Cloud Security Audit

3 Reasons for a Cloud Security Audit

17. September 2021

Outsourcing applications and data to the cloud brings significant benefits for companies, but at the same time also new challenges for the corresponding IT departments. The technologies and processes of a cloud environment differ from those of local data centers.

Whereas the responsibility of the company’s own IT departments used to be to take care of all levels (hardware, virtual machines, operating systems and applications) of an on-premise solution, the move to the cloud means that only very abstracted services are purchased. The service provider and the company share responsibility for the secure operation of these services. The secure configuration of the individual services remains largely the responsibility of the company – and with it, the responsibility for regular monitoring and checking.

The growing complexity of cloud environments is presenting many IT departments and their staff with increasing challenges. Experience and knowledge to set up and maintain sufficient security measures are lacking. Appropriate security best practices must first be established in most companies. Misconfigurations creep in, which become critical security gaps and gateways for potential attackers.

Misconfigurations can be found, for example, in:

  • Identity and access management (e.g. AWS IAM, Azure AD, GCP IAM)
  • Storage services (e.g. AWS S3, Azure Storage Accounts, GCP Cloud Storage)
  • Database services (e.g. AWS RDS, Azure SQL, GCP Cloud SQL)
  • Logging, monitoring and alerting services (e.g. AWS CloudWatch, Azure Security Center, GCP Cloud Audit Logs)

The trust companies place in their cloud service providers requires regular and independent validation by a third party. Only with this validation is it possible and important at the same time for companies to obtain meaningful transparency of the IT security level of their cloud environment. A cloud security audit provides the valuable results and insights required for this purpose:

Manually and automatically, we audit against a framework of a variety of control objectives based on the CIS benchmarks for AWS, Azure, and GCP, cloud service provider best practices, and our years of experience. Through configuration reviews, document review and interviews, we audit not only the actual configuration of the cloud services, but also the security architecture and the people and processes involved.

Would you like to have the configuration of your cloud environment audited? Here you can learn more about how we proceed with a cloud security audit and what we test in the process.

As part of a cloud pentest, our security analysts also examine all relevant cloud components and identify possible gateways for attackers.

We are looking forward to supporting you.

Also interesting:

usd PCI Best Practice Workshop 2021

usd PCI Best Practice Workshop 2021

For many years, the usd PCI Best Practice Workshop has brought together responsible PCI personnel from companies of all sizes and from all industries to discuss current topics from the world of payment card industry together with PCI experts from usd. The interactive...

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

usd HeroLab Top 5 Vulnerabilities 2020: SMB 1.0 & SMB Signing

During penetration tests our security analysts repeatedly uncover gateways in IT systems and applications that pose significant risks to corporate security. They increasingly identify the same vulnerabilities in different IT assets, some of which have been known for...