Kroll’s multi-layered approach to cloud security services leverages our unrivaled incident response expertise to examine key controls across your entire cloud environment—from Office 365 or Google G Suite email systems to complex infrastructure such as AWS, Azure and Google Cloud.
Kroll has deep knowledge of cloud environments and the process for building security into diverse cloud deployments, including interactions between your users and critical cloud services. With frontline insights from handling thousands of cloud security incidents, we focus on reducing accidental data exposures as well as preventing unauthorized actors from gaining access to your environment, two of the biggest risks often associated with cloud applications.
Cloud Security Assessment Approach
Kroll’s cloud security assessment integrates overall security best practices with measures that are customized to your organization’s specific cloud architecture. For example, as best practices, our seasoned practitioners will examine several key areas, including but not limited to, the following:
- External network access control
- Internal network access control
- User management and authentication
- Multifactor authentication for remote access
- Backup and disaster recovery
- Security event logging, correlation and alerting
- Incident response planning
For clients who are considering or have chosen a specific cloud hosting provider, Kroll’s cloud security risk assessment will focus on evaluating the configuration and controls for that specific deployment. Following are brief, non-exhaustive samples of provider-specific risk assessments:
Microsoft Office 365 (O365) Email Security Assessment
With a goal of identifying material gaps or significant shortcomings in a client’s email security defenses, a typical O365 email security assessment may focus on:
- Security settings to restrict unauthorized access
- User activity logging and auditing configurations to aid investigative efforts
- Existing email filtering options and configurations to prevent phishing attacks and malicious payload delivery
- Email access protocols
- Secure message communications
- Azure Active Directory security configuration
- Intune Mobile Device Management
- SharePoint and OneDrive
As an added layer of protection, Kroll can also assess the client’s secondary defenses, including the following:
- Workstation controls
- Employee awareness
- Incident response
- Business processes related to email authorization of payments (to help mitigate business email compromise attacks)
We’ve provided in-depth details on Office 365 Security and published an Office 365 business email compromise case study. Our North America Incident Response Leader, Devon Ackerman, has also presented a complete methodology for Office 365 Incident Response (link includes video).
Google G Suite Email Security Assessment
It focuses on G Suite configuration for email, drive and content compliance, policies for phishing prevention, workstation defenses and end user awareness. Following the same robust approach to our Office 365 assessments, our experts evaluate similar security and access controls, in addition to:
- Google drive configurations
- Best practices for content compliance policies
- Alert center reporting
AWS Cloud Security Assessment Example
A typical AWS configuration security assessment may include reviewing:
- AWS security groups
- AWS identity and access management (IAM) users and API keys
- AWS network access control lists (ACLs)
- AWS logging
- Relational database services (RDS) configuration
- Elastic Compute Cloud (EC2) instance lifecycles
- Backup and disaster recovery processes
- Simple Storage Service (S3) bucket security
Google Cloud Security Assessment Example
The Kroll approach to Google Cloud security assessment focuses on configuration, document storage and workstation defenses and may include reviewing specific configurations related to:
- Identity and access management (IAM)
- Logging and monitoring
- Virtual machines
- Storage services
- Kubernetes engine
Vulnerability and Penetration Testing for Cloud Services
Independent vulnerability scans and penetration testing can deliver the findings that are the ultimate gauge of your cloud security defenses. With the exponential growth of remote workforces and an often-hasty migration to cloud services to facilitate work-from-home environments, criminals now have an expanded network to attack—one often much less defended than in the office.
Kroll’s experts are experienced in using a wide variety of assessment tools as well as manual attack techniques to uncover weaknesses that are often missed in cloud services. Coupled with CREST-certified penetration testing experts that have extensive incident responder experience, we bring real-world tactics, techniques and procedures (TTPs) typically deployed by successful criminals to compromise cloud services.
Cloud-Specific Incident Response
Kroll’s digital forensic experts investigate hundreds of cloud-related security incidents yearly. Our experts’ cumulative experience enables us to respond more quickly and not only isolate indicators of compromise, malware or unauthorized activity but also to contain and remediate.
Kroll understands that a major concern for most clients with a cloud incident is whether sensitive data was compromised. Our wealth of investigative experience and knowledge translates into unrivaled expertise in assessing and identifying files that are likely to contain sensitive data (as defined by counsel/client). We also use advanced analytics to assist in identifying files that do not require review for sensitive data and perform statistically valid sampling to verify the results.
Fortify Your Defenses and Response Resources
You can be certain that cyberattackers are aware of security gaps resulting from cloud implementations that fail to harden security measures. Kroll’s cloud security specialists have unrivaled knowledge to help you navigate the unique risks cloud presents, so you’re in a better position to protect your data and respond to an incident. Talk to a cloud security expert today via our global 24x7 hotlines or our contact page.