SOC 2 Type 1 audit by Plante Moran! Anyone who has been through a SOC 2 audit, or any other compliance regimen (SOX, HIPAA, PCI, etc.) knows that it can be strenuous to ensure you have all your processes and procedures documented, as well as proving out that you follow those procedures. To my surprise, some of our modern deployment processes made this process easier than expected!


6 Common Compliance Conundrums to Know About

Cyber security assessment initiatives and frameworks abound in the US government, the most important being the Federal Information Systems Management Act (FISMA), passed in 2002. The law’s broad scope included a mandate to the US National Institute of Standards and Technology (NIST), charging it to create methods and standards to assess and optimize the cybersecurity posture of US government agencies.


Cyber Security + Compliance Controls: What Does It All Mean, Rick?

Throughout my career, I have worked with hundreds of organizations. Regardless of the vertical or size of the organization, I have found that many executives and security professionals feel like the interviewer in the Rickie Fowler commercial when it comes to their organization’s digital security. They don’t know where to start, for instance, nor are they aware of where and how today’s ever-evolving risks and threats affect the respective organization.

On-Prem or Cloud? A Decision in Light of Security and Compliance

When an organization is ready to deploy a new solution, or build a new system, there is often a continuing discussion about the relative merits of using the cloud versus deploying on-premises. While there are a number of aspects that play into this decision, it is not always clear which is the better solution for security and compliance. Typically, deployment issues are not clear because security and compliance solutions quickly change when you are using shared vs. dedicated environments.