Request a Personalized Demo of Darwin Attack®
Ensuring Data Safety for Your Business
Organizations have widely moved to a cloud environment across most industries. Cloud services provide organizations the opportunity to bring scalable, flexible access, to internal users and external customers across locations and technologies that suit their workstyle and business needs. Cloud computing has become the standard, and most companies continue to work to identify more opportunity to take advantage of the benefits of the technologies. At the same time, many organizations have struggled to manage the security of their entire cloud environment.
Cloud computing and associated operations provide organizations with the ability to improve their control over the organization’s data. A good cloud infrastructure can increase basic information security, as well improve data resiliency and backups. Most cloud providers include reliability and uptime guarantees. Cloud enablement typically means the cloud provider is in control of the cloud computing environment. Most cloud providers have become very good at implementation and support of their standard implementations. This can improve the security of the supported computing devices. Some of this can evolve, depending on what deployment model is in place – public, private, or hybrid.
Evolve Security’s Cloud Security Assessment helps ensure that your cloud environment has been designed and implemented, and is being managed, to truly support your security needs, and enable efficient business goals.
Our Proven Cloud Security Assessment Solutions
Evolve Security’s cloud security assessment includes full analysis of the existing cloud environment, including details such as the following:
- The standards and configurations used to build supported servers, with special focus on weak or substandard configurations – this is essentially the blueprint on which your cloud environment is based. This also includes review of server hardening guidelines – as built. This also includes processes to build new servers to ensure they comply with the defined approved standard build.
- Identity and Access Management, including defined user classes, and permissions for each. It also includes access logging and audit for critical systems and data, as well as controls over your actual cloud account.
- Data protections, including appropriate encryption, backup and recovery functionality, and processes/controls to restore service in the event of an outage. This also includes data segregation and isolation both within your environment, and between your environment and other organizations.
- Security controls such as standards and defined controls for encryption, network firewalls, application gateway firewalls, denial of service filters, should be part of your cloud solution.
- Compliance and regulatory requirements, such as HIPAA, GDPR, and PCI/DSS require not only that the appropriate assets are protected, but that you know how they are protected, and are able to prove that you verified compliance.
Evolve Security’s cloud security assessment is designed to ensure you have enforced good data practices, and can prove it, regardless of the exact type of cloud environment of which you are taking advantage. Evolve Security includes specific services for the following public cloud infrastructures:
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
- Microsoft O365
Modernize Your Cloud Security Assessment Approach
Evolve Security’s approach to cloud security has several critical layers, which include a variety of vulnerability scanning, application testing, and system testing options. These technical services test the cloud implementation as currently fielded by the organization and their cloud provider. But your cloud implementation is not just comprised of the technology. Any good system is a combination of technology, along with people and processes to maximize the use of that technology. While invaluable, this can provide limited visibility into your cloud environment.
Our approach is to assess the standards, processes, and controls in place to actively manage your cloud environment. Most cloud providers include some level of security controls and management in their services, but data and application controls are usually ultimately your responsibility.
An Evolve Cloud Security Assessment can evaluate the maturity and completeness of the controls for which you are responsible, and help ensure that your controls, and the controls put in place by your provider, fit together in a complimentary way, maximizing your security, and increasing the efficiency of your controls and security management.
During testing Evolve’s security professionals enter key findings into the Darwin Attack® collaboration portal. This means you have access to findings while the test is in process, so do not need to wait days or weeks for a final report, and can start corrective action earlier.
Our Cloud Security Assessments Constantly Evolve
Cloud enablement is a dynamic approach, and services continue to evolve. Our team of security professionals constantly monitor developments in cloud standards, and update processes and standards as appropriate. We also hold regular project review sessions and update our internal standards to help ensure we are assessing to at least standards of good business practice, based on the practices of current clients. Every engagement includes review of our own benchmarks to help ensure that we are assessing to the most appropriate set of controls.