IT Audit

About

Fortify, Shield, Thrive: Safeguarding Your Digital Horizon

Elevate’s goal during the Cloud Security Assessment is to ensure that our assessment identifies and helps you improve your overall security posture.Addressing security in a public cloud environment is different than in your on-premises data centers. When you move systems and data to the cloud, security responsibilities become shared between you and your cloud service provider. Infrastructure-as-a-Service (IaaS) providers, such as AWS, Google, etc. are responsible for securing the underlying infrastructure that supports the cloud, and you are responsible for anything you put on the cloud or connect to the cloud.

Our Process

Elevate’s goal during the Cloud Security Assessment is to ensure that our assessment identifies and helps you improve your overall security posture.

Assessment

  • Security responsibilities are shared between your cloud provider and you, the customer of the cloud provider.
  • How do you define and categorize your assets and which modules/tools are you using from your cloud provider?
  • Review of architecture and data flow diagrams to understand how you are configured.
  • Review of network segmentation and ACL and firewall setting.
  • Review DDoS layered defense solution.
  • How to manage user access to your data using privileged accounts and groups.
  • Best practices for securing your data, operating systems, and network.
  • How do you leverage monitoring and alerting to achieve your security objectives?
  • Use of regions, availability zones, endpoints, etc.
  • Verify you have a procedure for granting remote, Internet, or VPN access to employees.
  • VPN connectivity (e.g. VPN to a customer in any VPCs owned, Direct Connect Private Connections, etc.).
  • Assess the implementation and management of antimalware for cloud instances.
  • Review of penetration testing results.
  • Review documented process for configuration and patching.
  • Review API calls for in-scope services for delete calls to ensure IT assets have been properly disposed of.
  • Review of encryption methods used.
  • Training of employees on cloud technologies chosen.

Our assessment process is simple, yet thorough to ensure we cover all of the areas and security threats that are possible to your environment based on what you are using and how you are configured.

We have standardized methodologies for the different cloud providers’ capabilities and we assess your current designs and configuration to the best practices. When we see an area with a possible deficiency we seek to understand the use of mitigating controls and/or other practices. At times, our clients provide us with re-only access to the environment in order to perform more throughout assessments, and other times the Black Box approach is used. We work with you based on your needs and specific requirements. 

Industry Best Practices

We are well-versed in industry best practices and compliance standards. Elevate will help align your cloud security with established frameworks, reducing the risk of non-compliance.

Objective Perspective

Our security assessment brings an unbiased and fresh perspective. We can identify security gaps that internal teams might overlook due to familiarity or assumptions.

Expertise and Specialization

Our expertise covers a wide range of threats and vulnerabilities, ensuring a comprehensive evaluation of your cloud environment.