Cloud Security Assessment and Hardening

Cloud Security Assessment

Is your Cloud infrastructure secured against attacks?

Service

More and more are moving all or parts of their infrastructure to cloud providers such as Microsoft 365, Google Workspace or Amazon Web Services, however, often security is forgotten.

In this service, we perform an assessment of your cloud environment and identify security shortcomings, and if requested we help remediate them. Examples could be, use of Multi-Factor-Authentication, logging and alerting, privileged rights management and more. Our findings are documented in an easy-to-understand report with screenshots.

Value

Identify security shortcomings in the cloud environment.

Ensure security controls and policies follow best practices.
Obtain confidence the current Cloud environment is securely configured or how to secure it.
Training on how to secure your cloud environment.

Deliverables

Workshop on securing your Cloud environment where we go over the report’s findings.

Written report with two primary sections:

Management section for management and decision makers with high-level risk picture and executive summary.
Technical section with detailed observations for each security insufficiency.

The depicted observations include easy to understand screenshots showing the current configuration, their risk to the business and suggested remediating actions. In case of hardening being included, then observations also contain screenshots showing the new configuration.

Methodology

Our analysis and security assessment is, among other recognized resources, based on best practice from Microsoft, Cloud Security Alliance’s (CSA) “Security Guidance for Critical Areas of Focus in Cloud Computing” and Centre for Internet Security’s (CIS) configuration guidelines based on your specific setup and configuration of the Cloud environment deployed.

The assessment usually evaluates the following or similar:

Configuration of the Management Console / Pane
Identity and Access Management (Azure AD, Resources Group and more)
Infrastructure and Network configuration (Databases, NSGs, VMs, etc.)
Protection of information and data in storage solutions
Logging, monitoring, and alerting
Utilization and configuration of security solutions
Integrations between on-premises and the cloud
Hybrid identities and solutions

Involvement

If this service is used as an assessment, the required involvement from your organization is minimal, however if hardening is included, it will require on-going involvement.

Caught your interest? Contact us now for a discussion and non-binding offer.

See our other services

Cyber Security Maturity Assessment

Active Directory Security Analysis

External Penetration Test

Password Security Strengthening

Cyber Security Advisor as a Service

Red Team

Workstation and Server Security Assessment

Web Application and Service Penetration Test

Assume Breach

PCI Penetration Test

Security Assessment of OT Environment

Cyber Security Presentation and Workshop