The three coworkers sit down at the bar and the bartender asks them what they’ll have. “We’ll take 3 beers,” says the developer, “but before you pour them we need you to settle an argument for us.” The bartender, who was used to such requests smiled and said “Sure, what’s the argument?”

So the sysadmin started it off: “We are having an argument about how we can deliver ‘secure’ applications. Management is pissed and is pushing us for change because we’ve had a high profile data breach recently.” The bartender nodded knowingly as another voice chimed in. “We’ve been arguing…

Paul McCarty — SecureStack Founder & CTO

When we talk to potential customers we always ask questions about their existing cloud infrastructure. We ask which cloud providers they are using and why. When they are using more than one cloud provider we usually ask what are their reasons for having these two, or more, sets of cloud infrastructure. We are really interested to see if there were feature or functionality reasons that made more than one cloud important. Was it pricing or maybe scalability? Did they bring on a CTO or architect after the initial architecture was built out and…

It’s our job to find good security practice and codify it. That’s what we do at SecureStack mostly: automate security into infrastructure. We do this a number of ways. For example, we build hardened operating systems that limit the attack surface of a server, and address a lot of the baked in security issues with default images you get from the cloud providers. We also use tools like WAF, dynamic firewalls, SELinux and others to do the actual securing part. We then audit it all and use centralised real-time logging and aggregation to make sure you can see all your…

Paul McCarty — Founder & CTO of SecureStack

Over the years many people have asked me what I do to secure my workspace and online presence. My process is a combination of using free and paid security tools in a layered approach to make my life safer. In today’s world there will never be ONE security app or practice to make you safer.

So with that in mind I thought I would put together a list for you:

Multi-Factor Authentication: Before you do anything else install a multi-factor authentication (MFA) app on your smart phone if you don’t have one…

SecureStack now offers Microsoft Windows Server images!

Yes you heard that right, we’ve listened to our MSP and enterprise customers who wanted us to publish a SecureStack Windows Base image to round out our noticeably Linux heavy offerings. Now the same security and flexibility they’ve been enjoying with our Linux images is available to them for Windows Server 2016. This includes the same intrusion detection and other security controls they’ve been using to successfully secure their environments. So, Windows Servers will plug right into existing SecureStack Enterprise deployments. …

SecureStack is pleased to announce that we now support Redhat 7! Our SecureStack Base Redhat 7 product is a hardened version of Redhat 7.4 and comes with security tools built right in.

Our Base products plug directly into your SecureStack SIPServer, allowing you to create hardened instances that are talking to your centralized logging and SIEM the second they come into existence. You don’t have to create any automation or build scripts, SecureStack does it for you! …

There’s a new meetup on the Gold Coast and SecureStack is super-mega-stoked to be a sponsor! Gold Coast DevOps group is having its inaugural meetup on March 22nd.

We will be meeting at the Gold Coast Techspace in Mudgeeraba. Address is 57A Railway St. Here’s a map. Things kick off at 6:30pm and pizza will arrive at 7pm. Feel free to bring your friends.

Talks will be on Terraform, Azure, CI/CD on the cheap and more!

You can find more info at the Meetup.com page: https://www.meetup.com/Gold-Coast-DevOps/events/248183206/

Last Friday Australia’s new Mandatory Data Breach Notification law went into effect. Broadly speaking it requires businesses to advertise when they’ve had a data breach that involves personal identifying information. They must let the customers who have been affected as well as the government know, usually within 30 days of a breach.

So, what this means simply is that Australia businesses, as well as global companies that do business here need to have protections in place in the event of a data breach. Moreover, they need to know how to advertise the fact in the event that one happens.

Before…