System Assessments and Testing

Cyber Risk

Cloud Security Services

Kroll’s multi-layered approach to cloud security services leverages our unrivaled incident response expertise to examine key controls across your entire cloud environment—from Office 365 or Google G Suite email systems to complex infrastructure such as AWS, Azure and Google Cloud.

Kroll has deep knowledge of cloud environments and the process for building security into diverse cloud deployments, including interactions between your users and critical cloud services. With frontline insights from handling thousands of cloud security incidents, we focus on reducing accidental data exposures as well as preventing unauthorized actors from gaining access to your environment, two of the biggest risks often associated with cloud applications. 

/en/services/cyber-risk/assessments-testing/cloud-security-services /-/media/feature/services/cyber-risk/assessments-testing-desktop-banner.jpg service
Cloud Security Assessment Approach

Kroll’s cloud security assessment integrates overall security best practices with measures that are customized to your organization’s specific cloud architecture. For example, as best practices, our seasoned practitioners will examine several key areas, including but not limited to, the following:

  • External network access control
  • Internal network access control
  • User management and authentication
  • Multifactor authentication for remote access
  • Backup and disaster recovery
  • Security event logging, correlation and alerting
  • Incident response planning

For clients who are considering or have chosen a specific cloud hosting provider, Kroll’s cloud security risk assessment will focus on evaluating the configuration and controls for that specific deployment. Following are brief, non-exhaustive samples of provider-specific risk assessments: 

Microsoft Office 365 (O365) Email Security Assessment

With a goal of identifying material gaps or significant shortcomings in a client’s email security defenses, a typical O365 email security assessment may focus on: 

  • Security settings to restrict unauthorized access
  • User activity logging and auditing configurations to aid investigative efforts
  • Existing email filtering options and configurations to prevent phishing attacks and malicious payload delivery
  • Email access protocols
  • Secure message communications
  • Azure Active Directory security configuration
  • Intune Mobile Device Management
  • SharePoint and OneDrive

As an added layer of protection, Kroll can also assess the client’s secondary defenses, including the following:

  • Workstation controls
  • Employee awareness
  • Incident response
  • Business processes related to email authorization of payments (to help mitigate business email compromise attacks)

We’ve provided in-depth details on Office 365 Security and published an Office 365 business email compromise case study. Our North America Incident Response Leader, Devon Ackerman, has also  presented a complete methodology for Office 365 Incident Response (link includes video). 

Google G Suite Email Security Assessment

It focuses on G Suite configuration for email, drive and content compliance, policies for phishing prevention, workstation defenses and end user awareness. Following the same robust approach to our Office 365 assessments, our experts evaluate similar security and access controls, in addition to:

  • Google drive configurations
  • Best practices for content compliance policies
  • Alert center reporting


AWS Cloud Security Assessment Example

A typical AWS configuration security assessment may include reviewing:

  • AWS security groups
  • AWS identity and access management (IAM) users and API keys
  • AWS network access control lists (ACLs)
  • AWS logging
  • Relational database services (RDS) configuration
  • Elastic Compute Cloud (EC2) instance lifecycles
  • Backup and disaster recovery processes
  • Simple Storage Service (S3) bucket security


Google Cloud Security Assessment Example

The Kroll approach to Google Cloud security assessment focuses on configuration, document storage and workstation defenses and may include reviewing specific configurations related to:

  • Identity and access management (IAM)
  • Logging and monitoring
  • Networking
  • Virtual machines
  • Storage services
  • Kubernetes engine

Vulnerability and Penetration Testing for Cloud Services

Independent vulnerability scans and penetration testing can deliver the findings that are the ultimate gauge of your cloud security defenses. With the exponential growth of remote workforces and an often-hasty migration to cloud services to facilitate work-from-home environments, criminals now have an expanded network to attack—one often much less defended than in the office. 

Kroll’s experts are experienced in using a wide variety of assessment tools as well as manual attack techniques to uncover weaknesses that are often missed in cloud services. Coupled with CREST-certified penetration testing experts that have extensive incident responder experience, we bring real-world tactics, techniques and procedures (TTPs) typically deployed by successful criminals to compromise cloud services. 

Cloud-Specific Incident Response 

Kroll’s digital forensic experts investigate hundreds of cloud-related security incidents yearly. Our experts’ cumulative experience enables us to respond more quickly and not only isolate indicators of compromise, malware or unauthorized activity but also to contain and remediate.

Kroll understands that a major concern for most clients with a cloud incident is whether sensitive data was compromised. Our wealth of investigative experience and knowledge translates into unrivaled expertise in assessing and identifying files that are likely to contain sensitive data (as defined by counsel/client). We also use advanced analytics to assist in identifying files that do not require review for sensitive data and perform statistically valid sampling to verify the results. 

Fortify Your Defenses and Response Resources

You can be certain that cyberattackers are aware of security gaps resulting from cloud implementations that fail to harden security measures. Kroll’s cloud security specialists have unrivaled knowledge to help you navigate the unique risks cloud presents, so you’re in a better position to protect your data and respond to an incident. Talk to a cloud security expert today via our global 24x7 hotlines or our contact page

Contact Us

Other Areas We Can Help

Cyber Risk

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk
Incident Response and Litigation Support

Cyber Litigation Support

Expert witnesses on any cyber topic including forensic data collection and analysis.

Cyber Litigation Support
Kroll Responder

Kroll Responder

Mature your cyber security with unparalleled visibility and constant protection.

Kroll Responder
Cyber Risk Retainers

Cyber Risk Retainers

Secure a true cyber risk retainer with elite digital forensics and incident response capabilities.

Cyber Risk Retainers



Updated Cyber Security Fundamentals for Financial Services Organizations


ALM Intelligence Pacesetter Research – Cybersecurity Services 2020


Kroll Ransomware Attack Trends – 2020 YTD


CVE-2020-1472 (Zerologon) Exploit Detection Cheat Sheet



KAPE Intensive Training and Certification Live Webcast Sessions



Lunch & Learn: Navigating Increased Transactional Risk Scrutiny



10 Essential Cyber Security Controls for Increased Resilience and Better Insurance Coverage