Mobilise are leaders in architecting and designing secure systems for government and financial sectors and as such are expertly placed to assist in securing your cloud infrastructure. Comprising both Amazon and Microsoft Certified Solutions Architects, and security certified professionals, we can provide advice and support to ensure security is built into a cloud solution from the ground up.

Service Summary

Security Design - Our Certified Solutions Architects with SC clearance provide security oversight during design:

  • External Internet connectivity to mitigate DDoS attacks
  • Use of Web Application Firewalling to provide application layer security
  • Web access tied down to http/https in many layers
  • Segregation of network into VLANs with separate security firewalls (Security Groups) allowing only specific traffic between zones
  • Complete separation of Production and Non-Production access and networks
  • Retention of security logs in separate accounts.
  • External Internet connectivity to mitigate DDoS attacks

Security Support - Our security engineers provide ongoing support:

  • Managing security software toolsets,
  • Responding to and managing incidents,
  • Providing security guidance during software or infrastructure change

Account Strategy

An organisation can have many accounts with a cloud provider as required to perform different functions or for different projects. Mobilise will follow best practice to split out certain accounts (and access to those accounts):

  • Separation between production & non-production workloads,
  • Isolation of user visibility across accounts,
  • Compartmentalisation of security risk,
  • Separation of audit visibility from customer data

User Management

It is important to differentiate service users and users of the underlying servers that will be deployed.  Mobilise will ensure that accounts are setup with multi-factor authentication. Roles will also be established within Identity and Access policies to ensure users only have access to the relevant resources.

Policies will be established based on a ‘least privilege’ access model using resource names to restrict access. Cross-account access will ensure that environments are segregated and users don’t unknowingly access the wrong system.

VPC Security Measures

Mobilise will establish a series of Virtual Private Clouds to ensure segregation of workloads and additional security separation.  Within the VPCs, a series of VLANs will be created to separate different tiers of the multi-tier architecture.

Gateways will be used to establish communication links between the internet and the VPC environment.  These may include:

  • Internet Gateway - allowing end user access to the production platform,
  • NAT Gateway - allowing servers in private subnets access to the Internet, but preventing connections initiated from external sources,
  • Virtual Private Gateway - used to connect VPNs from the customer network into the cloud environment,
  • VPC Peering - used to connect VPCs together.

Network Access Control Lists (NACLs) will act as firewalls to control access in and out of subnets within the VPC. These will provide a secondary layer of security in addition to security groups.  Security groups will be the primary firewalls which control access in and out of virtual machines within the VPC.



Tufin is an Orchestration suite that provides centralised management for the cloud security features.  Mobilise can deploy and configure this tool to give your security specialists a more traditional, detailed overview of your cloud security.


Internet Security Measures

Each cloud provider has their very own measure of security against attacks and vulnerabilities from the Internet.  Our extensive knowledge of these providers enables us to best choose defences for your cloud environment (such as DDoS mitigation and Web Application Firewalls).

Data Encryption

Throughout the cloud environment, data should be encrypted whenever possible.  Protecting your data protects your business and a data breach is a serious issue.  Through a set of clearly-defined security policies, Mobilise will ensure that data is encrypted at REST (Volume storage, File storage with a key management service) and in transit (over SSL/TLS).

Log Management

Mobilise understands that to maintain a high level of security you must audit as much as possible.  Auditing allows a company to keep track of their user actions, troubleshoot network and application issues and ensure that data is not being accessed illegally.  Mobilise can offer a logging and audit service that is configured to intelligently look for problems and alert the necessary people.  Through continuous auditing, we can ensure that your company is compliant against industry benchmarks such as PCI and CIS.


Vulnerability Scanning

According to the Computer Emergency Response Team (CERT), 99% of network attacks leverage known vulnerabilities.  Mobilise uses a multitude of tools to ensure that your cloud infrastructure is secure and safe from attacks.

Mobilise use NCC Scout 2 to scan for vulnerabilities and generate detailed reports on potential issues and risks.  This tool ensures that the security points are secure, analysing Security Groups, Network ACLs and the IAM stack.

Nessus Vulnerability Scanner is the industry’s most widely deployed scanner.  In conjunction with Scout 2, it identifies the vulnerabilities, policy-violating configurations and malware that attackers could use to penetrate your network.  

Monitoring & Alerting

Cloud providers equip users with a variety of monitoring and alerting tools. Mobilise can configure these tools to monitor a variety of security incidents across the whole application stack. Notifications can be delivered to multiple subscription lists via email, SMS or https endpoints as and when an incident is discovered. This ensures that you stay up to date and in control of your infrastructure.

Mobilise configures inbuilt cloud provider tools to enable security and governance. A fully managed service provides a resource inventory, a configuration history and configuration change notifications. This ensures that all changes have an audit history and administrators are notified.

magnifying glass.svg

Security Information & Event Management (SIEM) 

Mobilise can provide support and tools to enable real-time analysis of security alerts generated by network hardware and applications. These tools are also able to provide a detailed analysis of large volumes of audit information and generate reports on log data.

  • Log management aggregates data from many sources to produce consolidated monitoring to help avoid missing crucial events.
  • Security events from different technical areas are correlated together to turn data into useful information,
  • Automated analysis of correlated events produces alerts to notify customers of potential problems,
  • Long term storage of historical data contributes to a successful set of forensic tools which will aid in network breach investigations.

"The consultants were able to quickly translate our current infrastructure into a fully costed, optimised design on AWS. In addition, they also designed a cost effective disaster recovery solution to fit our RPO and RTO targets."

Dave Minto, Head of Technical Support