Cloud Security Services

Cloud Security Services

Rapid changes in working environments has resulted in an increased move to cloud-based services for scalability and flexibility, better cost efficiency, and regulatory compliance. However, these changes often result in vulnerabilities to your systems and data. Regular assessments, testing, and assurance are part of good cyber and information security policies.

Cloud Security Penetration Testing

Organisations are realizing the benefits of moving infrastructure and services to the cloud however they often do not fully understand the security implications of doing so. A cloud technical security assessment will identify deficiencies in cloud security architecture, identify vulnerabilities in applications and provide recommendations to improve security of the cloud system.

Cloud Architecture Assessment

Analysis of the security of the client’s cloud system architecture to determine if it satisfies security requirements. A report will assess the architecture and also describe in detail which aspects of security are the responsibility of the client and which can be passed to the cloud provider ensuring there is no ambiguity and nothing will “fall between the cracks”.

Cloud Best Practice Bench-marking

Technical bench-marking tests for major cloud service providers such as Amazon AWS, Microsoft Azure, Rack space, Salesforce. Our review will provide bench-marking against best practice guidelines written by bodies such as the Cloud Security Alliance and customised to the client’s requirements.

AWS Security

An AWS Security service reviews the implementation of an AWS environment, looking to identify any areas that could present risk or unintentional access to the internet. The baseline assessment considers the organisational requirements and context for cloud services and compares this against best practice implementation guidelines and hardening standards.

Azure Security

An Azure Security service reviews the implementation of an Azure environment, looking to identify any areas that could present risk or unintentional access to the internet. The baseline assessment considers the organisational requirements and context for cloud services and compares this against best practice implementation guidelines and hardening standards.

Office 365 Security

Security Centric provides Office 365 security audits to pre-emptively identify and remediate high-risk misconfigurations to harden your environment against cyber criminals. Security Centric also investigates suspicious Office 365 activity to determine if, and when a breach has occurred.

AWS Security

  • Security Control Effectiveness
    • Access Policies and MFA
    • Root access and keys
    • Key Pair Usage
    • Gateway Configurations
    • Change Management and DevOps procedures
    • Elastic IP audit
    • S3 Bucket policies and ACLs
    • CloudTrail Configuration
    • Service Control policies
  • Audit Function Effectiveness
    • GuardDuty
    • Logs: S3, ELB, CloudTrail, AWS Config, VPC flows, CloudTrail events.
  • Network Segmentation Testing

Azure Security

  • Security Control Effectiveness
    • Identity and Access Management
    • Security Center
    • Storage Accounts
    • Database Services
    • Log and Audit Profiles
    • KeyVault
    • Activity Logs
    • Network Security Groups and Watcher
    • Secrets and Key management
    • AppService
  • Network Segmentation Testing

Office 365 Security

  • Bench-marking and Risk Scoring
  • Detect MFA Bypass
  • Mailbox Rule Analysis
  • Authentication and Authorisation
  • Comprehensive configuration scope
  • Log Auditing
  • Security Management
  • Threat Protection
  • Anti-phishing
  • Anti-malware
  • Sharing configuration and policies
  • Legacy Authentication

Need More Information?

We know cyber security can be confusing, but it doesn't have to be. If you've got questions about your cloud security needs, from basic to advanced, our team of business and technical experts are happy to help.

Get in Touch

Don't Get Caught Out:

Unsure of what you should be looking for from your penetration test? We've compiled a checklist outlining the top five "must-haves" from your security provider.

Download
Checklist mockup Cropped

Our Qualifications

crest-logo-cirlc
Council of Registered Ethical Security Testers
CREST Approved companies and their CREST Certified staff, with proven technical capabilities and a commitment to integrity and high-quality service, are the natural choice in information security testing providers.
osce-logo-circle
Offensive Security Certified Expert
OSCE is the most challenging penetration testing certification in the industry. It proves a practical understanding of advanced penetration testing skills: the ability to identify hard-to-find vulnerabilities and misconfigurations in various operating systems.
iso-logo-cirlc
Information Security Management System
ISO 27001 Lead Auditors and Lead Implementers possess an understanding of enterprise information security risk management.
irap-logo-cirlc
InfoSec Registered Assessors Program
The program, run by the Australian Signals Directorate, that assesses ICT environment for processing and storing classified data. Security Centric has multiple assessors to satisfy resource demands.
dod-logo-cirlc
Security Cleared Personnel
Consultants and engineers maintain SECRET or TOP SECRET security clearances. This means those personnel discovering vulnerabilities in your systems are properly vetted.
pci-logo-cirlc
Payment Card Industry Qualified Security Assessor
Audit and certify environment processing and storing credit card transactions.