Fortify, Shield, Thrive: Safeguarding Your Digital Horizon
Elevate’s goal during the Cloud Security Assessment is to ensure that our assessment identifies and helps you improve your overall security posture.Addressing security in a public cloud environment is different than in your on-premises data centers. When you move systems and data to the cloud, security responsibilities become shared between you and your cloud service provider. Infrastructure-as-a-Service (IaaS) providers, such as AWS, Google, etc. are responsible for securing the underlying infrastructure that supports the cloud, and you are responsible for anything you put on the cloud or connect to the cloud.
Elevate’s goal during the Cloud Security Assessment is to ensure that our assessment identifies and helps you improve your overall security posture.
- Security responsibilities are shared between your cloud provider and you, the customer of the cloud provider.
- How do you define and categorize your assets and which modules/tools are you using from your cloud provider?
- Review of architecture and data flow diagrams to understand how you are configured.
- Review of network segmentation and ACL and firewall setting.
- Review DDoS layered defense solution.
- How to manage user access to your data using privileged accounts and groups.
- Best practices for securing your data, operating systems, and network.
- How do you leverage monitoring and alerting to achieve your security objectives?
- Use of regions, availability zones, endpoints, etc.
- Verify you have a procedure for granting remote, Internet, or VPN access to employees.
- VPN connectivity (e.g. VPN to a customer in any VPCs owned, Direct Connect Private Connections, etc.).
- Assess the implementation and management of antimalware for cloud instances.
- Review of penetration testing results.
- Review documented process for configuration and patching.
- Review API calls for in-scope services for delete calls to ensure IT assets have been properly disposed of.
- Review of encryption methods used.
- Training of employees on cloud technologies chosen.
Our assessment process is simple, yet thorough to ensure we cover all of the areas and security threats that are possible to your environment based on what you are using and how you are configured.
We have standardized methodologies for the different cloud providers’ capabilities and we assess your current designs and configuration to the best practices. When we see an area with a possible deficiency we seek to understand the use of mitigating controls and/or other practices. At times, our clients provide us with re-only access to the environment in order to perform more throughout assessments, and other times the Black Box approach is used. We work with you based on your needs and specific requirements.