Under the public cloud shared responsibility model, your provider enables infrastructure and foundation compute, storage, networking, and database services, as well as other higher-level services. These providers enable a range of security services and features to secure your connections, access controls, databases, credentials, etc.
South Florida businesses must regularly review their security practices. Countless businesses in America are at risk of a data breach that could lead to the theft of confidential data, regulatory penalties, or exposure to lawsuits. Learn more about the risk of cyberattacks in the South Florida Legal Guide.
Elevate also has experience assessing your security configurations and container orchestration platforms and technologies (Mesos, Docker, Kubernetes, etc.).
Elevate’s goal during the Cloud Security Assessment is to ensure that our assessment identifies and helps you improve your overall security posture.
The following are some of the examples of items reviewed as part of the assessment:
- Security responsibilities are shared between your cloud provider and you, the customer of the cloud provider.
- How do you define and categorize your assets and which modules/tools are you using from your cloud provider?
- Review of architecture and data flow diagrams to understand how you are configured.
- Review of network segmentation and ACL and firewall setting.
- Review DDoS layered defense solution.
- How to manage user access to your data using privileged accounts and groups.
- Best practices for securing your data, operating systems, and network.
- How do you leverage monitoring and alerting to achieve your security objectives?
- Use of regions, availability zones, endpoints, etc.
- Verify you have a procedure for granting remote, Internet, or VPN access to employees.
- VPN connectivity (e.g. VPN to a customer in any VPCs owned, Direct Connect Private Connections, etc.).
- Assess the implementation and management of antimalware for cloud instances.
- Review of penetration testing results.
- Review documented process for configuration and patching.
- Review API calls for in-scope services for delete calls to ensure IT assets have been properly disposed of.
- Review of encryption methods used.
- Training of employees on cloud technologies chosen.
Our assessment process is simple, yet thorough to ensure we cover all of the areas and security threats that are possible to your environment based on what you are using and how you are configured.
We have standardized methodologies for the different cloud providers’ capabilities and we assess your current designs and configuration to the best practices. When we see an area with a possible deficiency we seek to understand the use of mitigating controls and/or other practices. At times, our clients provide us with re-only access to the environment in order to perform more throughout assessments, and other times the Black Box approach is used. We work with you based on your needs and specific requirements.