Cloud Security

Cloud Security Implementation Services

Establish and implement secure configurations in the cloud based on best practices.

Challenges

How can we navigate the ever-evolving portfolio of cloud platform security features, select the right ones for our cloud usage and ensure that they are properly configured?

Establishing and implementing secure configurations in the cloud based on best practices continues to be a significant challenge. Misconfiguration and inadequate change control ranks second in the Cloud Security Alliance's 2019 report “Top Threats to Cloud Computing: The Egregious Eleven”. It is often the leading cause of data breaches, ranked the highest security issue in the same report.

Cloud resources are transient by nature. Resources can be spun up and torn down almost instantaneously. Traditional security approaches and perimeter-based security tools are less effective in a world of dissolving perimeters and reduced visibility. Traditional controls and change management approaches that require multiple roles and approvals may not keep pace with or be as effective in the cloud.

Securing cloud is a complex task that requires a continuous effort. At Deloitte, we take a business-aligned cloud security posture management approach to systematically reviewing cloud usage along with cyber-risk domains, highlighting potential misconfigurations and prioritising remediation with you to secure these as necessary.

  1. Establish current cloud usage and configurations

    We leverage the strategy and a prioritised roadmap from prior cloud security assessments to understand the existing cloud usage, applicable compliance frameworks, security gaps identified and remediation recommendations made.

  2. Prioritise remediation activities

    We work with you to prioritise remediation activities according to time, effort, budget and impact on the cloud security posture. We can leverage cloud platform-specific or external third-party security posture management tools.

  3. Implement secure configurations

    Our engineers make the required configuration changes according to remediation recommendations and cloud platform best practices in alignment with compliance framework controls.

  4. Verify with cloud security posture management tools

    We run a subsequent configuration scan to verify configurations and confirm that changes align with remediation recommendations, cloud platform best practices and the applicable compliance framework controls. Through these phases, we close the gaps identified by prior cloud security assessments, improve existing configurations, verify changes with subsequent configuration scans and thereby increase the cloud security posture.

  1. Establish current cloud usage and configurations
  2. Prioritise remediation activities
  3. Implement secure configurations
  4. Verify with cloud security posture management tools

We leverage the strategy and a prioritised roadmap from prior cloud security assessments to understand the existing cloud usage, applicable compliance frameworks, security gaps identified and remediation recommendations made.

We work with you to prioritise remediation activities according to time, effort, budget and impact on the cloud security posture. We can leverage cloud platform-specific or external third-party security posture management tools.

Our engineers make the required configuration changes according to remediation recommendations and cloud platform best practices in alignment with compliance framework controls.

We run a subsequent configuration scan to verify configurations and confirm that changes align with remediation recommendations, cloud platform best practices and the applicable compliance framework controls. Through these phases, we close the gaps identified by prior cloud security assessments, improve existing configurations, verify changes with subsequent configuration scans and thereby increase the cloud security posture.

Why Deloitte?

Awarded market leaders

We strive to continuously lead the market in the area of cyber risk and security services. We are awarded and acknowledged by some of the most renowned institutions within the area of cyber, e.g. Gartner, ALM Intelligence and Forrester. In 2020, we were named global leader in Security Consulting Services for the 9th year in a row by Gartner.

Leading-edge technologies

We are committed to investing in innovation and emerging technologies to ensure that we are equipped with the latest tools to solve current and future challenges for our clients. Alliances with market-leading cyber vendors and groundbreaking startups around the world offer our clients access to a wide range of cyber-risk technologies and leading-edge technology innovation.

Global intelligence delivered locally

We have the largest professional services network in the world. Diversity across our cyber teams helps us work across the globe with a local and personal lens. We have over 8,600 dedicated cyber-risk service practitioners of which 1,300 are dedicated to Europe and the Middle East alone, ready to help our clients everywhere with any challenge.

End-to-end cyber-risk services

We cover every aspect of cyber risk — from advisory and implementation of strategic transformations to managed security services, product solutions and incident management. This enables us to deliver more resilient and silo-breaking solutions, taking the whole business chain into account. This helps our clients to leverage their potential and growth even more.

Reach out

How do you reap the transformative benefits of cloud while remaining secure and compliant? Leverage our continuous cloud security posture management approach to navigate these cloud security challenges and accelerate cloud growth with peace of mind.

Jay Choi

Partner

Nicholas Tsang

Senior Manager