Technology is often blamed for cyber security incidents, but many security weaknesses manifest because new technology hasn’t been deployed and configured correctly, or in some cases, still set to an insecure default configuration.

These misconfigurations are now the among the primary causes of cyber security issues in the Cloud, and misconfigured storage services have been blamed for a significant number of breaches over the past two years.

Our build and configuration reviews assess operating systems, devices, services and cloud environments to ensure they are in line with security best practices. A good review will achieve the best balance between security and functionality for a business’s critical assets.

Mitigating the risk with build and configuration reviews

Build and configuration reviews should be part of a holistic approach to security. A configuration review will look at system environments, devices, and services to identify misconfigurations and weaknesses that potentially increase the vulnerability of the system.

Our services will highlight and demonstrate security opportunities that could be implemented to ‘harden’ your technical infrastructure and increase its resilience.

At its most basic level, this includes disabling unnecessary guest accounts to prevent their use by an intruder and verification that updates have been installed.

PGI has a team of experienced technical consultants who can carry out secure build and configuration reviews of your corporate IT infrastructure and cloud-based environments to reduce the risk of compromise.

How PGI can help secure your infrastructure

Organisations can appropriately manage risk by ensuring that settings are reviewed and benchmarked against industry best practice and your organisation’s risk appetite. In cases where an organisation chooses to accept the risk they can do so knowing that a specialist review has taken place to provide insight into the nature of the issue and its potential impacts.

  • Cloud configuration reviews Read more Read less

    Cloud computing is growing in popularity—especially after the radical workplace changes that were imposed in 2020 by the COVID-19 pandemic—and this has caused concern for many organisations around how to best secure these systems and their data from attack. With increasing amounts of data and content being stored in cloud-based systems, cloud security is becoming ever more important. Performing a security configuration review of a cloud-based environment will provide an important security benchmark for the organisation using that environment.

    Just because an organisation’s cloud systems ‘work’, in that they support business as usual (BAU) operations, does not mean that they are secure. A huge number of cloud storage solutions have been left exposed to the internet for intruders to explore in recent times.

    Microsoft Office 365 and Dynamics 365 configuration reviews
    These cloud-based subscription products are commonly used and provide wide range of business services. While these products are compliant with several security standards, including ISO/IEC:27001, there are many configuration options across each of the packaged services and applications which may expose risk if security best practices are not applied. 

    Amazon Web Services and Azure configuration reviews
    Amazon Web Services (AWS) and Microsoft Azure are cloud computing platforms that provide a wide range of Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) solutions. Due to the complex nature of cloud-based environments, security misconfigurations may have a significant impact on the confidentiality, integrity and availability of data that is managed within the environment.


    Find out more

  • Device build and configuration reviews Read more Read less

    Network device configuration reviews aim to identify misconfigurations in network devices by assessing their running configuration. This assessment reviews whether a network device is correctly configured and managed.

    Devices may include:

    Switches, routers and firewalls
    Many organisations rely on firewalls and network devices as key elements of their security controls, so it is important to ensure that they have been set up correctly. Our tests aim to identify security vulnerabilities, such as failure to achieve best practice or instances of incorrect firewall configuration. The scope of each review can be adjusted to suit individual circumstances.

    Desktops and laptops
    Assuring the hardware and software on these key business tools is an important aspect of mitigating cyber risk. Our consultants identify vulnerabilities and weaknesses in current configurations that could be used to gain unauthorised access to sensitive data, systems or networks.

    We review the configuration of a wide range of servers to ensure they have been deployed and set up in line with security best practice. As key components that provide applications and services to your organisation, operation reliability is vital to business operations and protecting company assets. We can help you determine the risks associated with patching to ensure that you continuously deploy updates while maintaining the highest possible service availability levels.

    Gold builds
    Organisations use templates to create specific deployments of desktops, laptops and servers, configured for the purpose at hand. Gold build templates assessed against industry best practice provide high deployment efficiency and security assurance, reducing the risk of user error at deployment time.

    Mobile devices
    Losing track of a mobile device (such as a smartphone or tablet) that isn’t correctly configured can result in your organisation’s data being accessed inappropriately, so it is vital that these devices are secure. This is of especially high risk due to the mobility of such devices; they may be moved on a constant basis with members of staff and exposed to the risk of loss and theft.


    Find out more

Ready to get started? Speak to one of our experts.

If you have any questions about our services or would like to learn more about our consultants here at PGI, please get in touch with us and speak with one of the team, call us on +44 20 4566 6600 or email us at

Get in touch

The benefits of conducting a build or configuration review

  • Minimise your risk

    A configuration review will provide you with detailed insight into your IT infrastructure, ensuring the features are configured in line with your risk appetite and profile and industry best practice.

  • Keep your data safe

    Due to the complex nature of cloud-based environments and the default settings of many electronic devices, security misconfigurations can have a significant impact on the confidentiality, integrity and availability of data that is managed within the environment.

  • Save on the cost of re-deployment

    By reviewing builds and software configurations before rolling them out across your organisation and you will save on the costs of needing to redeploy if something isn’t quite right.

Why choose PGI to review your builds and configurations?


All of our secure configuration reviews are conducted in line with recognised security hardening standards, such as those produced by the Center for Internet Security (CIS). And, where required, guidelines produced by the National Cyber Security Centre (NCSC), ISO 27001 and PCI Security Standards Council, along with the guidelines produced by application and device vendors.

Using these industry-recognised hardening standards ensures our consultants can deliver an accurate benchmark of your devices or applications, providing peace of mind.

Want to find out more?

Contact Us:

t: +44 20 4566 6600