Cloud and System Security
Your platforms can be safe again
Making Digital Safe Again
Platforms like AWS and Azure operate under the "shared responsibility" model. That means the provider is responsible for security "of" the cloud, and the customer is responsible for security "in" the cloud. Many companies do not realize this and leave their servers, websites, storage, etc open to the public. Unless thoroughly trained, configuration of resources can be difficult, lead to security holes, and excessive costs for resources you may not need.
The DTRI Cloud and System Security program works off of four basic principles: Assess, Report, Remediate, Repeat.
When you partner with DRTI for Cloud and System Security, you are bring your vision of high availability, and ultra secure infrastructure full circle.
Identifying Assets
We will create an asset inventory of your environment which can include instances, data stores, applications, the data itself, and much more. The inventory will then be used for creating audit scopes. In addition, we will perform a scan of existing AMI’s based upon CIS standards.
Identify Governance needed
Governance provides assurance that your visions and intent are reflected in the security posture of your environment. Understand which services have been purchased, versus what your build required to identify if you are needlessly wasting money on resources you do not need.
Network Configuration and Management
Network configuration and architecture is looked over for missing or inappropriately designed security controls related to external access and private network security that could result in a breach.
Asset Configuration and Management
Validate that OS and applications are designed, configured, patched and hardened in accordance with your policies, procedures, and standards. Change Management Controls are looked over as well.
Logical Access Control
Identify how users and permissions are set up for the services in your environment, ensure you are securely managing the credentials associated with all accounts, and what types of actions your users can perform on resources (read, write, etc.)
Data Encryption
Audit if encryption of your data at rest and in transit is appropriately configured per your policies.
Security Logging and Monitoring
If customers can’t find it, it doesn’t exist. Clearly list and describe the services you offer. Also, be sure to showcase a premium service.
We build an assessment report to include:
- Identity and Access Management
- CloudTrail Report
- Logging
- Monitoring Status
- Networking
- AMI Security
Based upon Assessment Findings:
- Remediation list is presented
- Items are chosen from the list to remediate
- Items are then categorized by level of effort and cost
Ongoing Assessments
- Create and Schedule assessments for your environment
- Assessments can be as often as daily if desired
- Feedback gets provided when issues are found