In the ever-evolving landscape of cloud security, staying ahead of threats requires more than reactive defence - it demands strategic foresight, continuous optimisation, and a strong alignment with evolving compliance standards.

That’s exactly the approach Herotel took when they partnered with Deimos to assess and harden their Google Cloud Platform (GCP) environment.

As South Africa’s largest fixed-wireless internet service provider, Herotel connects more than 150 towns across urban and rural communities. With a mission to deliver affordable broadband and a reputation for accessibility and innovation, their infrastructure must be not only high-performing, but also secure, compliant, and resilient to modern threats.

The Strategic Imperative: Security as an Enabler, Not an Obstacle

Herotel wasn’t facing a security crisis. In fact, they had already made significant strides in leveraging the scalability and flexibility of GCP. But as a digitally mature organisation, Herotel understood that security isn't a once-off milestone - it’s an ongoing discipline. Their leadership recognised the importance of:

• Validating current security practices against best-in-class standards.
• Identifying potential vulnerabilities before they became threats.
• Staying aligned with industry regulations to protect customer data and trust.
• Optimising identity and access controls for scalability and operational integrity.

This proactive mindset is increasingly being adopted by ISPs, telcos, and cloud-native businesses who view cloud security as a competitive differentiator, not just a checkbox.

To achieve this, Herotel partnered with Deimos to conduct a comprehensive security review, assess cloud maturity, and implement enhancements across their GCP estate.

The Challenge: Preemptive Action in a Dynamic Threat Landscape

In recent years, the threat landscape has shifted dramatically. Attackers are exploiting misconfigured service accounts, overly permissive IAM roles, exposed storage buckets, and under-monitored APIs. Meanwhile, compliance frameworks such as POPIA, GDPR, and ISO 27001 are enforcing stricter data handling and audit requirements.

For Herotel, the question wasn't “Are we secure?” but “How can we be more secure tomorrow than we are today?”

The challenge was threefold:

1. Strengthening identity and access management (IAM) to ensure least-privilege access across internal teams and services.
2. Refining firewall and network rules to reduce attack surfaces while maintaining operational continuity.
3. Validating service account usage and workload security, particularly for sensitive systems like databases and customer-facing applications.

The Approach: A Structured GCP Security Audit

Deimos’ approach to cloud security is grounded in structured assessment, practical remediation, and alignment with cloud-native best practices. This project began with a detailed cloud security audit - a methodical review of Herotel’s existing GCP configuration across identity, networking, storage, and observability layers.

Key audit components included:

• IAM role review and privilege analysis: Mapping existing roles and users, identifying overly permissive policies, and realigning access based on actual usage.
• Service account scoping: Analysing the exposure and use of service accounts, with a focus on reducing persistent credentials and enforcing tighter scopes.
• Firewall and VPC inspection: Assessing ingress/egress rules, subnet configurations, and peering strategies to minimise unnecessary exposure.
• DNS and domain protections: Implementing DNSSEC and strengthening Cloud DNS settings to protect against spoofing and tampering.
• Logging and monitoring posture: Verifying the presence, retention, and scope of logs across services to enable forensic investigation and alerting.

This assessment provided a clear baseline, revealing both areas of strength and opportunities for improvement - particularly around IAM complexity, logging consistency, and network visibility.

The Solution: Security Hardening Aligned with GCP Best Practices

Following the assessment, Deimos collaborated with Herotel’s internal teams to design and implement a set of tactical and strategic improvements. These enhancements aligned with GCP’s native security features and were rolled out with minimal operational disruption.

Key Areas of Improvement:

1. IAM Optimisation
   
   • Enforced least privilege by refining custom roles and removing redundant permissions.
   • Implemented principle of separation of duties, ensuring sensitive actions required multiple approvals or workflows.
   • Applied conditional access controls based on attributes such as user location and device security posture.
2. Service Account Management
   
   • Transitioned long-lived service account keys to short-lived Workload Identity Federation where possible.
   • Applied restrictive scopes and explicit trust boundaries between workloads and GCP services.
   • Enabled logging of service account activity for better auditing.
3. Firewall and Network Rules
   
   • Hardened firewall configurations with tighter source IP ranges and port restrictions.
   • Isolated environments using network segmentation and VPC Service Controls, reducing lateral movement potential.
   • Enabled Private Google Access to limit exposure of internal services.
4. Cloud SQL and Data Security
   
   • Applied IAM database authentication for consistent identity enforcement.
   • Enabled automated backups and point-in-time recovery (PITR) for business continuity.
5. Logging and Observability
   
   • Centralised logs across key GCP services into Cloud Logging with longer retention windows.
   • Set up alerting policies in Cloud Monitoring for critical anomalies and potential incidents.
   • Implemented audit log sinks for long-term compliance and incident response.

The Results: Measurable Gains in Security Maturity

By the end of the engagement, Herotel had meaningfully improved its GCP security posture - both from a technical hardening perspective and a compliance readiness standpoint.

Outcomes included:

• Tighter IAM controls across all user and service identities.
• Centralised and consistent logging, improving visibility and compliance alignment.
• Encrypted database connections and limited access, reducing data breach risk.
• More restrictive firewall configurations, decreasing external attack surfaces.
• Resolution of multiple high- and medium-risk findings, based on security audit benchmarks.

These improvements enhanced both operational resilience and customer trust, reinforcing Herotel’s leadership in secure and scalable internet delivery.

As Imel Rautenbach, IT Executive at Herotel, noted:

“Partnering with Deimos has been transformative for our cloud security. Their audit and enhancements helped us validate our existing strengths, close gaps before they could become risks, and reinforce our infrastructure for the future.”

Why Proactive Security Matters

This success story reflects a broader industry trend. As organisations become more cloud-native, they are shifting from reactive security postures to continuous improvement models. This shift is driven by several factors:

• Complex multi-cloud environments and hybrid architectures demand tighter controls and observability.
• Regulatory pressure continues to grow, with compliance frameworks demanding greater auditability and proof of controls.
• Customer expectations are evolving - security and privacy are no longer optional; they’re part of the value proposition.

For organisations running on GCP or other cloud providers such as AWS, Azure, or Huawei Cloud, engaging in a proactive Cloud Security Assessment is no longer just best practice - it’s a business imperative.

What Can Other ISPs and Tech Firms Learn?

This project highlights a repeatable framework for cloud-native security maturity:

1. Start with visibility: You can’t secure what you can’t see. Audit logging, monitoring, and identity maps are foundational.
2. Follow least privilege everywhere: From users to service accounts, over-permissioning is the silent killer of cloud security.
3. Prioritise automation and policy enforcement: Manual configurations won’t scale. Use infrastructure as code, policy-as-code, and CI/CD pipelines.
4. Keep the business in the loop: Security is not just a technical challenge - it’s a cross-functional one.

Ready to Strengthen Your Cloud Security Posture?

Whether you're scaling your infrastructure, adapting to new regulations, or preparing for a compliance audit, Deimos can help you assess and harden your environment with actionable insights and deep technical expertise.

Click here to connect with us and request a tailored security assessment.