Public Cloud Security Analysis (AWS, Azure, GCP)
Improsec provides a vendor neutral analysis and assessment of the current level of security for the Public Cloud solution. The analysis provides an overview of the basic security controls implemented as well as a current snapshot of the general level of security to the Management and IT organization.
To analyze and enhance the level of security of the Public Cloud solution, Improsec provides:
An analysis and assessment outlining the current state of the security in the company’s Public Cloud solution
Specific recommendations on how to enhance the level of security and how hardening can be implemented
A written report including the above - as well as suggestions for improvements
Improsec delivers a report containing a non-technical section including an executive summary and a technical section including detailed observations and related concrete recommendations based on an overall risk
Suggestions for improvement are described to optimize the security posture of the Public Cloud solution. The suggestions are based on our knowledge of generic and current attack vectors, like Credential Theft, Privilege Escalation, Side Channel, and Man in the Cloud (MitC) such as recognized “Good Practice” for hardening the Public Cloud solution.
The security analysis is, among other recognized resources, based on recommendations from Cloud Security Alliance (CSA), with a strong focus on selected domains.
The analysis is based on the specific setup and configuration of the Public Cloud solution implemented by the company, including:
- Configuration of the Management Console/Pane
- Infrastructure and Network Conguration
- Identity and Access Controls
- Monitoring and Logging Configuration
In addition to the data extraction and technical review, interviews might be held with one or more key employees.
Duration and resources
The analysis requires involvement of selected employees in the company’s IT organization.
The analysis will typically take two to four weeks to conduct. Our findings will be presented to the Management and IT security organization.