Cloud Security

We offer a number of services to help you secure your public cloud infrastructure and software-as-a-service (SaaS) applications.

AWS, Azure, and Google Cloud

Security Standards Development

Many organizations go right to detecting configuration risks within their cloud environment without first defining security requirements. We can help you define security standards for each of the AWS or Azure services that your organization uses so that your cloud teams know exactly how to configure resources securely from the start.

 

Benefits of Service Security Standards

  • Secure configurations upon initial resource configurations
  • Consistent configurations throughout the cloud environment
  • Service coverage beyond CIS and your CSPM tool’s out-of-the-box policy set

 

SRA’s Approach

  • Work with you to identify the cloud services your teams are currently using
  • Draft security requirements for each of your cloud services
  • Review the draft requirements with your cloud teams and incorporate any feedback

 

AWS: Download PDF |  Azure: Download PDF

Cloud Security Program Assessment

A secure cloud environment requires much more than just secure configurations; it takes a program. Our methodology looks beyond point-in-time configurations and instead focuses on the people, processes, and technologies in place to secure your AWS or Azure cloud environment today and tomorrow.

 

Cloud Security Program Assessment Overview

Our approach to cloud security goes beyond cloud security posture management (CSPM) — we firmly believe that it takes a program to secure a cloud environment. While CSPM tools can provide great insight into configuration risks within your cloud environment, they often have limited-to-no visibility into third party security tools, team structure, and/or organization processes. We have developed an assessment methodology which reviews the people, processes, and technologies that support your cloud environment and identifies gaps based on industry-recognized frameworks and general best practices.

 

Focus Areas

Below are the areas which we focus on during the Cloud Security Program Assessments:

  • Governance
  • Architecture & Networking
  • Identity & Access Management
  • Vulnerability Management
  • Logging & Monitoring
  • Incident Response
  • Service Hardening
  • Pipeline
  • Data Protection
  • Resilience

 

AWS: Download PDF |  Azure: Download PDF

Cloud Configuration Assessment

Some AWS or Azure configuration risks are very easy to find — public resources, excessive permissions, encryption, etc. Others, such as role trusts to third-party AWS identities or virtual network peerings across environments, are much more challenging because contextual information is required. Our enumeration-based approach to configuration risk detection can help to identify risks which may have otherwise gone unnoticed.

 

Cloud Configuration Assessment Overview

Our configuration assessments provide a set of tactical recommendations to improve the security posture of your cloud environment based on point-in-time configurations. Our approach includes a combination of scanning your AWS or Azure accounts/subscriptions with several open-source tools, enumerating your cloud resources and configurations with custom scripts, and reviewing your cloud console. For all findings identified, we provide you with a list of affected resources making it easy for your teams to investigate and remediate risky configurations.

 

AWS Services

Below are example AWS services which are covered by our AWS Configuration Assessments:

  • IAM
  • EC2
  • RDS
  • VPC
  • S3
  • Lambda
  • ECS
  • EKS
  • KMS

Azure Services:

Below are example Azure services which are covered by our Azure Configuration Assessments:

  • Azure AD
  • Virtual Machines
  • Virtual Networks
  • Azure Functions
  • Storage Accounts
  • SQL Database
  • API Management
  • Azure App Services
  • Key Vault

 

AWS: Download PDF |  Azure: Download PDF

Don’t see one of your AWS services listed? Let us know, and we will likely be able to create custom enumeration scripts if we don’t have coverage already.

Azure

Don’t see one of your Azure services listed? Let us know, and we will likely be able to create custom enumeration scripts if we don’t have coverage already.

Qualifications

SRA is an official Microsoft Solutions Partner and Google Cloud Partner.

We have a team of over 50 Consultants that have earned AWS, Google Cloud, and Azure security certifications.

Get Started!

Let us know if you would like us to provide cloud security services for you by completing the contact form.