The use of cloud providers is becoming increasingly important, whether for specific services/environments or for outsourcing the entire IT infrastructure. The focus here is on large providers such as Amazon Web Services (AWS), Microsoft Azure and the Google Cloud.
Even if clouds promise a high standard of security, the security of the cloud used stands and falls with the correct handling. Technical, legal and organisational aspects must be taken into account.
Individualisation
We support you in these three areas, regardless of whether you are just looking at outsourcing to the cloud or you are already operating an established infrastructure in the cloud.
We are happy to review your entire cloud infrastructure or individual areas with regard to best practices, taking into account the threat landscape relevant to you. The following areas can be subject to the audit:
-
- Network security
- Identity and access management
- Data protection
- Classification of information and use of data leakage prevention
- Data backup and data resilience
- Use of encryption
- Logging & monitoring
- Secure process
- Change management
- Documentation and inventory
- Monitoring and evaluation of the logs
- Secure organisation
- Strategy and regulations for the use of clouds
- Roles and responsibilities
- Compliance and contract management
Added value
The following methodologies can be used for the review:
-
- Document analysis
- Interviews
- System check
With a document review, interviews and configuration checks, we identify the potential for improvement and present our recommendations for action in a final report or in a concluding presentation.
Four eyes see more! We are happy to support you with individual coaching, security reviews or workshops..