Security assessment for Australia’s leading professional services firm

Customer Overview

Professional services firm with global reach and deep expertise in audit and assurance, tax and advisory with a large presence in Australia.

Business Situation

A leading professional services firm was assessing new technology to drive innovative solutions and offerings as part of their digital transformation program. Having recently adopted public cloud, the organisation was looking to increase the use of public cloud to assist in delivering solutions while also realising the benefits from a cost savings and agility perspective.

With security a key consideration for the design and implementation of any cloud-based platform, the company was seeking to ensure standards for establishing necessary controls. The firm sought an independent assessment of the public cloud platform to determine its viability and to understand its security posture in order to take remedial measures to improve it.

Solution

To address the company’s concerns and requirements, Kloud recommended and developed a cloud security governance and control framework which helped to define;

  • Organisational direction on adoption and consumption of cloud services (e.g. SaaS, PaaS & IaaS) and the preferred cloud providers
  • A governance model for request, approval, implementation and maintenance of cloud based services
  • A comprehensive set of security controls aligning to the organisation’s security policies & standards and industry standards such as ISO27001 and CSA’s CCM

Kloud also developed a reference security architecture to define the architectural and security components requiring implementation to enable sufficient security controls outlined in the initial framework.

Kloud conducted a comprehensive security assessment of the overall architecture and the platform comprising of the cloud service deployed. The assessment also covered non-technical aspects of the solutions, including:

  • User provisioning
  • Access management including privileged access and user access revalidation
  • Logging and auditing
  • Incident response
  • Data handling
  • Software development practices

Gaps and areas of non-compliance within security controls framework were documented and rated based on the risk it posed to the organisation. Mitigation controls were defined and prioritised based on the risk rating and an implementation roadmap was defined and presented to the business.

Kloud helped the company in identifying the security posture of the platform and provide recommendations on improving its overall security strategy.

Benefits

  • Overall security state of the platform and risk position
  • Immediate areas of focus
  • Improved compliance
  • Higher level of confidence in the platform and the ability to demonstrate and sell services to their clients