ZX Security

Cloud Security

Giving you a clear picture of your security posture in the cloud

Background

The ZX Cloud portfolio offers companies a way to provide ongoing security skills and knowledge to their existing cloud-focused initiatives. Working throughout the development cycle, ZX Cloud can rapidly bring to bear a security focus early, minimising impact of implementing key controls and the costs of having to do it “along the way”.

  • We are cloud agnostic, but knowledgeable about the most popular vendors in New Zealand.
  • We work at every level of the cloud stack, from bare metal Infrastructure as a Service to fully hosted Software as a Service.
  • ZX Security work with a large number of vendors and cloud-based companies, giving us “behind the scenes” information that can benefit other organisations.
  • Our customers face both the regulatory challenges of the private (GDPR, PCI-DSS, SOC2) and the public (NZISM, PSR) sectors; we understand the challenges that cloud brings to the table.
  • We provide guidance based on our experience with major NZ and international customers. The team has experience with a wide range of business sizes and industry sectors, from 2 up to 1,200,000 seat companies, across government, health, energy and technology sectors.
  • You aren’t just getting one person when you engage ZX Cloud, you are receiving access to the whole ZX Security consultancy team: We work alongside some of the best web and application penetration testers in the country to give you a clear picture of your security posture in cloud.

If you are rehosting, replatforming, repurchasing or refactoring systems to the cloud this may be an opportune time to engage with ZX Security.

Services

  • Cloud Security Maturity Assessments

    The Cloud Security Maturity Assessment is our chance to provide our customers with a high level understanding of what their current risks are as well as to get guidance on the next steps along their cloud security journey, from conception through to re-imagination or operations. Focused primarily on their business needs, we will identify key threats and vulnerabilities within their platforms.

    The assessment covers the lifecycle of the cloud environment, from design patterns, development and deployment security, through to deployment and ongoing operations. Customers can expect both an assessment of the present, as well as practical recommendations for the future to minimise their attack surface as they expand their use of cloud products and services.

  • Cloud Security Professional Services

    We provide ongoing engagements specifically tailored to customers on their cloud journey. ZX Security consultants are available to advise on cloud security throughout the project lifecycle.

    • Advising on pragmatic security configurations during the design phase
    • Reviewing deployments as the development progresses
    • Facilitating penetration testing of customer developed solutions at the optimal stages to get best value and security outcomes
    • Confirming the security posture of the environment or product prior to go live
    • Ensuring that ongoing security operations includes and maximises the potential of cloud security technology.

  • Cloud Security Reviews

    Across all cloud platforms, these security reviews are based on industry best practices along with ZX Security’s local experience, providing the required knowledge customers need to minimise their attack surface in cloud with pragmatic recommendations tailored to their customers’ appetite for simplicity. We deal with all sizes of cloud deployment: from single applications through to enterprise-wide cloud environments. Cloud Security Reviews cover all manner of cloud offering:

    • Infrastructure-as-a-Service: Examining the underlying configuration of your cloud infrastructure, be it Azure, AWS, GCP or any number of other vendors
    • Platform-as-a-Service: Give you a view on the configuration of their core business platforms, be they Microsoft 365, Google Workspaces or more specialised platforms such as SAP SuccessFactors or Salesforce.
    • Software-as-a-Service: Consuming a turnkey solution hosted in cloud? ZX can combine our web application penetration testing along with SaaS configuration reviews to give our customers assurance that their security expectations are met.

  • Continuous Cloud Security Posture Management

    Alongside our other Cloud Security offerings, ZX Security provides ongoing monitoring and alerting of our client’s security posture in cloud, ensuring that security operations teams are across changes happening throughout the business that may weaken the security posture of the environment throughout its lifecycle. Once the initial assessment has been completed, we work with our customers to put in place continual assurance processes to quickly raise the flag should the configuration of key controls change for the worse, giving security operations teams visibility to investigate and assess new risks.

Approach

We start with an initial face-to-face meeting which will:

  • Understand what your business does and where the key areas of risk are
  • Discuss the services that we deliver under the ZX Cloud offering
  • Understand the scope of the engagement, single project / application / entire cloud environment or somewhere in between
  • Select the best services for the stage of development for the solutions in scope:
    • Planning phase: Conduct a Cloud Security Maturity Assessment to understand where you are at and where you should aim to go.
    • Design phase: Cloud Security Consulting to understand the specific security challenges of the resources being deployed.
    • Implementation phase: Consulting and security assessment of the pre-production environments.
    • Operations: Cloud Security Review and Continuous Security Posture Management to ensure that have visibility on the ongoing risks of the environment.