Cloud Security

Our consultants are experts in cloud-focused initiatives, with a deep understanding of the unique security risks and challenges facing organisations today. We are cloud agnostic, but knowledgeable about the most popular vendors in New Zealand and Australia. Our experienced consultants can work at every level of the cloud stack from bare metal Infrastructure as a Service (IaaS) to fully hosted Software as a Service (SaaS); and can assist with re-hosting, re-platforming, re-purchasing or re-factoring systems to the cloud. Involving security early in the development lifecycle can minimise the risk and cost to your business, so make the most of our available advice and guidance.

Our team of consultants hold a variety of professional qualifications, including:

AWS Solutions Architect Associate
AWS Cloud Practitioner
Microsoft Azure Security Technologies (AZ-500)
Microsoft Azure Fundamentals (AZ-900)
Certificate of Cloud Security Knowledge (CCSK)
Certified Cloud Security Professional (CCSP)

Cloud Platform Security Review

Our expert cloud consultants can examine the underlying configuration of your cloud infrastructure. The review will assess your platform-wide controls and specific configuration against both the controls recommended by the vendor as well as those considered good practice by the security community. Our report will highlight any issues and suggest remediations to ensure a solid security posture for your system. We can help you with:

Amazon Web Services (AWS)
Microsoft Azure
Google Cloud Platform
Other Cloud Platforms: IBM, Oracle, Catalyst and more bespoke offerings.

Cloud Productivity Security

We can assist you with any cloud productivity suites you use. We will review the key security configuration components as well as all active components being used by your users. We focus on industry-recognised best practice guidance from the vendor and third party security companies, and present you with a fact-based set of findings to ensure your subscription has a strong security posture. We can review your:

Microsoft 365: this will include an in-depth examination of EntraID and may include Exchange, Teams, SharePoint/OneDrive and Defender
Google Workspace: this may include GMail, Calendar, Google Drive and Google Meet
Microsoft PowerPlatform: this includes an in-depth examination of EntraID as it relates to your environment, PowerBI, PowerApps and Power Virtual Assistant
Mobile Device Management (MDM) Policy: includes the defined Platform controls as well as a verification of their application

Cloud Identity and Access Management (IDAM) Review

Microsoft EntraID

Microsoft EntraID anchors the Identity Security of all Microsoft clouds, and through it’s ability to be used as a modern IDP, cloud applications throughout the enterprise. Our security review of EntraID includes in-depth examinations of Conditional Access Policies, MFA configuration, as well as the service prinicipals and third party applications which rely on it to authenticate and authorise their users. We can review your primary tenancy, or any B2C tenancies that may support your external users.

Okta/Sailpoint/Duo

Identity platforms form the core of a modern cloud-first IT strategy, enabling you to leverage user data to make informed access decisions. Our IDAM review will examine the configuration of your underlying platform as well as assessing your policies and configuration. Our experienced consultants will present you with a report identifying common issues, any gaps or bypasses in your implemented policies, and a review of your authentication flows.

Cloud Design/Security Consulting

Just as we provide GRC consulting services, we have skilled cloud consultants who can assist and guide you through your cloud adoption journey. Our expertise will help you identify and avoid common pitfalls, and having us on board early in your process will ensure security is considered at every step. We can help you with:

Landing zone design: technical and non-technical requirements, processes and deliverables a new initiative may need to consider
Cloud environment remediation: putting in place a program to address identified security gaps and establishing guardrails to avoid them occurring again
DevOps integration into cloud environments: defining the security and functional requirements and solutions for the use of Infrastructure as Code and other cloud-native technologies

Cloud Application Security Review

Application Security & Software as a Service (SaaS)

Bastion cloud consultants can review the security of any applications or SaaS services you consume - such as SAP, Salesforce, Xero, Slack - to ensure they have been configured securely. We take a ‘white box’ approach where your administrator will demonstrate the software to our consultants, who will then review your IAM integrations, MFA, user groups and permissions, any configured add-ons and plug-ins, backups, and any other security controls that may be important.

CI/CD Continuous Delivery Pipeline

Continuous integration and delivery (CI/CD) and DevOps technology stacks allow code to be deployed several times a day, providing your organisation with a huge productivity boost, however it also increases the potential security issues. In this review, Bastion consultants will examine the access controls implemented on your source code repositories, pipelines and actions that automatically trigger, secrets management, supply chain validation and interactions with other systems.

Infrastructure as Code (IaC)

Our experienced cloud consultants can review your IaC instances (Terraform or similar) with both manual and automated tooling to ensure you meet security best practices. We look to validate that your attack surface is limited, through reviewing your source code management, deployment engine, identities used, and segmentation.

Web Security (WAF) Services

Our cloud WAF policy review will examine the configuration of your web assets’ network controls, to ensure key issues are covered and to reduce the noise of false positives where possible. This review is vendor agnostic, and our practiced consultants can be complete it against all the major cloud WAF providers e.g., Cloudflare, AWS, Azure, ZScaler.

Kubernetes

The Bastion Kubernetes review examines the configuration of your container orchestration system and checks for common misconfiguration which may lead to compromise. Our consultants are knowledgeable about Kubernetes security best practice and will apply their expertise and the OWASP Kubernetes Top 10 to check the security of your Kubernetes API, access controls, and secrets configuration. The review will not, however, include a detailed container review of all containers in the Kubernetes environment.