Cloud Security Consulting

Cloud Service Provider Assessement (CSP)

We support you in choosing the right cloud service provider with the help of an assessment tailored to your needs. In addition to mapping a cloud model to your business case, the points of data sovereignty and compliance with specifications and best practices form the central aspects of the analysis. This is how we ensure that you and your company are the center of attention.

Application Readiness Assessment

Did this ever happen to you? The presentation of the software solution supplier promises you a perfect “match” for the cloud. What is fiction and what corresponds to reality. We support you with the help of “our” CIA triangle and check the degree of maturity of an application with regard to cloud readiness. We not only consider the architecture, but also the data life cycle of the data to be processed by the application. As a result, in addition to the answer to cloud readiness, we also provide you with a classification of which cloud model suits the application best and where there is still potential for optimization.

Organization and Processes, establish Information Security Management System (ISMS)

The development of the possibilities of a technical solution can be severely limited by the missing or unsuitable organizational structures and processes. This applies to cloud-based solutions and models, since the requirements for your company are changing fundamentally. This begins with the handling of data sovereignty and leads to the necessary know-how and compliance with regulatory requirements. We can accompany you on this path and bring in a holistic view of the various aspects to establish security policies and controls of your Information Security Management System. Due to many years of experience in regulated sectors like the finance industry we are familiar with related security requirements and standards like GDPR, DORA, CRA, FINMA cyber resilience, ISO 27001, ISAE/SOC 2 etc.

Cyber Security Projects

Projectmanagement / Migration Projects

Are you starting a new project with which you want to transfer workload to the public cloud? We are the right address to support you on this path. We help you to choose the service level (IaaS, PaaS or SaaS). At the same time, we validate the security specifications and their compliance, as well as the applicable regulatory requirements. We support you throughout the entire project lifecycle so that you can take care of your business requirements.

Cloud Secure SW Development Lifecycle (CSSDLC) Setup

We offer you the setup of a complete cloud secure software development lifecycle, in which we define a structure for versioning and the processes for managing and importing code (source and deployment code), building automated pipelines, integrate security validations into the cycle and never lose sight of the developer’s requirements. Simplicity is central in order not to put obstacles in the way of those involved, but to support them in their daily challenges without neglecting security.

Integration Service Mesh (Istio)

You want to run containerized applications in an orchestrator (e.g. Kubernetes) or already do so. However, you lack the overview and the security to make the right configuration for each service? A service mesh can offer you the right solution for both topics (observability and security). Based on a zero-trust approach, we support you in integrating a service mesh based on Istio ( https://istio.io/ ). In a further step, we will show you the relevant security elements and how you can configure them. To give an example, we can show you how you can use a service mesh to enforce authentication for an application before it can be called.

Managed Cyber Security Services

Cloud Security Posture Management as a Service (CSPM aaS)

What about the security of your cloud services? Compared to the classic IT infrastructure, this question is no longer easy to answer. The advantages of the cloud, such as instant creation of resources, the use of serverless solutions, the numerous fast-moving connections, etc. are a disadvantage from a security point of view. You no longer have a fixed inventory of resources such as VMs, perimeter protection, fixed connections, etc., due to the fact that the service landscape in the cloud can adapt to new circumstances very quickly. This is where our managed service offering comes into play. We integrate your cloud environments into the CSPM, define rules for the resource setup including alarms and provide you with dashboards so that you can keep the overview you need at all times.

Software Supply Chain Risk Management SaaS “Elementaris”

The regulatory requirements for a so-called secure software supply chain are constantly increasing. A central element is the Software Bill Of Material (SBOM), with which the source code, the dependencies and the creation data of the actual software package can be created and stored in an auditable manner. However, a lasting effect can only be achieved if the generated or submitted SBOMs are continuously evaluated. The ongoing evaluation of the dependencies is essential in order to maintain the desired security level and to react adequately to new vulnerabilities in these dependencies. With our SaaS “Elementaris”, we help you with such scenarios in order to be able to react quickly and efficiently to a changing environment and regulation.

Container Vulnerability Management as a Service (CVM aaS)

Another component of the Secure SW Supply Chain is the management of the vulnerabilities of the containers used on a container platform. In this context, one-time vulnerability scans are also important, but not sufficient. The status of the containers running on the container platform must be re-evaluated periodically in order to identify new weaknesses, even if nothing has changed in principle in the container solution used. We support you in recognizing and evaluating the findings. In addition, we can make suggestions or create new so-called base images, which can be used as the basis for the runtime environment.

Infrastructure as Code compliance as a Service (IaCC aaS)

The cloud and cloud providers today offer a variety of options for mapping the desired infrastructure in code. One of the great advantages is that you can view and change the configuration of the infrastructure in the code at any time. According to best practices, this code should be stored in version management, analogous to SW source code, so that changes can be versioned on the one hand, and on the other hand it is also possible to trace who changed what and when. Due to the fact that a solution is completely mapped in code, this can also be validated in the same way as SW source code. This is where our managed service comes in. We continuously check your IaC against best practices and guidelines so that you can already meet the high requirements for availability, integrity and confidentiality of your infrastructure in the code.