Private Cloud / Hosting Security

Tight baselines, strong segmentation, and tested backups & DR — measurable resilience on premises or hosted.

Request a Security Assessment

Business Outcomes

  • Segmented networks; constrained lateral movement.
  • Hardened hosts; privileged access under control (PAM/JIT).
  • Recoverability proven — immutable tiers and restore drills.
  • Evidence packs that stand up to audit.

Controls Framework

  • VLAN/VRF/NSX micro-segmentation; policy-as-code; managed PKI.
  • WAF/DDoS, strict egress, private interconnects to cloud.
  • CIS baselines, patch orchestration, kernel/service lockdown, EDR everywhere.
  • PAM with JIT/JEA, credential vaulting, session recording.
  • At-rest encryption, HSM/KMS integration, rotation, tamper-evident logs.
  • POPIA-aligned handling; least-access patterns.
  • Air-gapped/immutable tiers, quarterly restores, ransomware tabletops.
  • Automated reports: backup success, restore time, integrity checks.
  • Syslog/ETW → SIEM, UEBA, tuned alerts surfacing real threats.
  • Audit packs mapped to ISO 27001, NIST CSF, CIS, and local regs.

Evidence & Audit

Control AreaEvidence We ProduceCadence
SegmentationPolicy diffs, blocked lateral paths, change logsMonthly
HardeningBaseline adherence, patch SLA, EDR coverageMonthly
PAMJIT/JEA usage, privileged session recordsMonthly
Backups/DRRestore tests, RTO/RPO, immutability proofsQuarterly

Engagement Packages

Baseline Sprint (2–4 weeks)

  • Segmentation policy, OS baselines, backup immutability checks.
  • Evidence pack v1; DR skeleton.

Operate & Assure

  • Patch cadence, evidence packs, DR exercises, SIEM tuning.
  • SLAs for change windows, alert MTTR, false-positive thresholds.

Add-ons

  • PAM rollout, HSM integration, ransomware drills.