Cloud Risk Assessment
Cloud Infra Security
Focuses on configuration review and risk associated with your Cloud Infrastructure components.
CLOUD CONFIGURATION REVIEW
Cloud services configuration reviews on AWS and Azure.
STANDARDS BENCHMARKING
Benchmarking against organization configuration standards and/or industry frameworks such CIS Controls and AWS Well Architected Framework
Scope of Assessment
Some Services in Scope
Some Services in Scope
Sample Configuration Benchmarking
- Ensure that MFA is enabled on root account
- Ensure S3 buckets are private
- Ensure Network ACLs (NACLs) are configured properly
- Ensure EC2 security groups have proper inb ound and outbound access
- Ensure data is encrypted in transit and at rest
- Ensure proper IAM policies are attached to groups or roles
- Ensure encryption on EBS
- Log filters and alarms exist for critical items,.
- Review AWS Config outputs
Some Services in Scope
Some Services in Scope
Sample Configuration Benchmarking
- Ensure that MFA is enabled on privileged users
- Ensure there are no guest users
- Ensure that “Automatic provisioning of monitoring agent” is set to On
- Ensure ASC Default policy setting “Monitor System Updates” is not disabled
- Ensure that “Secure transfer required” is set to “Enabled”
- Ensure that no databases allow ANY IP
- Ensure that “OS Disk” is encrypted
- Ensure web app redirects all HTTP traffic to HTTPS in Azure App service
- Ensure that “Threat Detection Types” is set to “All”
- Ensure that logging for Azure KeyVault is enabled
- Ensure that audit profile captures all the activity
Value Proposition
- Report of Configuration Issues and Risks Observed
- Remediation Strategy
- Benchmarking Comparison Report
- Hardening Standards Report
- Risk Score