Cloud security engineering and risk management

Secure by design

CMD assists our customers meet their cloud transformation objectives by combining our DevSecOps consulting experience with our specialised knowledge of security, compliance and AWS. Our focus on strong security operational controls aligns with our customers requirements to meet compliance standards such as PCI, APRA, ISO and IRAP.

CMD’s security capability is divided into two main areas: DevSecOps Cloud Security Engineering and Cloud Security Risk Management.

Cloud security engineering

Our DevSecOps capability leverages the security services available within AWS and complementary third-party services to meet an organisation’s compliance requirements or target state architecture objectives. CMD helps our clients enhance their operational security posture by using Infrastructure As Code processes to embed security controls into our cloud environments from the core.

We use automated DevSecOps continuous integration build pipelines that incorporate hardening controls and various agents to manage logging, monitoring and vulnerability scanning. Our environment builds incorporate strong Identity Access management and least privileged access principles leveraging centralised identity federation technology.

Cloud security risk management

We work to determine the suitability of cloud adoption for specific workloads by assessing threats and risks posed against the cloud provider’s organisation, services and configuration controls.

This assessment considers the individual workload requirements, the solution controls and determines an inherent and residual risk rating which can be managed by the organisation.