About

Most organisations store some of their data or applications in the cloud. For example:

• Using Google Workspace or Microsoft 365 for email and filesharing.
• Hosting custom applications in AWS, Azure or Google Cloud Platform.

While using cloud services can have many benefits, it’s important to make sure that the environments are setup properly to protect your data, and to make sure you understand what security guarantees the platforms provide versus what is still your responsibility.

How we can help

Pākiki can review your cloud environment and work with you to:

• Ensure reasonable protections are in place to stop unauthorised users from logging into your environments.
• Check that appropriate defaults are set to prevent data being inadvertently exposed to the Internet.
• Review the resources which are exposed to the public.
• Determine what additional platform security features are available which could be beneficial.
• Ensure you understand the security guarantees of the platform, versus what is your responsibility.

Note: Pākiki does not employ any cloud architects. We can’t advise on whether your application is well architected, is making the best use of platform features, or advise on the security, performance and cost tradeoffs between different approaches.

Methodology

The particular methodology will vary depending on the particular cloud platform in use, however broadly speaking the methodology is:

1. Information Gathering Understanding how you’re using the cloud, what type of data/applications you’re holding and what features of the cloud provider you’re using.
2. Configuration Review Log in to the environment and check the configuration in line with industry benchmarks and/or government recommendations (EG. NZISM).
3. Manual checks Review the permissions on the resources which fall outside of of the checks above.
4. Provide advice Take the output of the above checks, and use our understanding of your business to provide practical, tailored advice on how you can improve your security.

The particular objectives of the engagement will be discussed during a scoping call, along with any limitations, or resources which should be explicitly in or out of scope.

Get in touch

We’d love to hear more about your cloud environment or project, and to discuss how we can help.