Cloud Security

The cloud offers organisations a great opportunity to improve on operational efficiency, gain market share, deliver a better experience for their users and customers and realise cost savings. As a result, transformation projects are underway across companies of all sizes and industries.

The cloud services that digital transformation projects seek to leverage can be grouped into 3 main models:

SaaS – Software as a Service, this is for example an application that is run online rather than on your local network, popular SaaS choices are CRM applications such as SalesForce or Dynamics 365. The SaaS provider allows your users to access the application and they are responsible for the underlying infrastructure requirements to support the application.

PaaS – Platform as a Service, this is for example a datacenter provider who allows you access to, and maintains, servers and the servers’ operating systems (OS) on your behalf, you retain ownership and control of the applications and data that reside on the servers.

IaaS – Infrastructure as a Service, this is for example a datacenter provider who allows you access to servers, you retain ownership and control of everything that resides on the servers from the OS upwards.

Kaon Security have tailored their security offerings to meet the demands of customers who wish to ensure an adequate level of security is applied to their data, network and systems regardless of the cloud services model they are working with.

We can assist in cloud decision making in advance of migrating, this is especially useful for organisations who wish to ensure security best practice is in place as a foundation for a successful and safe migration. From mapping your existing environment through to reviewing current and future state architecture we are able to collaborate with you to provide practical security guidance and advice in this complex process.

Many organisations have already made a partial or full migration to the cloud. Some are aware that cloud applications are being used in their environment but they do not have full visibility of what exactly is being used and who is using it. Kaon Security are able to apply their substantial experience to provide you with an accurate understanding of your current risk levels and the practical steps you can take to assure yourself of the security of your (and your customers’) data.

Microsoft 365 Security Review

The Microsoft 365 online productivity suite has proven to be a very popular solution for organisations that recognise the business benefits of using cloud based technology.

When deploying Microsoft 365 organisations need to make some key security configuration decisions; making the right decisions can be challenging given the depth of options to choose from.

You will need to consider (for example) different access control options to manage identity and access control for using Microsoft 365 and Azure features, review data resiliency arrangements for protecting information and recovering it from potential corruption, and determine the best way to prevent data leakage using encryption and controlling forwarding options.

Furthermore a “set and forget” approach won’t work as the Microsoft 365 cloud environment is inherently very dynamic.

The Kaon Security Microsoft 365 Security Review service has assisted organisations improve their IT security posture by optimising their Microsoft 365 security configuration.

In delivering this service our experts investigate and assess more than 150 facets of the implementation and assess these against potential risks to ensure the appropriate options have been selected.

The detailed report provides an executive summary of the Microsoft 365 security review, a risk analysis commentary and security recommendations. Specifically written for business people, the executive summary will allow you to discuss how to improve your Microsoft 365 security posture.

A detailed “Key Observations” section is provided in the report for the CIO or IT Manager covering our security findings, a risk analysis commentary and our recommended next steps for remediation.

Azure Security Review

Microsoft’s successful Azure platform comprises of interoperable cloud computing services that incorporate open-source, standards-based technologies plus proprietary solutions from Microsoft and other technology companies.

The Azure infrastructure is a complex environment made up of interlinked virtual machines, storage accounts, application services and databases utilising complex virtual networks and load balancers. Additionally all of these objects are categorised as a Resource within Resource Groups.

When deploying the Azure solution organisations need to make some key security configuration decisions, and making the right decisions can be challenging given the range of configuration options to choose from. A “set and forget” approach won’t work as the Azure cloud environment is inherently very dynamic.

The Azure Security Review service assists organisations to improve their IT security posture by optimising their Azure configuration.

In delivering this service our experts investigate and assess key areas of the Azure infrastructure including the current configuration and available supporting customer information. We then conduct a risk analysis of the Azure implementation, make recommendations to improve the organisational security posture and provide remediation points.

Some of the areas we investigate and verify include:

• Resource Groups
• Storage Accounts
• Virtual Machines and Networks
• Application Services
• SQL and Cosmos databases
• Load Balancing

The detailed report provides an executive summary of the Azure security review, a risk analysis commentary and security recommendations.

A detailed “Key Observations” section is provided in the report for the CIO or IT Manager covering our security findings, a risk analysis commentary and our recommended next steps for remediation.