Questions? Feedback? powered by Olark live chat software
Cloud Security Consulting

Cloud Security Consulting

Leverage the best cloud security engineers & technologies

Get Started

Why Fpweb?

Our cloud security consulting is based on more than 20 years of implementing and protecting complex secure cloud (hosted) environments for US Army, Boeing, NASA, Intel, Blue Cross/Blue Shield, Fidelity Investments, and British Petroleum (BP), to name a few. Our cloud governance, risk, and compliance consulting services help design and calibrate your security operations to help you move to the cloud securely and without risking cloud data security.

Our cloud security consultants will work with your cloud security team to implement the proper infosec measures needed to enhance cloud governance and securely move your data and applications to the cloud. The Cloud Consulting Team at is cloud platform and security tool agnostic. The team’s mission is to help organizations understand how people, processes, and technology intersect in order to assist moving suitable workloads to public, hybrid, and secure clouds.

When migrating to the cloud, organizations need to consider the wide range of data that could be affected – everything from routine correspondence to highly sensitive intellectual property. We offer a strategic cloud assessment that includes recommendations for data classification and selecting the best cloud solutions based on your data and privacy requirements.

Cloud security services and data protection are key to cloud success and yet most organizations are not aware of security infrastructure implications or best practices. Organizations moving sensitive data and core applications in the cloud must be confident with the security of these services, networks, and architectures.

Blue Cross/Blue Shield
Fidelity Investments
US Army
British Petroleum

Extend Your Team

  • Design
  • Planning
  • Management
  • Maintenance
  • Support
Extend your team with cloud security engineers

Cloud Security Best Practices

  • Annual reevaluation of deployed cloud security technologies to determine what will best protect your business and its high value data
  • Underperforming cloud security technologies are replaced and removed from the security tool stack
Cloud Security Best Practices

Identify and work thru cloud security issues

  • Authentication
  • APIs
  • System vulnerabilities
  • Web services
  • DoS attacks
  • Multi-tenant risk
Identify and work through cloud security issues
Top Three Cloud Security Challenges

Top Three Cloud Security Challenges

1 Multi-Tenancy

  • Resources are shared between tenants according to Service Level Agreements (SLAs)
  • Each provider is responsible for a proper isolation of its tenants’ computing, networking and storage resources

2 Divided Responsibility Between the Provider and the Tenant

  • Depends on the SLA
  • Needs to be agreed between the actors before the service is taken in use

3 Dynamic Environment

  • The cloud environment is constantly evolving, and resources may dynamically scale up and down or even change their locations
  • Security policies have to capture and govern these dynamic changes

The experienced cloud security architects at design and build secure cloud environments keeping these three factors in mind throughout the process.

Logical Cloud Security Architecture Diagram

Logical Cloud Security Architecture Diagram. Courtesty of Cloud Security Alliance (CSA).

Cloud Security Checklist

Cloud Security Checklist


Does the cloud security provider have a rigorous physical access protocol?


Does the cloud security provider perform employee and contractor background checks?


Does the cloud security provider meet current SSAE 16 SOC2 Type 2 certification?


Does the cloud security provider perform regular vulnerability assessments to determine security gaps?


Does the cloud security provider have backup and replication in place to ensure data integrity and persistence?


Does the cloud security provider have a Business Continuity Plan in place?


Does the cloud security provider log network traffic, file and server access? This includes security logs for: security devices, network switches/routers, databases/servers, active directory, web/mail servers, VPN systems, VM systems


Does the cloud security provider provide adequate security for network access and authentication?


Does the cloud provider provide security measures for infrastructure, including sub-contractors?


Does the cloud security provider provide an active-active configuration between the primary and failover site?

For a more exhaustive checklist download the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).

© Copyright 2017 LC. All Rights Reserved