Unlike a penetration test, cloud assessments are not an offensive activity, but instead evaluate the configuration of cloud environments (AWS, Azure, GCP) comparing them to industry standards/benchmarks and recommended best practices. By reviewing configurations against best practices, Secure Ideas is able to provide actionable recommendations to clients to strengthen cloud infrastructure, which offer a lot of power and flexibility in designing and deploying computing environments. The convenience of doing so tends to lead to the rapid proliferation of cloud service deployments and configurations, often at the expense of adhering to best practices or deploying the necessary controls to secure the environment. A periodic evaluation of cloud infrastructure accounts is recommended to keep security control best practices in order.
- Perform a review between the client environment and their respective cloud provider’s CIS Benchmark
- Evaluate for configuration weaknesses in accounts such as overly-permissive access policies and orphaned objects relevant to security configuration
- Identify missing security control best-practices such as preventative controls, and detective controls including logging and monitoring
- Provide recommendations for remediation and improvement of the overall security posture of the environment