Professional services firm with global reach and deep expertise in audit and assurance, tax and advisory with a large presence in Australia.
A leading professional services firm was assessing new technology to drive innovative solutions and offerings as part of their digital transformation program. Having recently adopted public cloud, the organisation was looking to increase the use of public cloud to assist in delivering solutions while also realising the benefits from a cost savings and agility perspective.
With security a key consideration for the design and implementation of any cloud-based platform, the company was seeking to ensure standards for establishing necessary controls. The firm sought an independent assessment of the public cloud platform to determine its viability and security posture so they could take the necessary remedial measures to improve it.
To address the company’s concerns and requirements, Kloud recommended and developed a cloud security governance and control framework which helped to define;
- Organisational direction on adoption and consumption of cloud services (e.g. SaaS, PaaS & IaaS) and the preferred cloud providers
- A governance model for request, approval, implementation and maintenance of cloud based services
- A comprehensive set of security controls aligning to the organisation’s security policies & standards and industry standards such as ISO27001 and CSA’s CCM
Kloud also developed a reference security architecture to define the architectural and security components requiring implementation to enable sufficient security controls outlined in the initial framework.
Kloud conducted a comprehensive security assessment of the overall architecture and the platform comprising of the cloud service deployed. The assessment also covered non-technical aspects of the solutions, including:
- User provisioning
- Access management including privileged access and user access revalidation
- Logging and auditing
- Incident response
- Data handling
- Software development practices
Gaps and areas of non-compliance within security controls framework were documented and rated based on the risk it posed to the organisation. Mitigation controls were defined and prioritised based on the risk rating and an implementation roadmap was defined and presented to the business.
Kloud helped the company to identify the security posture of the platform and provided recommendations on improving its overall security strategy.
- Overall security state of the platform and risk position
- Immediate areas of focus
- Improved compliance
- Higher level of confidence in the platform and the ability to demonstrate and sell their services to clients