Security posture your auditors accept and your engineers can maintain.
Cloud security misconfigurations are the leading cause of data breaches — not sophisticated attacks. An S3 bucket left public, an IAM role with admin permissions handed to a developer environment, a security group that opened port 22 to 0.0.0.0/0 because it was the fastest way to debug something. These aren't edge cases; they're the default trajectory when cloud infrastructure is built under speed pressure without a security framework. We harden cloud environments against the real threat model — the misconfigurations and overprivileged access that account for the majority of cloud breaches — while building the compliance documentation required for SOC 2, ISO 27001, and HIPAA audits. Security that only exists in audit documents is theatre. We build controls that are actually enforced.
What's included
- Cloud security posture assessment (CSPM)
- IAM least-privilege audit & remediation
- Network security (VPC, security groups, NACLs)
- Secrets management & certificate automation
- Security monitoring & SIEM integration
- SOC 2 / ISO 27001 / HIPAA compliance controls
How we deliver
- 1Cloud security posture assessment report
- 2IAM permissions audit & remediation plan
- 3Network security hardening
- 4Secrets manager migration (no hardcoded credentials)
- 5Security monitoring & alerting setup
- 6Compliance controls documentation
Technologies we use
- AWS Security Hub
- AWS GuardDuty
- Azure Defender
- GCP Security Command Center
- HashiCorp Vault
- AWS Secrets Manager
- Terraform
- Falco
- Wiz
- Prowler
- CloudTrail
- Datadog
Why Origin for Cloud Security & Compliance
Real controls, not audit theatre
We implement security controls that are technically enforced — not policies that rely on engineers remembering to follow them. SCPs, IAM permission boundaries, and Terraform enforcement.
Threat model based on actual attack patterns
We prioritise mitigating the misconfiguration-based attacks that cause most cloud breaches — not the nation-state threats in security conference talks that your actual threat model doesn't include.
Compliance evidence built into the controls
Every control we implement generates the evidence your SOC 2 or ISO 27001 auditor needs. Security and compliance are co-designed — not documented after the fact.
Industries we serve
“Our SOC 2 Type II auditor flagged 23 control gaps. Origin remediated every one of them — IAM, logging, encryption, secrets — and built the compliance documentation alongside the controls. We passed the re-audit six weeks later with no exceptions.”
Frequently asked questions
- What's a cloud security posture assessment?
- A systematic review of your cloud configuration against security best practices — checking every resource, permission, and network configuration for misconfigurations that create risk. We use automated tools (Prowler for AWS, Wiz for multi-cloud) to scan the environment, then manually review the findings to identify which are genuine risks versus false positives. The output is a prioritised remediation plan: critical issues first (public S3 buckets, overprivileged IAM roles, open security groups), followed by medium and low severity findings.
- What are the most common cloud security mistakes you find?
- In order of frequency: overprivileged IAM roles and users (developers with admin access, service accounts with permissions they don't need), hardcoded credentials in application code or environment variables, security groups open to 0.0.0.0/0 on sensitive ports, S3 buckets with public access or no encryption, CloudTrail disabled or logging gaps, no MFA on root or privileged accounts, and secrets in plaintext in EC2 user data or Lambda environment variables. Most organisations have multiple of these. None of them require sophisticated attacks to exploit.
- We're going through a SOC 2 audit — how do you help?
- SOC 2 requires technical controls (access management, encryption, monitoring, incident response) and documented policies (access control policy, change management, vendor management). We implement the technical controls in your cloud environment — least-privilege IAM, CloudTrail logging, encryption at rest and in transit, automated backups, and vulnerability scanning — and produce the evidence documentation auditors require. We work alongside your compliance team or audit firm, not instead of them.
- How do you manage secrets — we have database credentials and API keys in environment variables.
- We migrate them to a secrets manager — AWS Secrets Manager, HashiCorp Vault, or GCP Secret Manager. The application retrieves secrets at runtime via API call rather than reading environment variables. Benefits: secrets are never in code or CI logs, access to each secret is auditable, secrets can be rotated without redeployment, and the blast radius of a compromised instance is limited (the instance credentials expire, not the underlying secret). We also scan your codebase and configuration files for hardcoded credentials using tools like TruffleHog before the migration.
- How do you monitor for security incidents in cloud environments?
- With a combination of threat detection and anomaly alerting. AWS GuardDuty, Azure Defender, and GCP Security Command Center provide ML-based threat detection for common attack patterns — unusual API calls, credential theft indicators, crypto mining signatures. CloudTrail / Azure Activity Logs provide the audit trail for every API call. We aggregate these into a SIEM (Datadog, Splunk, or a lighter-weight alternative) with alerting rules for high-severity events that require immediate response. Security monitoring without alerting is a log archive, not a security programme.