Configuration audit and cloud security assessment

Checking that your infrastructure uses modern security best practices

We support Amazon Web Services, Google Cloud, Microsoft Azure, and other cloud infrastructures.

Let’s take an AWS audit as a popular example. During the audit, we analyze AWS accounts, network configurations, data encryption, security incident response, and more. We use top-ranked sources such as CIS AWS Foundations, security policies based on HIPAA, the FedRAMP, etc.

AWS Audit Plan

  1. Identifying assets in AWS.
  2. AWS account analysis.
  3. Governance audit. Understand what AWS services and resources are in use and ensure that the Customer’s security or risk management program has taken into account the use of the public cloud environment.
  4. Network configuration management audit. Verifying missing or inappropriately configured security controls related to external access and network security, which could result in a security exposure.
  5. Asset configuration and management audit. The management of the Customer’s operating systems and security applications is verified to protect the security, stability, and integrity of the assets.
  6. Logical access control audit. Focuses on identifying how users and permissions are set up for the services in AWS, ensuring that the Customer securely manages the credentials associated with all AWS accounts.
  7. Data encryption audit. Understand where the data resides, and validate the methods that are used for protecting the data at rest and in transit (also referred to as “data in flight”).
  8. Security logging and monitoring audit. Validating if audit logging is performed on the guest OS and critical applications installed on Amazon EC2 instances and that the implementation is in alignment with your policies and procedures. Special attention is paid to the log storage, security, and analysis.
  9. Disaster recovery audit. Disaster recovery controls are checked for operational effectiveness.
  10. Security incident response audit. Incident management controls are checked for operational effectiveness.

Check out our additional services and business cases. Send the form below to request a cloud configuration audit. Get a free consultation.

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases