Our cloud security consulting is based on more than 20 years of implementing and protecting complex secure cloud (hosted) environments for US Army, Boeing, NASA, Intel, Blue Cross/Blue Shield, Fidelity Investments, and British Petroleum (BP), to name a few. Our cloud governance, risk, and compliance consulting services help design and calibrate your security operations to help you move to the cloud securely and without risking cloud data security.
Our cloud security consultants will work with your cloud security team to implement the proper infosec measures needed to enhance cloud governance and securely move your data and applications to the cloud. The Cloud Consulting Team at Fpweb.net is cloud platform and security tool agnostic. The team’s mission is to help organizations understand how people, processes, and technology intersect in order to assist moving suitable workloads to public, hybrid, and secure clouds.
When migrating to the cloud, organizations need to consider the wide range of data that could be affected – everything from routine correspondence to highly sensitive intellectual property. We offer a strategic cloud assessment that includes recommendations for data classification and selecting the best cloud solutions based on your data and privacy requirements.
Cloud security services and data protection are key to cloud success and yet most organizations are not aware of security infrastructure implications or best practices. Organizations moving sensitive data and core applications in the cloud must be confident with the security of these services, networks, and architectures.
2 Divided Responsibility Between the Provider and the Tenant
3 Dynamic Environment
The experienced cloud security architects at Fpweb.net design and build secure cloud environments keeping these three factors in mind throughout the process.
Logical Cloud Security Architecture Diagram. Courtesty of Cloud Security Alliance (CSA).
Does the cloud security provider have a rigorous physical access protocol?
Does the cloud security provider perform employee and contractor background checks?
Does the cloud security provider meet current SSAE 16 SOC2 Type 2 certification?
Does the cloud security provider perform regular vulnerability assessments to determine security gaps?
Does the cloud security provider have backup and replication in place to ensure data integrity and persistence?
Does the cloud security provider have a Business Continuity Plan in place?
Does the cloud security provider log network traffic, file and server access? This includes security logs for: security devices, network switches/routers, databases/servers, active directory, web/mail servers, VPN systems, VM systems
Does the cloud security provider provide adequate security for network access and authentication?
Does the cloud provider provide security measures for infrastructure, including sub-contractors?
Does the cloud security provider provide an active-active configuration between the primary and failover site?
For a more exhaustive checklist download the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).