Cloud Native Security Platform (CNSP) Design and Implementation for Top Five Media Firm

For almost 100 years, this client has been one of the leading entertainment companies in the United States. The company has grown into one of the largest and best-known media conglomerates in the world. Tasked with an aggressive deadline to move its extensive data centres to the cloud as part of the firm’s digital transformation mandates, they required enterprise-scale cloud security services to help with migration and secure configuration of a large deployment.

The Challenge

This client’s information security team creates company-wide baselines for information security. Information security teams for each segment within the business can then supplement those baselines with further requirements as needed for their infrastructure and business tasks.

The company had an internal mandate, over the course of a two- to three-year period, to shut down all of its data centres. The company planned to move anything that could not be held in one of its office buildings to the cloud. This required the increased adoption of cloud service providers throughout the company.

As part of this broad move to the cloud, the company knew it needed proactive visibility into cloud services, activities and security configurations.

Kroll's Solution

This client had already worked with Kroll for PCI compliance projects. Though those weren’t specifically limited to the cloud, there were places where PCI compliance and cloud infrastructure overlapped. Furthermore, those engagements allowed the client to see our approach. The organization learned that Kroll’s team was not only there to check compliance boxes, but also to learn about the business and ask the right kinds of questions. In previous discussions during the PCI engagements, the client noticed that the Kroll team highlighted security concerns that they were having already but had not discussed specifically yet.

The office in charge of the digital transformation initiative brought in Kroll to design the base implementation of a cloud native security platform (CNSP),  including three main goals:

• Documentation of compliance checks
• Documentation of best practices
• Recommendations, based on business practices, for what they needed to be looking for in their cloud activity as a precursor to an attack. Those best practices had to be matched with existing releases from the governance board, or presented to them with justification for why they should be added company-wide.

Kroll applied its consultative know-how to the engagement. In addition to configuring the tool and explaining how this was achieved, Kroll  invited broader discussions about refining alerts, training team members and building context around the implementation. Kroll also provided deliverables that evolved to fit insights into the company’s business needs.

Kroll worked with the client to understand the capabilities of the CNSP in the context of the client’s infrastructure and its security needs. This involved collaborating with the client’s CIS team to identify the gaps in what they were seeing versus what they needed to see to develop strong cloud security. Kroll also worked with the CIS team to prioritise compliance checks based on their expected use cases and their security and visibility goals. Kroll was available when the CIS board was discussing needs and recommendations with the governance board, to present research and findings to illuminate the discussions.

After working with the client team to recommend best practices, the Kroll team designed an implementation in the CNSP between both the company’s information security policies and existing best practices and governance board releases, so they could start implementing checks in the tool. This was the primary deliverable: a working implementation of the CNSP that reflects necessary compliance checks and best practices.

Kroll also presented a mapping between the client’s current information security policies and the best practices for its business needs, cloud implementation and goals. From that, the CIS team could make the case to the governing board for security checks that were not yet in their releases or recommendations, but should be incorporated into the information security baselines.

Kroll also went the extra mile to identify how the tool could be better. It documented the delta between what existed in the tool and what needed to exist in the tool to reach the company’s security and compliance goals and presented a checklist that it could present to the CNSP product team, so they could improve the tool.

The Impact

After working with Kroll, the client has seen multiple security and operations benefits:

Internal Adoption of the CNSP

In such a large enterprise, security buy-in can be difficult. Working with Kroll not only enabled the CIS to develop a baseline configuration for the CNSP, but helped get the initial teams onboarded, built credibility around the tool, and convinced internal teams that it would help reach security and compliance goals without inundating them with false positives or slowing progress towards business goals.

Better Cloud Services Compliance Management

With a sound base configuration for the CNSP, there is no longer a day-to-day decision for how to set up new instances or accounts. The CIS and individual security teams within the company can instead get up and running more quickly, and they have the ability to think ahead about how to expand from the most critical assets and checks.

Increased Automation of Cloud Configuration

The CNSP’s cloud security configuration and automation features can save time, especially at enterprise scale, but they require significant trust in both the tool and the configuration to allow CNSP to make sensitive security configurations in an automated fashion. With the trust Kroll helped build, teams within this client are embarking on the road to increased security automation in the cloud.

Improved Onboarding Documentation

During the course of the implementation, Kroll identified an encryption handling flaw in AWS that was coming up more often than it should. Kroll found that the client’s internal documentation did not contain all of the necessary information about how to configure encryption on user accounts, and provided feedback to help the client improve that documentation.

Learn more about Kroll Cloud Security and Penetration Testing services.