Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Protect your cloud investment with a Security Command Center

Learn how to rapidly set up your security posture when transforming your infrastructure to the cloud

Modernize and innovate with Google Cloud Security

Business Challenge

2022 industry survey, conducted by the Cloud Security Alliance (CSA)1, highlighted that the loss of data from cloud and web attacks is a top concern for organizations. IT and security professionals who express this sentiment have said that protecting customer data is their primary cloud and web security objective for 2023. As a result, organizations are looking for different security tools to help protect their cloud infrastructure in a cost-effective way.

Managing your cloud provider

As organizations are migrating to the cloud, they are looking to effectively manage their cloud providers. Organizations reported that third parties and partners represent a high level of risk because they are most commonly the target of attacks. The CSA found that more than 80% of organizations2 are moderately to highly concerned about suppliers and partners that deal with their organization’s sensitive data.

Furthermore, the survey highlighted that many organizations rated the maturity of their cloud governance at level three or under out of five. The low maturity level is concerning from a cloud security perspective.

These are the top challenges that organizations are facing with current solutions to defend against cloud and web threats:

  1. Managing legacy, on-premises security infrastructure
  2. Coaching users toward more secure behavior
  3. User productivity issues and complaints
  4. Lack of IT security staff
  5. Incident response

Organizations that are facing these challenges, must transform their infrastructure in a way that does not expose additional vulnerabilities.

Monitoring using Security Command Center

To improve the security posture of organizations using Google Cloud, Google Cloud’s Security Command Center can help enhance security capabilities with the many different tools the service provides.

Monitoring and Detection

Organizations can set up Google Cloud’s Security Command Center service and access monitoring and security tools. Organizations will be able to have fundamental monitoring, detecting, and analyzing tools and have access to more advanced tools as needed. With built-in threat detection, organizations can easily set up multiple detection services such as event or container threat detection and be prepared when a potential cloud attack is imminent.

The Google Cloud Security Command Center can also help ensure appropriate policies are in place to expose vulnerabilities. Moreover, organizations will be alerted when policies are misconfigured or unexpectedly changed and take appropriate actions to resolve these alerts.

Adherence to Compliance

The Google Cloud Security Command Center also has compliance monitoring that ensures your resources adhere to compliance requirements such as PCI-DSS 3.2.1, OWASP Top Ten, and NIST 800-53. Ensuring your cloud resources are meeting compliance will help you better protect against cloud threats. Additionally, auditing can be streamlined as the Google Cloud Security Command Center can help ensure that an organization’s environment is compliant.

SIEM Integration

Organizations can also quickly remediate security alerts through the Google Cloud Security Command Center’s real-time notifications and automated remediation. Organizations receive notifications within minutes through Gmail, SMS, and JIRA and set up immediate remediation efforts through Pub/Sub events and cloud functions. This feature of Security Command Center is ideal for organizations that have migrated to the cloud and have set up automation to combat cyberattacks. 

The Google Cloud Security Command Center facilitates threat detection and prevention through automation, which is great for new cloud adopters.

Improving your security posture outside of Security Command Center

To further enhance your cloud infrastructure security, additional steps can be taken to reduce the risk of a cyberattack or data breach. One important method to improve security is educating your employees on cybersecurity. Many online courses will inform, and in some instances, incentivize employees on how to avoid data breaches and teach good protection practices.

Rapidly shifting to the cloud can be difficult when the time to research and plan is shortened. To establish a successful cloud environment, it’s important to understand which cloud service provider you are using, what workflow needs to be configured, and how your security is established. If you are already established in the cloud, researching is useful in determining if a third-party service fits your needs while meeting your security criteria.

Organizations need to shift to proactively address potential threats. Organizations should consider implementing frameworks that support Risk and Compliance as Code under policy-as-code along with processes that support recurring penetration testing. These proactive methods will improve your security posture and cover any vulnerable areas that may have been missed.

Building a robust, secure infrastructure is a continuous process that must be followed to avoid security breaches.

Benefits of securing your data on the cloud

As your security posture improves, other areas of your organization may improve as well:

  • Customer loyalty, even endorsing it, resulting in a growing user base.
  • Cyberattacks can cause millions of dollars in damages and be hard to recover from. Through real-time notifications and automated remediation processes, organizations can mitigate monetary damages. Establishing cloud security can improve application availability. With back up plans and policies, your security workflow can shift from reactive to proactive.

Next steps organizations can take

As your organizations think about improving security posture here are next steps to take:

  • Setting Goals
    It is important to understand your organization’s goals when migrating to the cloud. Successful migrations embed security into the business goals. Taking this first step of aligning the business and security can demonstrate a long-term investment in cloud adoption.
  • Strategize
    As an organization continues to grow, it becomes imperative to have business processes include cybersecurity as part of their governance processes. This can help an organization to have a strategic approach towards security.
 

KPMG LLP is a Google Cloud partner and can guide you to effectively manage an organization’s security risks, improve any security bottlenecks, and enable a more secure workflow to your business applications. KPMG has been at the forefront of cloud security and with our extensive cybersecurity experience and experts, it can help assist you in helping your organization stay secure and respond to incidents rapidly to mitigate any damages from cyber-attacks. KPMG has demonstrated success in the cybersecurity space and has a proven track record for assisting clients in organizations of different sizes.

Footnotes

  1. Source: Cloud Security Alliance, “Cloud and Web Security Challenges in 2022” (August 16, 2022).
  2. Ibid.

Meet our team

Image of Abhijeet Kulkarni
Abhijeet Kulkarni
Managing Director, Advisory, Cyber Security Services, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline