Cloud Native Security Platform (CNSP) Design and Implementation for Top Five Media Firm

For almost 100 years, this client has been one of the leading entertainment companies in the United States. The company has grown into one of the largest and best-known media conglomerates in the world. Tasked with an aggressive deadline to move its extensive data centres to the cloud as part of the firm’s digital transformation mandates, they required enterprise-scale cloud security services to help with migration and secure configuration of a large deployment.



  • Media and Entertainment
  • Moving core data to the cloud created the need for increased adoption of cloud service providers  
  • Required proactive visibility into cloud services, activities and security configurations
  • Design of the base implementation of a cloud native security platform (CNSP)



Kroll Services
  • Design of the base implementation of a cloud native security platform (CNSP)
  • Successful internal adoption of the CNSP
  • Better cloud services compliance management
  • Increased automation of cloud configuration

The Challenge

This client’s information security team creates company-wide baselines for information security. Information security teams for each segment within the business can then supplement those baselines with further requirements as needed for their infrastructure and business tasks.

The company had an internal mandate, over the course of a two- to three-year period, to shut down all of its data centres. The company planned to move anything that could not be held in one of its office buildings to the cloud. This required the increased adoption of cloud service providers throughout the company.

As part of this broad move to the cloud, the company knew it needed proactive visibility into cloud services, activities and security configurations.

Kroll's Solution

This client had already worked with Kroll for PCI compliance projects. Though those weren’t specifically limited to the cloud, there were places where PCI compliance and cloud infrastructure overlapped. Furthermore, those engagements allowed the client to see our approach. The organization learned that Kroll’s team was not only there to check compliance boxes, but also to learn about the business and ask the right kinds of questions. In previous discussions during the PCI engagements, the client noticed that the Kroll team highlighted security concerns that they were having already but had not discussed specifically yet.

The office in charge of the digital transformation initiative brought in Kroll to design the base implementation of a cloud native security platform (CNSP),  including three main goals:

  • Documentation of compliance checks
  • Documentation of best practices
  • Recommendations, based on business practices, for what they needed to be looking for in their cloud activity as a precursor to an attack. Those best practices had to be matched with existing releases from the governance board, or presented to them with justification for why they should be added company-wide.

Kroll applied its consultative know-how to the engagement. In addition to configuring the tool and explaining how this was achieved, Kroll  invited broader discussions about refining alerts, training team members and building context around the implementation. Kroll also provided deliverables that evolved to fit insights into the company’s business needs.

Kroll worked with the client to understand the capabilities of the CNSP in the context of the client’s infrastructure and its security needs. This involved collaborating with the client’s CIS team to identify the gaps in what they were seeing versus what they needed to see to develop strong cloud security. Kroll also worked with the CIS team to prioritise compliance checks based on their expected use cases and their security and visibility goals. Kroll was available when the CIS board was discussing needs and recommendations with the governance board, to present research and findings to illuminate the discussions.

After working with the client team to recommend best practices, the Kroll team designed an implementation in the CNSP between both the company’s information security policies and existing best practices and governance board releases, so they could start implementing checks in the tool. This was the primary deliverable: a working implementation of the CNSP that reflects necessary compliance checks and best practices.

Kroll also presented a mapping between the client’s current information security policies and the best practices for its business needs, cloud implementation and goals. From that, the CIS team could make the case to the governing board for security checks that were not yet in their releases or recommendations, but should be incorporated into the information security baselines.

Kroll also went the extra mile to identify how the tool could be better. It documented the delta between what existed in the tool and what needed to exist in the tool to reach the company’s security and compliance goals and presented a checklist that it could present to the CNSP product team, so they could improve the tool.

The Impact

After working with Kroll, the client has seen multiple security and operations benefits:

Internal Adoption of the CNSP

In such a large enterprise, security buy-in can be difficult. Working with Kroll not only enabled the CIS to develop a baseline configuration for the CNSP, but helped get the initial teams onboarded, built credibility around the tool, and convinced internal teams that it would help reach security and compliance goals without inundating them with false positives or slowing progress towards business goals.

Better Cloud Services Compliance Management

With a sound base configuration for the CNSP, there is no longer a day-to-day decision for how to set up new instances or accounts. The CIS and individual security teams within the company can instead get up and running more quickly, and they have the ability to think ahead about how to expand from the most critical assets and checks.

Increased Automation of Cloud Configuration

The CNSP’s cloud security configuration and automation features can save time, especially at enterprise scale, but they require significant trust in both the tool and the configuration to allow CNSP to make sensitive security configurations in an automated fashion. With the trust Kroll helped build, teams within this client are embarking on the road to increased security automation in the cloud.

Improved Onboarding Documentation

During the course of the implementation, Kroll identified an encryption handling flaw in AWS that was coming up more often than it should. Kroll found that the client’s internal documentation did not contain all of the necessary information about how to configure encryption on user accounts, and provided feedback to help the client improve that documentation.

Learn more about Kroll Cloud Security and Penetration Testing services.

Cloud Security Services

Kroll’s multi-layered approach to cloud security consulting services merges our industry-leading team of AWS and Azure-certified architects, cloud security experts and unrivalled incident expertise.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

Payment Card Industry Services

Kroll offers a wide range of services for both merchants and payment processors, from audits to incident management services, to pragmatic approaches for strengthening your cyber defenses.

Cyber Governance and Strategy

Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.