Cloud Security Services

Kroll’s multi-layered approach to cloud security services leverages our unrivaled incident response expertise to examine key controls across your entire cloud environment—from Office 365 or Google G Suite email systems to complex infrastructure such as AWS, Azure and Google Cloud.

Contact Cyber Experts
/en/services/cyber-risk/assessments-testing/cloud-security-services service

Kroll has deep knowledge of cloud environments and the process for building security into diverse cloud deployments, including interactions between your users and critical cloud services. With frontline insights from handling thousands of cloud security incidents, we focus on reducing accidental data exposures as well as preventing unauthorized actors from gaining access to your environment, two of the biggest risks often associated with cloud applications.

Cloud Security Assessment Approach

Kroll’s cloud security assessment integrates overall security best practices with measures that are customized to your organization’s specific cloud architecture. For example, as best practices, our seasoned practitioners will examine several key areas, including but not limited to, the following:

  • External network access control
  • Internal network access control
  • User management and authentication
  • Multifactor authentication for remote access
  • Backup and disaster recovery
  • Security event logging, correlation and alerting
  • Incident response planning

For clients who are considering or have chosen a specific cloud hosting provider, Kroll’s cloud security risk assessment will focus on evaluating the configuration and controls for that specific deployment. Following are brief, non-exhaustive samples of provider-specific risk assessments: 

Microsoft Office 365 (O365) Email Security Assessment

With a goal of identifying material gaps or significant shortcomings in a client’s email security defenses, a typical O365 email security assessment may focus on: 

  • Security settings to restrict unauthorized access
  • User activity logging and auditing configurations to aid investigative efforts
  • Existing email filtering options and configurations to prevent phishing attacks and malicious payload delivery
  • Email access protocols
  • Secure message communications
  • Azure Active Directory security configuration
  • Intune Mobile Device Management
  • SharePoint and OneDrive

As an added layer of protection, Kroll can also assess the client’s secondary defenses, including the following:

  • Workstation controls
  • Employee awareness
  • Incident response
  • Business processes related to email authorization of payments (to help mitigate business email compromise attacks)

We’ve provided in-depth details on Office 365 Security and published an Office 365 business email compromise case study. Our North America Incident Response Leader, Devon Ackerman, has also  presented a complete methodology for Office 365 Incident Response (link includes video). 

Google G Suite Email Security Assessment

It focuses on G Suite configuration for email, drive and content compliance, policies for phishing prevention, workstation defenses and end user awareness. Following the same robust approach to our Office 365 assessments, our experts evaluate similar security and access controls, in addition to:

  • Google drive configurations
  • Best practices for content compliance policies
  • Alert center reporting


AWS Cloud Security Assessment Example

A typical AWS configuration security assessment may include reviewing:

  • AWS security groups
  • AWS identity and access management (IAM) users and API keys
  • AWS network access control lists (ACLs)
  • AWS logging
  • Relational database services (RDS) configuration
  • Elastic Compute Cloud (EC2) instance lifecycles
  • Backup and disaster recovery processes
  • Simple Storage Service (S3) bucket security


Google Cloud Security Assessment Example

The Kroll approach to Google Cloud security assessment focuses on configuration, document storage and workstation defenses and may include reviewing specific configurations related to:

  • Identity and access management (IAM)
  • Logging and monitoring
  • Networking
  • Virtual machines
  • Storage services
  • Kubernetes engine

Vulnerability and Penetration Testing for Cloud Services

Independent vulnerability scans and penetration testing can deliver the findings that are the ultimate gauge of your cloud security defenses. With the exponential growth of remote workforces and an often-hasty migration to cloud services to facilitate work-from-home environments, criminals now have an expanded network to attack—one often much less defended than in the office. 

Kroll’s experts are experienced in using a wide variety of assessment tools as well as manual attack techniques to uncover weaknesses that are often missed in cloud services. Coupled with CREST-certified penetration testing experts that have extensive incident responder experience, we bring real-world tactics, techniques and procedures (TTPs) typically deployed by successful criminals to compromise cloud services. 

Cloud-Specific Incident Response 

Kroll’s digital forensic experts investigate hundreds of cloud-related security incidents yearly. Our experts’ cumulative experience enables us to respond more quickly and not only isolate indicators of compromise, malware or unauthorized activity but also to contain and remediate.

Kroll understands that a major concern for most clients with a cloud incident is whether sensitive data was compromised. Our wealth of investigative experience and knowledge translates into unrivaled expertise in assessing and identifying files that are likely to contain sensitive data (as defined by counsel/client). We also use advanced analytics to assist in identifying files that do not require review for sensitive data and perform statistically valid sampling to verify the results. 

Fortify Your Defenses and Response Resources

You can be certain that cyberattackers are aware of security gaps resulting from cloud implementations that fail to harden security measures. Kroll’s cloud security specialists have unrivaled knowledge to help you navigate the unique risks cloud presents, so you’re in a better position to protect your data and respond to an incident. Talk to a cloud security expert today via our global 24x7 hotlines or our contact page

Connect with us

William Rimington
William Rimington
Managing Director and Co-Leader EMEA Cyber Risk
Cyber Risk
Keith Novak
Keith L Novak
Managing Director
Cyber Risk
New York
Jeff Macko is a Director
Jeff Macko
Associate Managing Director
Cyber Risk
Gregory Michaels
Greg Michaels
Managing Director and Global Head of Proactive Services
Cyber Risk

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Comprehensive investment banking, corporate finance, restructuring and insolvency services to investors, asset managers, companies and lenders.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.


How to Build Your Cloud Migration Security Strategy

Sep 16, 2022

by Rob DeaneAlex Cowperthwaite


Guide to Cloud Penetration Testing: What It Is and Why You Need It

Sep 08, 2022

by Alex Cowperthwaite


How Penetration Testing Can Better Prepare You for a SOC 2 Audit

Sep 02, 2022

by Alex CowperthwaiteRob DeaneBenjamin Mahar


Q2 2022 Threat Landscape: Ransomware Returns, Healthcare Hit

Aug 10, 2022

by Laurie IaconoKeith Wojcieszek George Glass


A CISO’s Guide to Container Security: Understanding Vulnerabilities & Best Practices

Jul 25, 2022

by Alex Cowperthwaite


SMB Guide to Cloud Security

Jun 24, 2022

by Louis Muniz, Brett Davido


Kroll Partners with Armis to Extend Preparedness and Response for OT and ICS Environments

May 09, 2022


Kroll Named in the GIR 100

Oct 23, 2020


Kroll Named a Cyber Security Services Pacesetter by ALM Intelligence

Oct 28, 2020


Alan Brill and Yvette Gabrielian Highlight 8 Questions to Ask Following Schrems II Decision

Sep 17, 2020