Customer case – Supporting a gas distribution company with its cloud migration program

We supported the client across two phases:

Phase 1: Design Review
We performed a security review of the client’s future-state AWS environment design. The goal was to strengthen the design early, minimizing the cost of future remediation.

Working closely with both the client and AWS, we ensured the design reflected expert knowledge of modern attack techniques and incorporated robust defense-in-depth principles. Threat modelling was used to identify assets, threats, and viable attack vectors. The review informed a subsequent risk-led technical assessment and helped ensure the environment was built to mitigate core risks.

Phase 2: Attack Path Mapping
Once the cloud environment was live, we conducted a risk-led technical assessment using our Attack Path Mapping (APM) methodology. This engagement revealed how an attacker with no access or with an arbitrary workstation within the on-premises environment, could pursue:

• Administrative access to the AWS cloud environment from the residual on-premises estate.
• Access to business-critical applications within the AWS cloud environment from the residual on-premises estate
• Disruption of operations either by impacting the availability or integrity of critical cloud services.

We provided several recommendations to mitigate these vulnerabilities and collaborated closely with the client throughout the migration, offering ongoing advice and guidance.