The Nightfall blog is a knowledgebase for cybersecurity professionals with news and insights from the world of cloud security. Each week, we’re publishing new content to help you stay up-to-date on cybersecurity topics and to prepare you for the issues and threats that occur every day on the job.
A lot of exciting stories were published this past month. The Nightfall Platform is introducing three powerful remediation features, including the ability to see exactly where a sensitive finding lives within files and documents like spreadsheets. We've also updated our very popular Security Playbook for Remote-first Orgs for 2022. If you haven't already reviewed it, you can take a look at here to get ideas on how to approach tailoring your security program for the world of remote work. We've written a detailed post on what security playbooks and runbooks are and why you might find them valuable.
For anyone looking for compliance refreshers, you'll find primers on some of the most important compliance frameworks or regimes you might encounter like the GLBA (Gramm-Leach-Bliley Act) as well as NIST CSF and ISO 27001. Also read how Carnelian Assisted Living's small but agile team remains HIPAA-compliant on Slack with Nightfall, and how unstructured data as well as data exfiltration continue to be challenges in industries like healthcare.
Finally, if you haven't already heard it, take a listen to last month's episode of our podcast CISO Insider, featuring Lisa Hall, Former CISO of PagerDuty.
Nightfall Introduces 3 Powerful Remediation Features to Enhance Security Teams’ Efficiency
Our team has been hard at work making continuous improvements to the Nightfall DLP platform. Three new features: content redaction in Slack, contextual snippets for sensitive findings, and custom messages for end-user notifications, will make it easier to not only find and remove sensitive information within your cloud apps, but automate workflows and educate users about policy.
Carnelian Assisted Living implements HIPAA-compliant DLP in Slack with Nightfall
HIPAA compliance doesn't have to be expensive. Read our newest case study to see how Nightfall provides cost-effective Slack data security for the team at Carnelian Assisted Living, allowing them to remain compliant and agile while delivering quality patient care.
The Security Playbook for Remote-first Organizations
Organizations are still feeling the impacts of 2020's sudden shift to remote work. While not every organization needs to remain fully remote today, optimizing one's security program for the complexities of remote work may still be a good idea in order to help mature your org.
Read our Security Playbook for Remote-first Organizations, now refreshed for 2022, for some insights on how to tackle some of the largest challenges of securing companies remotely.
CISO Insider S3E2 – Driving diversity in infosec with Lisa Hall
PagerDuty Head of Information Security Lisa Hall joins us on CISO Insider for an in-depth discussion on what diversity in the infosec industry really looks like — not just hiring to meet DEI quotas, but fostering differences to build strengths across the board. Diversity in thought and background among her staff is a success factor for Lisa’s team, and it leads to greater diversity in the work they do at PagerDuty.
What is a Security Playbook and How Can it Benefit Your Security Program?
In a sea of constant change, security practitioners require some form of shelter. While security frameworks and policies can serve this role during normal operation, practitioners are best served by having documentation and processes in place that help them respond to security incidents. This has become increasingly important as the world of remote work has changed the types of risks organizations face, requiring processes to be evaluated and perhaps an entire encyclopedia’s worth of edits to existing documentation.
Read about the basics of what a security playbook is, how it can improve your security program, and how it differs from the concept of a security runbook.
Understanding The Gramm-Leach-Bliley Act (GLBA) Privacy Rule
The Gramm-Leach-Bliley Act, known as the GLBA, was passed in 1999 with the expressed goal of updating and modernizing the financial industry. Today, it’s primarily used to protect customer and consumer information, with steep penalties for financial institutions that violate its privacy rules. Here’s what you need to know about the GLBA and its regulations.
NIST vs ISO Compliance: What’s the Difference?
As businesses and health organizations seek to strengthen cybersecurity, they’re turning frequently to compliance frameworks to help prioritize, guide, and improve decision-making and implementation. Two of the more popular compliance frameworks are the NIST CSF and the ISO 27001.
For IT teams seeking to better understand the difference between these frameworks, as well as which is the ideal tool for their business, we've complied the most important differences you'll need to understand.
What is Data Exfiltration?
Data exfiltration is a broad term, which is one of the reasons why this issue is so difficult to pinpoint and prevent. Read our primer on what data exfiltration is, when it happens and how to address it.
What is Unstructured Data?
In industries like healthcare, unstructured data could make up upward of 80% of an organizations data. Finding and protecting this data can be a massive undertaking and a critical first-step towards compliance. Read to learn more about what unstructured data is and how you can leverage solutions like Nightfall to find and secure it.