Have full confidence
CMD’s focus on strong security operational controls aligns with our customers requirements to meet compliance standards such as PCI, APRA, ISO and IRAP. Our security capability is divided into two main areas, DevSecOps security engineering and Cloud Security Risk Management.
DevSecOps Cloud Security Engineering
CMD assists our clients to enhance their operational security posture by using Infrastructure As Code processes to embed security controls into our cloud environments from the core. We use automated DevSecOps continuous integration build pipelines that incorporate hardening controls and various agents to manage logging, monitoring and vulnerability scanning.
Our environment builds incorporate strong Identity Access management and least privileged access principles leveraging centralised identity federation technology.
Cloud Security Risk Management
CMD determines the suitability of cloud service adoption for specific workloads by assessing threats and risks posed against the Cloud provider’s organisation, services and configuration controls.
The assessment considers the individual workload’s requirements, the solution controls and determines an inherent and residual risk rating which can be managed by the organisation.