Cloud Security Services
Kroll’s multi-layered approach to cloud security services leverages our unrivaled incident response expertise to examine key controls across your entire cloud environment—from Office 365 or Google G Suite email systems to complex infrastructure such as AWS, Azure and Google Cloud.
Kroll has deep knowledge of cloud environments and the process for building security into diverse cloud deployments, including interactions between your users and critical cloud services. With frontline insights from handling thousands of cloud security incidents, we focus on reducing accidental data exposures as well as preventing unauthorized actors from gaining access to your environment, two of the biggest risks often associated with cloud applications.
Cloud Security Assessment Approach
Kroll’s cloud security assessment integrates overall security best practices with measures that are customized to your organization’s specific cloud architecture. For example, as best practices, our seasoned practitioners will examine several key areas, including but not limited to, the following:
- External network access control
- Internal network access control
- User management and authentication
- Multifactor authentication for remote access
- Backup and disaster recovery
- Security event logging, correlation and alerting
- Incident response planning
For clients who are considering or have chosen a specific cloud hosting provider, Kroll’s cloud security risk assessment will focus on evaluating the configuration and controls for that specific deployment. Following are brief, non-exhaustive samples of provider-specific risk assessments:
Microsoft Office 365 (O365) Email Security Assessment
With a goal of identifying material gaps or significant shortcomings in a client’s email security defenses, a typical O365 email security assessment may focus on:
- Security settings to restrict unauthorized access
- User activity logging and auditing configurations to aid investigative efforts
- Existing email filtering options and configurations to prevent phishing attacks and malicious payload delivery
- Email access protocols
- Secure message communications
- Azure Active Directory security configuration
- Intune Mobile Device Management
- SharePoint and OneDrive
As an added layer of protection, Kroll can also assess the client’s secondary defenses, including the following:
- Workstation controls
- Employee awareness
- Incident response
- Business processes related to email authorization of payments (to help mitigate business email compromise attacks)
We’ve provided in-depth details on Office 365 Security and published an Office 365 business email compromise case study. Our North America Incident Response Leader, Devon Ackerman, has also presented a complete methodology for Office 365 Incident Response (link includes video).
Google G Suite Email Security Assessment
It focuses on G Suite configuration for email, drive and content compliance, policies for phishing prevention, workstation defenses and end user awareness. Following the same robust approach to our Office 365 assessments, our experts evaluate similar security and access controls, in addition to:
- Google drive configurations
- Best practices for content compliance policies
- Alert center reporting
AWS Cloud Security Assessment Example
A typical AWS configuration security assessment may include reviewing:
- AWS security groups
- AWS identity and access management (IAM) users and API keys
- AWS network access control lists (ACLs)
- AWS logging
- Relational database services (RDS) configuration
- Elastic Compute Cloud (EC2) instance lifecycles
- Backup and disaster recovery processes
- Simple Storage Service (S3) bucket security
Google Cloud Security Assessment Example
The Kroll approach to Google Cloud security assessment focuses on configuration, document storage and workstation defenses and may include reviewing specific configurations related to:
- Identity and access management (IAM)
- Logging and monitoring
- Virtual machines
- Storage services
- Kubernetes engine
Vulnerability and Penetration Testing for Cloud Services
Independent vulnerability scans and penetration testing can deliver the findings that are the ultimate gauge of your cloud security defenses. With the exponential growth of remote workforces and an often-hasty migration to cloud services to facilitate work-from-home environments, criminals now have an expanded network to attack—one often much less defended than in the office.
Kroll’s experts are experienced in using a wide variety of assessment tools as well as manual attack techniques to uncover weaknesses that are often missed in cloud services. Coupled with CREST-certified penetration testing experts that have extensive incident responder experience, we bring real-world tactics, techniques and procedures (TTPs) typically deployed by successful criminals to compromise cloud services.
Cloud-Specific Incident Response
Kroll’s digital forensic experts investigate hundreds of cloud-related security incidents yearly. Our experts’ cumulative experience enables us to respond more quickly and not only isolate indicators of compromise, malware or unauthorized activity but also to contain and remediate.
Kroll understands that a major concern for most clients with a cloud incident is whether sensitive data was compromised. Our wealth of investigative experience and knowledge translates into unrivaled expertise in assessing and identifying files that are likely to contain sensitive data (as defined by counsel/client). We also use advanced analytics to assist in identifying files that do not require review for sensitive data and perform statistically valid sampling to verify the results.
Fortify Your Defenses and Response Resources
You can be certain that cyberattackers are aware of security gaps resulting from cloud implementations that fail to harden security measures. Kroll’s cloud security specialists have unrivaled knowledge to help you navigate the unique risks cloud presents, so you’re in a better position to protect your data and respond to an incident. Talk to a cloud security expert today via our global 24x7 hotlines or our contact page.
Technology-enabled legal and business solutions for corporate restructurings, settlement administrations, issuer services, agent and trustee services, and other complex support needs.
Compliance and Regulation
End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate operational security, legal, compliance and regulatory risk.
Corporate Finance and Restructuring
Comprehensive corporate finance, investment banking and restructuring support to clients, investors and stakeholders.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Investigations and Disputes
World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation and testimony.
Financial and operational restructuring and enforcement of security, including investigation, preservation and realization of assets for investors, lenders and companies.
Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.
Updated Cyber Security Fundamentals for Financial Services Organizations
ALM Intelligence Pacesetter Research – Cybersecurity Services 2020
Kroll Ransomware Attack Trends – 2020 YTD
CVE-2020-1472 (Zerologon) Exploit Detection Cheat Sheet
KAPE Intensive Training and Certification Live Webcast Sessions
Lunch & Learn: Navigating Increased Transactional Risk Scrutiny
10 Essential Cyber Security Controls for Increased Resilience and Better Insurance Coverage
Kroll Named in the GIR 100
Kroll Named a Cyber Security Services Pacesetter by ALM Intelligence
Alan Brill and Yvette Gabrielian Highlight 8 Questions to Ask Following Schrems II Decision
Kroll Enhances Managed Detection and Response Solutions with Kroll Responder