CMD is a security focused consulting company and as such has a security capability that is divided into two main areas, DevSecOps security engineering and Cloud Security Risk Management. Please discover more about these specialised services below.
CMD assists our clients to enhance their operational security posture by using Infrastructure As Code processes to embed security controls into our cloud environments from the core. We use automated DevSecOps continuous integration build pipelines that incorporate hardening controls and various agents to manage logging, monitoring and vulnerability scanning.
Our environment builds incorporate strong Identity Access management and least priveleged access principles leveraging centralised identity federation technology. Our focus on strong security operational controls aligns with our client’s requirements to meet compliance standards such as (PCI, APRA, ISO, IRAP).
CMD determines the suitability of cloud service adoption for specific workloads by assessing threats and risks posed against the Cloud provider’s organisation, services and configuration controls.
The assessment considers the individual workload’s requirements, the solution controls and determines an inherent and residual risk rating which can be managed by the organisation.