Cloud Security
Covers physical security of the infrastructure and the
access control mechanism of cloud assets
|
|
Cloud Application Assessments:
Uncover software vulnerabilities, demonstrate the impact of weaknesses, and provide recommendations for mitigation.
|
|
|
Cloud Infrastructure Assessments:
Remotely identify the networks, hosts, and services that comprise your cloud's external and internal environments. Vulnerabilities are identified and if desired, exploited during a penetration test.
|
|
|
Host/OS Configuration Reviews:
Remotely review the configuration of key applications, servers, databases, and network components to identify vulnerabilities that may go unnoticed during network testing.
|
|
Cloud Architecture Reviews:
A network architecture review will evaluate the function, placement, and gaps of existing security controls and compare their alignment with the organization's security goals and objectives.
|
|
VPN Security Reviews:
Compare your current configuration against recommended best practices and identifies any areas of concern. The assessment includes a remote configuration review as well as an architecture review.
|
|
|
Host-based Firewall Reviews:
Analyze both the configuration of the host-based firewalls (accounts, logging, patch management, etc.) as well as the implementation of network security controls (ACLs) via the firewall.
|
|
|
Methodology
>
<
I. Evaluation
Understand exactly what types of data or processing the customer is considering moving to a cloud service and classify that data according to risk.
II. Discovery
Determine where the organization's data resides so that appropriate controls can be put in place.
III. Analysis
Work with targeted cloud providers to analyze the extent to which the business goals can be achieved whilst ensuring the sensitive data remains protected.
IV. Mitigation
Consult on the planning, supply and installation of those elements required to fulfil the security requirement that enable the cloud service migration.
|
|
|
|
