Whether an organisation is large or small, early adopters or recent cloud migrants, Kroll knows how unique and ever-changing complexities can play out across a wide range of industries. With more than 3,000 incident investigations and 53,000 hours of security assessments completed every year across Singapore, Hong Kong, Asia and the world, our experienced team delivers practical guidance to help clients grow securely and profitably.
Kroll’s experts have a deep understanding of cloud environments and the process for securing diverse cloud deployments. With unrivaled experience and expertise from handling thousands of cloud security incidents, our primary objectives are to reduce accidental data exposures and prevent unauthorised access to a client’s cloud environment.
Our cloud security assessments combine established security standards with customised metrics designed for a specific organisation’s cloud architecture and unique risk tolerance. As a baseline, our seasoned experts will examine the following key areas of any cloud environment:
Identifies material gaps or significant shortcomings in a client’s email security defenses. Check out this M365 business email compromise case study.
Focuses on Workspace configuration for email, drives and content compliance, policies for phishing prevention, workstation defenses and end-user awareness.
Reviewing AWS security groups, identity and access management (IAM), access control lists, relational databases, EC2 instance lifecycles and more.
Uncovers potential gaps in configuration and document storage in addition to IAM, logging, virtual machines and the Kubernetes engine.
Independent configuration reviews and pen testing are the best tools for assessing an organisation’s cloud security defenses. Our team of experts will approach a client’s cloud environment with an attackers mindset to uncover any vulnerabilities in applications or infrastructure. They can also offer remediation guidance that will incorporate a system’s unique business requirements to present recommendations that will leverage the security features available from all major Cloud Services Providers.
Kroll’s experts can also utilise a wide range of assessment tools and manual attack techniques to expose additional vulnerabilities that are often overlooked in cloud services. Working with certified pen testing experts, our cloud security consultants can test our clients’ cloud environments using real-world tactics and strategies used by hackers to compromise cloud services.
Every year, Kroll’s digital forensics experts investigate hundreds of cloud security incidents across Singapore, Hong Kong, Asia and the world. Combined with our decades of broader incident response experience and our advanced intelligence collection practices, our team is in the best possible position to respond quickly and efficiently to any cloud security emergency.
The primary concern for most organisations dealing with a cloud security incident is securing any sensitive data within their systems. Kroll’s experts understand this, and, with their wealth of investigative knowledge and experience, they know how to quickly identify and secure files containing sensitive data.
Virtually all businesses are currently considering migrating to or increasing operations in the cloud to take advantage of increased flexibility and cost savings. However, for organisations hoping to avoid the added time, money and reputational damage that comes with a data breach, it is important to plan carefully and ask the right questions about security during a cloud migration.
Our cloud security consulting services offer technical expertise and resources to examine and assess every aspect of a company’s security program, including security policies, human interactions, and technology at every data touchpoint. Our collaborative and transparent approach means we will work with clients to learn the specifics of their business so we can develop a cloud security programme that is customised to meet their unique needs.
With the exponential rise of remote work, security leaders have been presented with a new challenge: How to seamlessly maintain productivity while assessing physical and cybersecurity controls to ensure data remains secure in the cloud environment. The increased use of VPNs, personal devices, cloud storage repositories, and shadow IT systems have created new obstacles for data security.
Kroll will perform a comprehensive assessment of an organisation’s programme to help them maintain security as the need for remote work increases. We will consult with IT departments and remote workers to identify a system’s strengths and uncover any vulnerabilities that can be exploited by bad actors or unaware employees.
Cyber criminals and malicious actors are all too aware of the security gaps that can accompany a move to the cloud. Our specialists utilise their unrivaled knowledge and expertise to help clients navigate risks presented by the cloud so they can be in a better position to protect their organisation’s data and respond appropriately to a cyber incident.
Our experts will not simply draft a report on system vulnerabilities and leave the client to address them on their own. Instead, we become an extension of their IT and data security teams, collaborating at every point to ensure security, compliance with regulations, and, hopefully, the success of their cloud-based operations. Our services and proprietary data help our clients keep pace with the ever-changing threat landscape.
Kroll’s Cyber Risk professionals have credentials and certifications from all the leading cloud services providers. Our team members have vast experience working with many AWS services, including EC2, Lambda, S3 and Cognito. Others are certified work with Azure Virtual Machines, Azure Functions, Blob Storage, and Axure Active Director as well as Google Cloud.
Our cyber risk team performed more than 25,000 hours of cloud security assessments across AWS, Azure, and Google Cloud platforms in 2021 alone. We also work extensively with other leading cloud tools, like Dome9, Prisma and ScoutSuite.
Stop cyberattacks. Kroll’s managed detection and response services are powered by an elite team of seasoned cyber risk experts and frontline threat intelligence to deliver unrivaled response.
Today, you learn your company is experiencing a serious cyber incident. It could be a ransomware attack, a hacked O365 email account, the theft of PII or PHI, data exposure from misconfigured network settings. What is the first step you should take?
Kroll’s field-proven incident response tabletop exercises provide a customised test of every aspect of an organisation’s cyber response plan.
Manage risk, not spreadsheets. Identify and address cyber threats in third-party relationships to ensure compliance with regulations such as NYDFS, FARS, GDPR, etc.
Kroll’s cyber audits and reviews ensure third parties handle sensitive data according to regulatory guidelines and industry standards.
Safely perform attacks on your production environment to test your security technology and processes.
by Alex Cowperthwaite
by Ben Mahar
by Rob Deane