Cloud Architecture Security
A global strategy for cloud computing based business model is ubiquitous.The advent of cloud services mandate several security risks to be assessed such as data encryption policy,privacy ,regulatory requirements ,technical configurations etc.Esecurity Audit provides support for complete cloud architecture review to find the gaps and to make recommendation to remediate the issues for smooth continuing business.This process can prove to be effective in scoring the security of the organization, and can create critical, actionable insights to improve company defences.
As Esecurity Audit cloud experts are reviewing the security configuration AWS hosted infra application and service we would stick on to,
Thorough check:Look at all aspects of your security configuration, including those you might not use very often.
No Assumption:Unfamiliarity with some aspect of your security configuration (for example, the reasoning behind a particular policy or the existence of a role), investigates the business need until we are satisfied.




ESA
Key Benefits
  • Visibility to user interactions,policy and configurations
  • Committed and standardised deliverables
  • Flexible support
  • Dedicated cloud experts
Our Approach towards Cloud Architecture Security Implementation

PHASE I -Defining the audit

As a kick start to audit methodology,have the complete parsed asset inventory list.

PHASE II -Understanding the audit perimeter

Setting the perimeter for the audit on the collected information and focus on the selected scope.
This will be done in terms of:
1-Data management
2-Data Environment
3-Infrastructure
4-Log Management

PHASE III -Defining the threat and assessment of performance of current security controls

This step will define the potential threat, common threats as well as very account specific threats with respect to the company’s nature of business.
At this stage we look for potential gaps such as:
• Insufficient Identity, Credential and Access Management
• Insecure APIs
• System and network level vulnerabilities
• Malicious Insiders
• Advanced Persistent Threats
• Insufficient Due Diligence
• Shared Technology Vulnerabilities

PHASE IV -Risk scoring formulating solutions and reporting

Based on the list of threats and the potential impact of a threat occurrence versus the chances that it actually can occur thus assigning a risk score to each issue.The vulnerabilities tagged with proper risk score would be compiled to a detailed report with mitigation plans and filled in references.

Call or write to us at :
for proposal / roadmap / information