Cloud Subscription

What Is It?

Cloud subscriptions are mechanisms to access on demand computing resources, be that virtual machines or ad-hoc specific services such as application platforms. The management of these resources can vary from being down to the subscribing organisation, such as when a virtual machine is provisioned, to being completely managed by the cloud provider, such as an application hosting service. Cloud subscriptions can span multiple regions and most organisations typically use one of the larger providers such as Microsoft Azure, Amazon Web Service (AWS), Google Cloud Platform (GCP) or Oracle Cloud.

Why Assess It?

There are many reasons to conduct a cloud security assessment, five of which are below.

Secure Your Investment

Cloud subscriptions are very affordable but the pricing generally is defined by usage. If a threat actor obtains a foothold in the environment they may be able to not only affect the functionality of your environment, as well as execute a data breach, but with modern attacks threat actors also use your organisations account to fund expensive crypto mining or other resource heavy tasks.

Protect Your Data

Your organisations data will transit between your on premise services and the cloud. It is important to ensure this transportation is secure and also that once it is inside the cloud environment it is kept securely being free from unauthorised access, tampering or improper deletion.

Avoid Fines

As an organisation you are required to process data, especially personally identifiable information, in line with relevant guidance, as in the event of a security incident the UK’s Information Commissioners Office (ICO) can issue fines up to £17.5m or 4% of global annual turnover, whichever is higher. It is important to ensure that your usage of cloud environments factors in data sovereignty as well as protects individuals’ data sufficiently.

Align Security Standards

Your organisation will have policies, procedures and existing knowledge for conventional computing infrastructure but this does not always cross over effectively to cloud environments. Obtaining insight into the nuances of how security defences change inside cloud environments secures your policies and procedures going forwards.

Build Resilience

Cloud environments are a positive addition to any organisation, allowing geographic resiliency, service resiliency and adding scalability. With a security assessment you can be assured that you are making the best use of these benefits in a security context such as dual homing your Active Directory domain to guard against ransomware attacks for example.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your cloud security assessment and we do this by:

Usage Mapping

Cloud subscriptions offer countless services. We focus on the ones your organisation uses and those which we believe will add value to your security posture.

Depth and Breadth

We deep dive every service your organisation uses, without exception. This includes knowing the attacks threat actors utilise against your services and environment as a whole to give you defence in depth.

Focused Recommendations

Every security vulnerability we find is given alongside a clear recommendation which guides your teams through remediation. There are no high level abstract suggestions. We will show you where to get to the setting and what we think it should be.

Compartmentalise Risk

Organisations often view their cloud usages as a single source of risk but we disagree. Cloud environments are multi-faceted and with a security assessment we will show you how to compartmentalise your risk so that even if you have an attack your organisation can carry on operations.

Cloud Native Working

The methodologies for a security assessment for on premise infrastructure cannot just be applied to your cloud subscription. We do not attempt to run tests that we know do not offer value. Instead we provide the same level of assurance but working with a cloud first mindset.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top