Cloud Security

Cloud Security Assessment

Understand cyber risks and cloud usage and then define a business-aligned strategy to manage those risks and compliance considerations in the cloud.

Challenges

As we move to the cloud, how do we ensure that cyber risks are managed and cloud usage is secure and compliant?

Cloud introduces a new set of challenges that necessitate an evolution of the way we view security.


Cloud usage varies across service and deployment models.
Cloud service providers are responsible for the security of the cloud; businesses and organisations are responsible for their own security in the cloud. How can we leverage the shared responsibility model to understand the varying levels of responsibility and manage those efficiently?

Cloud resources are transient by nature.
Resources can be spun up and torn down almost instantaneously. Traditional security approaches and perimeter-based security tools are less effective in a world of dissolving perimeters and reduced visibility.

Cloud service providers introduce their own native set of platform-specific security services.
Navigating the ever-evolving portfolio of cloud platform security features and ensuring they are configured properly is a complex and continuous task in itself. These security services are unique to each cloud platform. When businesses and organisations use more than one cloud, how can we standardise operations and normalise security controls across hybrid and multi-cloud environments?

Cloud security demands new skillsets beyond traditional cybersecurity roles.
It is widely acknowledged that there is a cybersecurity skills shortage; cloud security skills are even harder to come by given that cloud security requires a strong understanding of the technologies that intersect and overlap with cloud, including virtualisation, networking, software development and DevSecOps, interpreted in the context of the cyber kill chain, incident response phases and cyberattack frameworks.

These are just some of the challenges posed by cloud. Put together, Gartner predicts that, in 2020 and beyond, more than 95% of cloud security failures will be the customer's fault. It is no longer a question of whether the cloud is inherently secure, but rather whether our use of the cloud is secure. Where do you start?

Our approach

Securing cloud spans the entire security landscape, with data at the core. At Deloitte, we take a business-aligned risk management and compliance framework-led approach to systematically reviewing cloud usage along cyber-risk domains and understanding how cloud services can be secured as necessary.

  1. Interview and workshop

    Through interviews and workshops, we understand your organisation's compliance requirements, existing cloud usage and future cloud growth initiatives. We go through the shared responsibility model, gaining an understanding of the processes, procedures and internal controls that are currently in place.

  2. Documentation review

    We work with you to collate and analyse documentation for design blueprints, cloud services that have been deployed and security controls that are implemented.

  3. Manual system check

    For existing cloud services, we leverage cloud security posture management systems that are built into each cloud platform to review deployed configurations alongside the appropriate compliance framework and best-practice guidelines.

  4. Automated environment scan

    We deploy automated cloud service discovery tools to increase visibility on the cloud estate, provide insight into cloud service deployment, verify configurations and further understand user access and activity. Through these phases, we build a clear security baseline relative to the required compliance framework, and assess maturity alongside appropriate best practices and the target state. From this, we define a strategy with a prioritised roadmap to improve the security posture of the cloud.

  1. Interview and workshop
  2. Documentation review
  3. Manual system check
  4. Automated environment scan

Through interviews and workshops, we understand your organisation's compliance requirements, existing cloud usage and future cloud growth initiatives. We go through the shared responsibility model, gaining an understanding of the processes, procedures and internal controls that are currently in place.

We work with you to collate and analyse documentation for design blueprints, cloud services that have been deployed and security controls that are implemented.

For existing cloud services, we leverage cloud security posture management systems that are built into each cloud platform to review deployed configurations alongside the appropriate compliance framework and best-practice guidelines.

We deploy automated cloud service discovery tools to increase visibility on the cloud estate, provide insight into cloud service deployment, verify configurations and further understand user access and activity. Through these phases, we build a clear security baseline relative to the required compliance framework, and assess maturity alongside appropriate best practices and the target state. From this, we define a strategy with a prioritised roadmap to improve the security posture of the cloud.

Why Deloitte?

Awarded market leaders

We strive to continuously lead the market in the area of cyber risk and security services. We are awarded and acknowledged by some of the most renowned institutions within the area of cyber, e.g. Gartner, ALM Intelligence and Forrester. In 2020, we were named global leader in Security Consulting Services for the 9th year in a row by Gartner.

Leading-edge technologies

We are committed to investing in innovation and emerging technologies to ensure that we are equipped with the latest tools to solve current and future challenges for our clients. Alliances with market-leading cyber vendors and groundbreaking startups around the world offer our clients access to a wide range of cyber-risk technologies and leading-edge technology innovation.

Global intelligence delivered locally

We have the largest professional services network in the world. Diversity across our cyber teams helps us work across the globe with a local and personal lens. We have over 8,600 dedicated cyber-risk service practitioners of which 1,300 are dedicated to Europe and the Middle East alone, ready to help our clients everywhere with any challenge.

End-to-end cyber-risk services

We cover every aspect of cyber risk — from advisory and implementation of strategic transformations to managed security services, product solutions and incident management. This enables us to deliver more resilient and silo-breaking solutions, taking the whole business chain into account. This helps our clients to leverage their potential and growth even more.

Reach out

How do you reap the transformative benefits of cloud while remaining secure and compliant? Leverage our risk management and compliance framework-based approach to navigate these cloud security challenges and accelerate cloud growth with peace of mind.

Jay Choi

Partner

Nicholas Tsang

Senior Manager