The Doppler Quarterly Fall 2017 - Page 18

Security & Governance Practice Under the umbrella of Security and Governance Practice (SGP), CTP has assembled a talented team of security professionals who are fully dedicated to the following mission: • To be the #1 cloud security organization in the world • To provide world-class security & GRC services to our clients • To enable and guide our clients on a journey to secure public cloud operations Our SGP resources have a breadth of experience, talent and certifications in everything from IT Governance and Audit (CISA, CISM, CGEIT) to security (CISSP, CCSP, Ethical Hacking). This also includes every AWS certification to ensure we can cover applicable technical areas. SGP has two primary areas of focus: Advisory Services and Implementation Services. The primary objectives for each are listed below: Advisory Services • Educate clients on public cloud security • Remove any roadblocks for migration to public cloud • Obtain buy-in from security & GRC resources for application migration to cloud Implementation Services • Help accelerate adoption of public cloud services in a secure manner • Provide value by bringing expertise gained from numerous other clients • Provide assurance to clients that cloud security best practices are used To help us and our clients achieve the objectives above, we provide the follow- ing services: Security Assessment This is a 4 to 10 week engagement based on client size, complexity, and regula- tory requirements. When completed, this engagement provides a holistic view of our client’s cloud security model in AWS for both non-production and pro- duction environments and assesses any gaps in the client’s cloud security model implementation. This work is instrumental to our client’s ability to establish a secure cloud foundation for the future and can help address various legal and regulatory needs. Minimum Viable Cloud (MVC) This is a 6 to 12 week engagement that encompasses an iterative process of building a cloud platform that includes security, operations, automation, resource management, cost control, compliance, tooling, and account struc- tures. This process represents the shortest path to value with early and con- stant wins, the goal of which is to prove viability. We have honed and meticu- 16 | THE DOPPLER | FALL 2017