The CyberOrchard Cloud Auditing Service combines the ground breaking innovation of CloudKnox; with our own expertise in security standards and compliance.

Giving full visibility into the layout and permissioning of your cloud estate and helping your teams see the gaps to a fully compliant and secured working cloud environment

The Privilege Dilemma

Unprecedented levels of automation and innovation have led to an exponential growth in human and non-human identities who have, in turn, amassed tens of thousands of privileges across a growing number of platforms, devices, services etc. In effect, modern infrastructure has created “super identities” with extraordinary power that can create or destroy an entire data center with a single command.

Enterprises have gone from managing less than 100 to over 20,000 privileges across the four major cloud platforms – Amazon Web Services, Microsoft Azure, Google Cloud Platform and VMware. Of the 20,000+ privileges, over 50% are considered high-risk – if these super identities falls into the wrong hands or is accidentally misapplied, the damage can be significant.

Their biggest pain point is visibility – they simply don’t have the level of visibility required to truly understand which identities are performing what actions on their critical resources across multiple, complex and vastly different cloud operating models. Moreover, the identity teams don’t have the time or expertise to keep up with the proliferation of privileges, roles, resources and services across multiple cloud platforms. It’s a perfect storm.

As more enterprises move to hybrid and multi-cloud environments, over-provisioning of privileges starts to spiral out of control, leaving security and operations teams to clean up the mess. Additionally, most identities use less than 1% of their privileges to perform day-to-day operations, leaving 99% of privileges unused and wide-open to misuse or exploitation. Most enterprises are generally aware of the problem and want to fix it, but they rarely know where to start or what to do.

Targetted Assessment Programmes:

“Not all cloud environments are made equal,

some are more equal than others “

Whether you are building new infrastructure within your cloud estate to take advantage of lower operating costs; or migrating services into Platform As A Service models to realise high-available, low-latency and fault-tolerance infrastructure; understanding your permissions structure and role-based access control is a key requirement.

Although some cloud providers offer more power to control the environment, there are still many elements which need to be defined and configured to enable this security. As with any platform, if you do not provision the right controls, security will be weak. Given that many cloud environments focus on the ultimate power and flexibility of usage and not ultimate security and compliance this leaves work to be done to ensure the environment is protected and safe for your users and any data provisioned within.

Through the combination of technology and service processes CyberOrchard can help guide you through these challenges and provide a constant real-time auditing service, showing users, roles, groups and all effective permissions within your cloud estate. Targetted assessments are performed to begin with, and then built into the service model to provide the appropriate level of coverage for your estate.

Cybersecurity (1)

Cloud Security Program Assessment

Improve your public, private, multi-vendor cloud, and hybrid prem-cloud environments at any cloud adoption stage. Our assessment helps you identify where you can manage data risk, automate processes, and identify configuration vulnerabilities through a framework based on NIST, ISO 27001, CIS, and CSA controls. Through use of scanning tools, we identify data exposure, data in transit, high-value data at rest in the cloud, and high-risk applications used by employees. Security leaders receive top recommendations for reducing risk, automating processes, and identifying sensitive data and privacy exposure.

Cloud Security Exposure Assessment

During this assessment we uncover areas of security exposure in IaaS and SaaS environments. CASB and CSPM tools are used to scan for security misconfigurations, vulnerabilities, data exposure, sensitive data, and high-value data-at-rest. Security leaders receive a prioritized remediation roadmap outlining results and top areas for risk reduction strategies, and further automation opportunities.

AWS Cloud Security Assessment

It is all too easy for users to spin up AWS services for corporate use, but difficult to track who is adhering to corporate policy regarding proper settings and use of data. We assess your AWS security posture, benchmarking against CSA, NIST, CIS, ISO 27001, and AWS-specific recommendations. Using automated tools, we scan your AWS environment, including native AWS data stores, AWS data lakes, and security settings, and identify misconfigurations and vulnerabilities. Security leaders receive a findings summary with prioritized remediation recommendations tailored to accommodate any business constraints.

Cloud Security Auditing Service Features:

Understanding Your Privilege Creep

Through CloudKnox’s patented technology, the CyberOrchard assessment service gives a window into your Privilege Creep, within your cloud estate. The assessment measures your complete cloud identity risk. Updated hourly, this single metric reflects the aggregate of all high-risk privileges granted to your never-been used identities. Through the illustration of this risk score, you can take immediate action to reduce it.

Don’t Let Inactive Identities Sneak up on You

As part of our assessment service, we examine your environment for identity related risk by looking for identities that have been inactive within the last 90 days. These inactive identities are often over-provisioned, representing a significant but avoidable risk to your cloud environment. We also provide actionable insights and recommended steps to remediate this risk.

Prune The Pesky Privileges That Keep Creeping Up

Every organisation wants active identities to be productive, but more often than not, active identities are granted many more privileges than actually needed to get the job done. Our service provides a granular view of each unique identity’s granted privileges vs. used privileges. Not just showing what rights are enabled, but all the activies performed by the actual user role. The delta not only represents a significant and avoidable risk, but also a great opportunity to rebuild your active identities’ privileges.

Man vs. Machine: Non-Humans Are Outnumbering Human Identities by 20:1

The risks associated with non-human identities such as service accounts and bots are inherently different then human identities and require even more rigorous oversight. Since non-human identities don’t have the capability to adapt their behaviours to changing scenarios, any change in behaviour such as performing a new action on a new resource may signal a potential threat. The service conducts detailed reviews of all nonhuman identities to determine the possibility of privileged credential misuse.

Always Know Who Is Handling Your Critical Cloud Resources

The service analyses and presents your risk posture through the resource lens of CloudKnox; to ascertain which entities accessed critical resources and what type of actions —especially high-risk actions— were performed. The service allows for modelling of multiple access paths to resources by mapping all human and non-human identities, roles, groups and services that have authority to perform actions on these resources.

Get Control Of Your Cloud !

Immediate Visibility into your cloud identity risk

Bridge the gap between security operations teams

Prioritise cloud

security projects, budgets and resources

Improve your
risk profile with

Quickly improve

your organisation’s overall cloud security posture

Identify the areas
of greatest risk and
opportunities for

Understand your
current cloud
identity risk profile

Meet numerous

IAM and PAM compliance requirements



Give us just 30 minutes of your time to discuss your current cloud challenge. This gets you a no cost, no obligation cloud identity risk assessment. See the power of our service and open up your cloud environment.

Featured Resources

Contact us to schedule a complimentary demo session