What We Do
- Provide cloud security assessments across a wide range of leading SaaS and IaaS platforms, identifying security vulnerabilities before a security breach occurs
- Assess protective controls and detection policies, incorporating industry-leading security benchmarks, and compliance standards, as well as SecureSky best practices proprietary checks
- Validate compensating controls and actual security risks
- Provide actionable recommendations to strengthen the environment and improve data protection
- Assist with remediation design, deployment, and testing
Configuration of many elements of cloud resources is the responsibility of the buyer, and misconfiguration of these resources is a leading cause of vulnerabilities which can lead to compromise. Security assessments define the critical security controls and detection policies needed to deter attacks, identify gaps in your current state, and provide prioritized corrective measures to properly secure the cloud environment. SecureSky provides expert-level assessments to establish a security baseline, and ongoing solutions to make sure that position does not inadvertently or maliciously deviate from its hardened state.
A considerable challenge in providing cloud security assessments is determining the basis for security hardening recommendations. As vendors rapidly modify their security, identity, and compliance functionality, defining the desired state of multiple applications and platforms requires constant attention. SecureSky, works closely with the Center for Internet Security (CIS), a recognized authority on creating and documenting recommended security configurations and best practices. SecureSky are co-editors and contributors to several CIS Foundations Benchmarks, and bases the findings of our cloud security assessments on these proven best practices and compliance standards. Security assessment recommendations are prioritized by:
- Security and compliance risk
- Compensating controls or technologies
- License levels
- User impact
- Deployment level of effort
Upon completion of a cloud security assessment, SecureSky offers remediation support and ongoing technology and services based on these same best practices, to guard against configuration drift, identify new capabilities from cloud providers, and help our clients maintain and continuously improve their hardened environments.
Identify Gaps in SaaS and IaaS Protective Security Controls
The rapid adoption of cloud services, greatly accelerated by the recent pandemic, has created substantial risk management concerns for many organizations. In addition to inadequate protections from risk, SecureSky finds a majority of entities do not have appropriate monitoring in place to detect and respond to threats arising in or from cloud services.
Cloud providers do not, or cannot, take full responsibility for many security controls or threat detection policies in client environments. Each has some form of “shared responsibility model” as illustrated above, indicating user responsibility for data integrity and confidentiality, endpoint security and account, access and identity management. Gartner has been widely quoted as saying 99% of cloud security failures will be the customer’s fault, mainly in the form of the misconfiguration of cloud resources.
Cloud providers want users to easily purchase and adopt their product. That’s the business they are in. Their flexible and rapid deployment models, intended to be “frictionless,” often come with inadequate default configurations for security, privacy, compliance, and threat detection.
Many cloud providers use a distribution model of selling licenses via channels, who have the same sales motivation. Managed Service Providers (MSPs) and Cloud Service Providers (CSPs) can also create a false sense of security with buyers by indicating they are performing security functions, when in reality they are providing limited configuration without a thorough understanding of the buyer’s risk or current attack vectors.
No matter how many vendors are involved, ultimately the security of cloud services, as well as the ability to detect and respond to threats, falls on the buyer.
SecureSky evaluates configurations and detection policies in cloud application, platform, and infrastructure services, aligning our cloud security assessments closely with your company’s use cases, risk profile, and objectives.
SecureSky’s security experts assess current configurations and settings and detection capabilities, comparing these findings against industry-leading security benchmarks, best practices, and compliance standards, many of which have been developed in whole or in part by the experts at SecureSky.
Finally, assessing an individual cloud platform in a vacuum can provide erroneous results. Many organizations have third-party intrusion controls, identity management, data protections, or monitoring solutions in place outside of a specific cloud platform. These functions must be accounted for to properly assess security risks, as well as to not create an inaccurate audit trail. SecureSky’s cloud security assessments take into account such compensating controls to provide a true report of risk items and recommended remediations.
In addition to considerations for previously implemented technologies, we also work closely with our clients to coordinate our analysis with the company’s policies, risk profile, and budget to create a realistic action plan to address risk.
SecureSky’s prevailing philosophy is to assist our clients in creating protections, to reduce the need to constantly react to threats. This approach is especially needed given today’s scarcity and cost of cybersecurity resources.
SecureSky’s cloud security assessments provide detailed recommendations for improving our clients protective controls and detection capabilities, clearly articulating the reasoning and compliance reference behind each recommendation, the priority of each recommendation, the estimated level of effort for each security enhancement, and the potential impact of the change on the organization’s users.
Our team of experienced consultants will thoroughly present and discuss our findings with all client stakeholders, to ensure a complete understanding of the finding, and recommended remediation actions. SecureSky can also assist SecOps groups with executive communications to create awareness and support throughout the organization.
Remediation and Security Initiative Support
SecureSky goes well beyond making remediation recommendations, providing expert resources to assist our clients with architecting, deploying, enabling, and testing security controls and detection policies within SaaS and IaaS cloud platforms. Upon completion of remediation actions, we also provide re-testing, to validate that work performed resulted in the intended outcome of an improved security posture.
Inside and outside of specific platforms, often a security assessment also uncovers capabilities that are licensed and underutilized, presenting either improved functionality, better integration, or cost savings. SecureSky experts can also assist you with the design, deployment, testing and enablement of security technology, with a specialization in the Microsoft 365 security suite.
Contact SecureSky for a Free Cloud Security Consultation
Going Beyond Point-In-Time Assessments
Continuous Cloud and SaaS Security Posture Management (CSPM/SSPM) and Managed eXtended Detection and Response (MDR/XDR)
SecureSky’s Active Protection Platform
SecureSky’s patented Cloud and SaaS Security Posture Management system, the Active Protection Platform, provides ongoing continuous cloud security assessment, with functionality providing:
- Multi-cloud monitoring, visualization, and risk prioritization of SaaS and IaaS environments
- Continuous security and compliance configuration and detection policy assessment and validation, based on industry-leading benchmarks such as Center for Internet Security (CIS) Foundations Benchmarks
- Available enforcement of hardened security configurations
- Collection of security threat data
- Streamlined and automated threat response actions
Managed eXtended Detection and Response (MDR/XDR) Services
SecureSky’s MDR/SDR services integrates our Active Protection Platform, with ongoing continuous cloud security assessment, to develop, deploy, validate, and enforce cloud security configurations/protective controls and detection policies, to reduce risk profiles and thus threats requiring investigation.
- Threat analysts, forensic investigators, and engineers with deep security, Cloud and SaaS Security Posture Management, and Microsoft Sentinel experience
Microsoft Sentinel Management
- Proactive threat hunting, driven by timely threat intelligence indicators
- Continuing custom development of data connectors and Microsoft Sentinel workbooks, queries, enhanced parsing, tuning and automation, workflow, and orchestration opportunities
- Advanced Microsoft security suite enablement
- Attack surface reduction
- Security control validation
Security Technical Sessions and Business Review
- Training and knowledge transfer, to ensure client team awareness and updates
- Ongoing cost analysis, technical, and business reviews
Frequently Asked Questions
What is included in a security assessment?
A cloud security assessment analyzes an organization’s cloud-based infrastructure and application environments to assure that the organization is protected from a wide variety of security risks and threats.
SecureSky assesses IaaS, PaaS and SaaS security and detection policy parameters, comparing the current state of the cloud environment to best security practices, as defined by Center for Internet Security (CIS) benchmarks, and other cloud security standards.
At the conclusion of an assessment, a report is provided describing the environment’s configurations which are compliant with best security practices, and those which are not. For areas where gaps from best practices are identified, SecureSky prioritizes recommended remediation based on compensating controls, license levels (availability of certain product functionality), deployment efforts required, and potential impact to users. Recommendations are presented and discussed with our clients and following the assessment we remain available for additional consultation and re-testing.
Who is the intended audience for a security assessment report?
There are multiple audiences for a security assessment report, including:
- IT or SecOps teams with limited cloud experience or expertise, desiring to use findings both as a basis to harden their environment and as a training tool.
- More mature IT or SecOps teams wanting an independent, third-party check of their configuration design and any drift from that design.
- Compliance personnel wishing to self-assess or prepare for regulatory audits.
- Compliance, legal, or customer service teams with contractual requirements requiring an assessment and related client reporting.
- Compliance, legal, sales, or marketing groups wanting to substantiate marketing claims.
- IT or SecOps executives, other business leaders, or Board members wanting to measure security accomplishments or receive an independent, third-party evaluation of their environment.
What is cloud security?
Cloud security is inclusion of cloud environments (IaaS, PaaS, and SaaS) into an organization’s Enterprise Security Program, including continuous risk management, the application and adaption of protective controls to ensure confidentiality, integrity and availability of resources, and threat detection and response performed in a resilient manner, to rapidly withstand and recover from malicious attacks. Dependent on the organization’s usage of cloud resources, the responsibility for risk management, protective controls, and threat response is shared between the cloud provider and customer.
What is the difference between CSPM and SSPM?
CSPM is an acronym for Cloud Security Posture Management, a technology to identify misconfiguration issues, compliance risks, and detection policy shortcomings in cloud infrastructure (IaaS) services, and often to provide additional functionality such as enforcing related hardened security policies. SSPM is an acronym for SaaS Security Posture Management. As the name communicates, this technology provides similar functionality for SaaS, or cloud-based applications.
Who needs cloud security?
As published by every major cloud provider, the “shared responsibility” model communicates to all customers of cloud services their accountability for multiple elements of cloud security. Based on their usage of cloud infrastructure, platform, or software services, customers are liable for appropriately configuring security controls and threat detection policies for their applications, data, and user identities and access.
What are the benefits of cloud security?
As with all cybersecurity measures, whether to protect cloud or on-premises environments, the benefits of cloud security are maintaining the confidentiality and integrity of input and derived data, the efficacy of processes, and the availability of resources. Properly securing a company’s digital assets provides efficiency (with related cost savings) for an organization’s internal users, and, if applicable, reliability (with related competitive advantages) for external users.
What are the challenges in cloud security?
There are numerous security challenges in the cloud, beginning with awareness of an organization’s presence in the cloud. Often coined “shadow IT”, it is very simple for users to spin up cloud or SaaS instances in a matter of minutes, without a thorough understanding of security protocols. The nature of cloud computing also dissolves traditional network boundaries, leading to user identification, access and entitlement management becoming the focal point of controls, as well as user behaviors often being a primary indicator of risk. Another challenge is the sheer volume of cloud usage. The recent COVID-19 pandemic accelerated the already rapidly growing adoption of cloud computing. Only counting SaaS applications, estimates range from an average company using between 80 to 140 different applications. This “SaaS sprawl” and related explosion of all cloud services makes multi-cloud monitoring and management almost impossible. Finally, as in all cybersecurity fields, the shortage of human resources with cloud security expertise, especially as attack volumes grow daily, is a major concern.
What are the types of cloud security?
There are many categories of products and services that can be used to secure cloud environments, many of which are cloud-based services themselves. These include tools for user identification, controlled access, entitlement management, email phishing or malware deterrence, data loss prevention, limiting access to risky applications, and IaaS and SaaS secure configuration management (cloud security posture management).
What is a cloud security model?
An effective cloud security model incorporates several integrated technologies and intelligence sources, with automation and adaptive response capabilities. At the core of this model is the “Zero Trust” principle. Traditional network based Zero Trust says that users, systems or services operating inside the network must be identified and authenticated with each system or service they are attempting to access. In today’s cloud computing world, where there are more users, systems or services outside an enterprise than inside it, attempting to access the cloud with more unmanaged than managed devices, this principle is modified to say that access to cloud features and data must be consistently verified before being trusted.
Why is SaaS security important?
A startling statistic for every CIO and CISO – estimates of the number of SaaS applications used by an average organization today range between 80 to 140 different applications. In addition to sheer volume, very often these applications, in categories such as ERP, HR, CRM, and R&D, contain an organization’s most confidential data. While the confidentiality, integrity, and availability of SaaS applications is critical to most businesses, this “SaaS sprawl” makes securing SaaS very challenging, especially given today’s shortage of cybersecurity resources. Securing SaaS applications should often be a primary goal of a proactive Enterprise Security Program, and yet we find there continues to be major gaps in understanding of user’s responsibilities and proper attention paid to setting and continuously validating SaaS security configurations.
How do you manage security in the cloud?
In cybersecurity overall, the no-win approach of constantly reacting to threats is no longer practical, especially in these days of scarce security resources. In addition to best practices, cloud security management includes integration, automation, and adaption, focusing efforts and spending on attack surface reduction, or preventing attacks by hardening security controls, lowering risk, threat volumes, and overall costs.
What are the top Microsoft 365 security issues?
Microsoft 365 is one of the most highly utilized SaaS products in the world. In addition to an email service, the productivity and collaboration suite includes cloud file storage (SharePoint) and an A/V interactive tool (Teams). Microsoft 365 also includes Azure Active Directory (AD), an identity and access services used by many companies. This combination of components makes Microsoft 365 a highly lucrative target for attackers.
Because Microsoft 365 offers such broad functionality, as well as is typically deployed as an enterprise-wide application, some of the primary security risks of Microsoft 365 are sensitive data leakage and credential theft, which often leads to business email compromise (BEC) and account takeover (ATO).
The good news is Microsoft 365 can be secured to address such risks, as well as be used as a tool to provide protection against broader security threats arising from cloud computing, including identity and access management, and storing sensitive data in the cloud.
Is securing Microsoft 365 difficult?
Properly configuring security controls and detection policies in Microsoft 365 involves navigating multiple portals, mastering differences between sometimes confusing and rapidly changing licensing options, and understanding dependencies and compensating controls between other Microsoft and third-party technologies. Those wanting to manage Microsoft 365 and Azure AD using PowerShell or APIs experience even greater complexity.
Properly securing Microsoft 365 requires a knowledge of its configuration parameters, a hardening basis (such as the Center for Internet Security Foundations Benchmark), the ability to navigate to the appropriate locations to set the proper configurations, and finally, a tool to validate on an ongoing basis that your secure settings have not been modified and enforce them if they inadvertently or maliciously tampered with.
SecureSky’s Security Configuration Assessment for Microsoft 365 and Active Protection Platform provides all of this functionality, enabling our clients to quickly assess their Microsoft 365 tenants, adjust configurations based on best practices, and continuously monitor and manage hardened environments.
Have More Questions?
©2022 SecureSky, Inc. All rights reserved. SafetyNET, SecureSky, AdaptiveDefender and the SecureSky logo are marks of SecureSky, Inc. SecureSky U.S. Patent Nos. 8,347,391; 8,856,324; 9,021,574; 9,350,707; 9,787,713; 9,888,018; 10,015,239. Additional patents pending. Azure and Office 365 are registered trademarks of Microsoft.