Bergsonscrolled

Cloud security & operations

Cloud that holds up in audit and at 3am.

We review and improve AWS, Azure and Kubernetes environments so identity, data, networks, logging, backup and resilience are understood, documented and defensible — by the people who run them.

When this matters

Cloud reviews usually start with a customer security questionnaire, an audit finding, an incident, or a leadership question about whether the architecture is genuinely under control.

Scope

What we cover.

01

AWS & Azure architecture review

  • Account, subscription and landing-zone review
  • Network and segmentation posture
  • Service configuration baselines
  • Multi-region and resilience review
02

Kubernetes & EKS governance

  • Cluster, namespace and RBAC review
  • Workload identity and admission control
  • Image, supply-chain and runtime posture
  • Logging, audit and observability
03

Identity & secrets

  • IAM, federation and SSO posture
  • Privileged access and break-glass
  • Secrets management and rotation
  • Service identity and workload trust
04

Logging, monitoring & SIEM

  • Audit log coverage and retention
  • SIEM design and high-signal alerting
  • Detection use-cases for cloud and identity
  • Operational runbooks
05

Backup, BCDR & resilience

  • Backup coverage and restore testing
  • RTO and RPO validation
  • Cross-region failover evidence
  • Tabletop and resilience exercises
06

WAF & vulnerability management

  • WAF rule and tuning review
  • Vulnerability and patch SLAs
  • Container and host hardening
  • External attack-surface review

What good looks like

Cloud architecture, identity, logging and resilience that map cleanly to ISO 27001, PCI DSS, DORA and customer assurance — and that the platform team owns.

  • 01Cloud risk explained in plain English
  • 02Remediation engineering can deliver this quarter
  • 03Evidence ready for ISO 27001, PCI DSS and DORA
  • 04Runbooks the on-call team has actually rehearsed

Common triggers

Why teams typically bring us in.

  • IAM sprawl with stale privileged access
  • Configuration drift between environments
  • Logging gaps that block incident investigation
  • Backups never restored end-to-end
  • Network paths into production are not documented
  • Secrets and keys without clear ownership

Related services

Adjacent work teams often pair this with.

Have a deadline pressing on you?
Tell us the gap.

Most engagements start with a short call to understand the deadline, the team and the constraints.

Book a consultation

Bergson Limited is registered in Ireland. We are not auditors, QSAs, or legal advisers. We help technology teams produce the evidence those stakeholders need.