Cloud Security Project Accelerators
Custom Workshops from Securosis and the Cloud Security Alliance for Secure, Agile, and Effective Cloud Security
Cloud Security: Faster, Better, Cheaper
Securosis Project Accelerators (SPA) are packaged consulting offerings to bring our applied research and battle-tested field experiences to your cloud deployments. These in-depth programs combine assessment, tailored workshops, and ongoing support to ensure you can secure your cloud projects better and faster. They are designed to cut months or years off your projects while integrating leading-edge cloud security practices into your existing operations.
Built on Industry-Leading Research and Hands-On Experience
Based on a combination of the pragmatic, hands-on research and experience of Securosis, combined with the industry leadership of the Cloud Security Alliance, these field tested techniques and frameworks, already in use by organizations from F500 enterprises to early startups, improve security and save costs without sacrificing agility that makes cloud so compelling for organizations of all sizes. We take the lessons of the leading edge and make them accessible to everyone.
Research products and strategic advisory services for end users
Securosis will be introducing a line of research products and inquiry-based subscription services designed to assist end user organizations in accelerating project and program success. Additional advisory projects are also available, including product selection assistance, technology and architecture strategy, education, security management evaluations, and risk assessment.
Structured Programs Customized to Your Needs
A Structured Program for Rapid Results
Each Securosis Project Accelerator includes four components:
You’ll kick off the project accelerator with a structured call to help us understand your situation and objectives, get a feel for your environment, and figure out the best way to accelerate your project.
Custom 1-Day On-Site Workshop
An analyst will work with you on-site for a day to build foundational knowledge, evaluate your project, define architectures and controls, provide specific recommendations, and basically do whatever is necessary to make sure your project is set up for success.
Post-Workshop Findings and Toolkits
After the workshop is completed, the analyst will compile the findings into a document, including findings, recommendations, an action plan and additional background research to ensure you spend time doing things, not figuring out what to do.
Two Follow Up
To ensure you don’t lose project momentum after the workshop, we schedule accountability calls (typically at 2 and 6 weeks post-workshop) to make sure the project is on track and identify and discuss issues.
Different Workshops for Different Needs
Some organizations just need the knowledge to kick start their cloud project, but with customized content, not generic training. Other teams need a specific assessment of a new or existing application with detailed architectural and security controls guidance. Each program is based on proven methodologies and real-world experience, then customized to meet your specific needs.
Workshops are provider-specific and available for Amazon Web Services and Microsoft Azure, with further platforms in development.
■Security Fundamentals for Cloud Providers
This SPA is designed for organizations still building their foundation for cloud security. In our pre-workshop assessment we evaluate your existing security program and experience with cloud computing. During the workshop we bring you the latest best practices for your provider’s security, customized to your organization and existing security tools and processes, and aligned with the latest work of the Cloud Security Alliance. We make specific recommendations to build your cloud security program, and follow up with ongoing support calls.
■Cloud Project Assessment for Cloud Providers
This SPA provides practical recommendations to rapidly secure a new or existing project. In our pre-workshop assessment we evaluate your existing cloud security, the project requirements, and begin collecting documentation. We use this to perform additional custom research before arriving on-site for a focused day where we dive deep into the project using a structured methodology honed through years of hands-on cloud security and lessons learned through in-depth industry research. We provide detailed architectural and security controls recommendations.
■Cloud Security Program Assessment
Once you understand the fundamentals, use this SPA to build an ongoing, sustainable, and effective cloud security program. In the pre-workshop assessment we collect detailed information on your existing security program, tools, and technologies. During the workshop we build a cloud security program based on our extensive research and experience, but completely customized to mesh with your existing organization. This goes beyond generic policies into evaluating leveraging existing security tools, identifying gaps, integrating new, cloud-specific security technologies, and tying it all together through sustainable processes and security automation.