CyberCX Security Configuration Review (STA)

Cloud security

Cloud security denotes a collection of guidelines, technologies, and controls put into place to assist in shielding the combined elements that make up cloud computing. These include data, applications, and the infrastructure itself. While cloud services are being embraced by business, the rules about security are not always clear. Service providers often believe that the customer is responsible for implementing security prior to deploying the solution. Customers may believe that security is an included and integral part of the cloud solution they are purchasing; however, this may not be the case. When data and services are managed by a third party, cloud solutions present a unique security and governance challenge.

Amazon Web Services

CyberCX can perform a detailed review of the static configuration and ‘hardening’ characteristics of your AWS tenancies, instances, VPCs, and services. These assessments will be performed using automated and manual testing in consultation with our detailed assessment methodology, requiring only read-only access to evaluate the implemented configuration against industry best practice. CyberCX will review implemented products, benchmark their settings against industry best practice, and make detailed recommendations for improvement. Some of the key areas include Active Directory, Identity and Access Management, Infrastructure Protection, Data Protection, Detective Controls, and Incident Response. In addition, we have the skills to assess other cloud assets including all major network virtualised devices, operating systems, and applications.

Comprehensive Methodology

Analyse – Gain understanding of infrastructure purpose and use cases. Gap Analysis – Establish preliminary and final gap analysis based on industry security best practices. Authentication / Encryption – Review the platform’s authentication and encryption mechanisms in use and advise on any security implications. Configuration – Review the configurations of the platform’s specific security features, such Cognito, and Resource Access Manager for AWS. Architecture – assess practices in use with respect to security, performance, resilience, and efficiency to develop and maintain cloud solutions. Logging and Monitoring – Review the adequacy of the logging and monitoring configuration and report on any security implications this may have. Platform – Review and ensure the appropriate use of Platform as a Service (PaaS), Infrastructure as a Service (IaaS) services, and Infrastructure as Code (IaC) and features. Recommendations – Recommendations for improvements to the security infrastructure design through components and features benchmarked against industry best practices. Make recommendations on services and features that are absent in the implementation.