As a cyber security company, we practice what we preach. We utilise our own risk based methodology for identifying and managing cyber security risks which may impact KLOUDWERK and it’s customers, partners, shareholders, and other stakeholders.
KLOUDWERK has embedded a security policy which ensures the protection of company information and assets against its threats. Our security policy uses a foundation of the NCSC’s 10 Steps to Cyber Security to ensure a risk based, holistic approach is continually used. We typically use the same approach for clients who use our silver and gold packages.
Our policy is founded on the following areas as defined by the 10 steps:
Risk management – for us, risk management means building a company which is naturally resilient by focusing on a balanced approach to people, process and technology, whilst also identifying and managing select risks.
Engagement and training – we continually train our employees using relevant and engaging security content, rather than bland annual assessments.
Asset management – we know what physical and digital assets we have so we can best protect them.
Identity and access management – people are core to our business. We ensure they have the necessary access to do their jobs but equally we ensure adequate cyber security is applied.
Architecture and configuration – this is a key process for us as it helps us model threats and build clean, secure systems which are naturally resilient to cyber risks.
Data security – data security is all about how we protect the data we hold throughout it’s life cycle including keeping it to a minimum, backing it up, appropriately managing access and data disposal.
Supply chain security – like all businesses we are increasingly relying on suppliers to support and enable our objectives. We keep track of our suppliers in a register and carry out security due diligence on those we share data with or who support us strategically.
Vulnerability management – vulnerability management is another key process for ensuring natural resilience is baked in. We automatically apply patches where possible and scan our environments to identify, prioritise and manage vulnerabilities
Logging and monitoring – a crucial part of a holistic cyber security posture, as it allows us to detect and respond to cyber events which were not prevented
Incident management – incidents are inevitable, we take proactive steps to help reduce the likelihood and impact of impacts.
We carry out penetration tests on an annual basis, or when major changes are made to our infrastructure or services. Feel free to contact us for an executive summary of our most recent report.
b. Email Security
i. Black Lists
ii. Reliable Mail Delivery
c. Website Security
i. DNS Servers
ii. Transport Security
iii. Potentially Exposed Domains
iv. Host Sharing
v. Third Party Software Threats
Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.
This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner
The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.
You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.
After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.