Cloud Security Audit

For the security of your cloud environment

For many companies today, entrusting their data to a cloud service provider such as AWS, Azure or GCP is a matter of course. However, by relocating to the cloud, you as the user do not relinquish responsibility for the protection of your data. While cloud service providers are responsible for the security of the cloud itself, you must ensure the protection of your data within the cloud. For instance, improper configuration of cloud services can allow attackers to gain access to sensitive data. Therefore, we recommend that you verify the secure configuration of your cloud through an audit.

Dr. Kai Schubert
Managing Consultant

"When it comes to cloud projects, the fact that the outsourcing company remains responsible for the security of the data and applications operated there is often not taken into account. Here's where we step in and provide our customers with in-depth advice - from migration to the cloud, to questions about IT security during operation, to regular security audits of the cloud environment."

Misconfigurations can be found, for example, in:

  • Identity and Access Management (e.g. AWS IAM, Azure AD, GCP IAM)
  • Storage Services (e.g. AWS S3, Azure Storage Accounts, GCP Cloud Storage)
  • Database Services (e.g. AWS RDS, Azure SQL, GCP Cloud SQL)
  • Logging, Monitoring and Alerting Services (e.g. AWS CloudWatch, Azure Security Center, GCP Cloud Audit Logs)

How can we help?

When managing sensitive and vulnerable information and operating services in cloud environments, it is important to have a valid overview of the IT security level of your cloud environment. Our Cloud Security Audit provides you with valuable results and insights.

Our auditors have extensive and longstanding experience in similar audits and refer to various best practices and security standards in different industries.

How to get started with your Cloud Security Audit?

Every cloud environment and the services that run in it are unique. Important criteria when defining the scope of your audit are the cloud services used, the number of cloud resources used, the protection requirements and possible risks of compromise.

We therefore coordinate closely with you throughout the project to guarantee a Cloud Security Audit that is optimally tailored to your company.

How do we proceed when performing a Cloud Security Audit?

Through our structured approach, we manually and automatically check the security of your cloud environment against a framework of a variety of control objectives based on CIS benchmarks for AWS, Azure and GCP, cloud service provider best practices, internationally established security standards and our years of experience. If you wish, we can consider your company's own specifications. Usually, our approach includes the following phases:

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Phase 1: Preparation and scoping

We will define the depth and scope of the Cloud Security Audit in collaboration with you based on your wishes, needs and the risks of becoming a victim of a hacker attack

Phase 2: Performing the audit

During configuration reviews, document reviews and interviews, we audit by using established and self-developed tools not only the actual configuration of the cloud services, but also the security architecture and the people and processes involved. Due to the high degree of individualization of implemented cloud solutions, we always tailor our audit catalog individually to your cloud environment.

We check the security of all your cloud services and resources fully remotely, without using the attack vectors denial of service (DDoS, EDoS) or social engineering. Your operations are not impacted during the review. If critical vulnerabilities are identified, we communicate them immediately.

Phase 3: Report

After the audit is completed, you will receive:

  • A detailed report on all relevant topics including a description of the identified vulnerabilities and specific recommendations for remediation of any vulnerabilities found
  • Presentation of the results remotely or on site (optional)
  • Advice on implementing the necessary measures (optional)
  • Optionally, we perform a retest after the vulnerabilities have been remedied on your part

Phillip Ansorge
Senior Consultant

"Cloud computing is highly dynamic. That is why we are continuously developing our approach and adapting it to current threat scenarios. In this way, we guarantee you a consistently high level of quality and a sustainable improvement in your security level."

What are the variants of the Cloud Security Audit?

During the Cloud Security Audit, the following services or providers can be checked by our auditors:

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Identity and Access Management (IAM) Audit

Depending on your individual cloud environment, the following checks are part of our review of your identity and access management:

 

  • Review of access policies, such as multi-factor authentication or password policies
  • Analysis of the API key
  • Review of emergency and fallback measures
  • Review of permissions, which include:
    • Privileged permissions
    • Non-privileged user permissions
    • Service account security
Amazon Web Services (AWS) Audit

Our auditors have developed a special audit procedure for the Cloud Security Audit of an AWS environment, which is based on PCI DSS, ISO 27001, HIPAA, SOC2, and FFIEC, among others. Furthermore, benchmarks from the Center for Internet Security (CIS) and custom developed reviews by our auditors are taken into account.

The following checks, among others, are part of the Cloud Security Audit of your AWS environment:

 

  • Analysis of EC2 security
  • Review of S3 security
  • Analysis of Amazon Virtual Private Cloud (VPC) security
  • Review of CloudTrail and CloudWatch services
  • Review of database security
  • Serverless infrastructure review
Google Cloud Platform (GCP) Audit

Our auditors have developed a special audit procedure for the Cloud Security Audit of a GCP environment, which is based on PCI DSS and CFT Scorecard, among others. Furthermore, benchmarks of the Center for Internet Security (CIS), benchmarks of Forseti as well as custom developed reviews by our auditors are taken into account.

The following checks, among others, are part of the Cloud Security Audit of your GCP environment:

 

  • Review of virtual machine security
  • Analysis of cloud storage security and cloud network security
  • Analysis of logging and monitoring
  • Review of the security of the Cloud SQL database
  • Analysis of the Google BigQuery service
    Microsoft Azure Audit

    The following checks, among others, are part of the Cloud Security Audit of your Azure subscriptions:

     

    • Review of storage account access permissions and encryption
    • Review of database security, which includes access permissions and connection security
    • Review of logging and monitoring of critical changes and related metrics
    • Review of access policies
    • Review of virtual machine encryption
    • Review of app service connection security
    • Endpoint security analysis
    • Analysis of key vaults
      • Strength of keys
      • Rotation
      • Vault security
    Microsoft 365 (M365) Audit

    The following checks, among others, are part of the Cloud Security Audit of your Microsoft 365 tenant:

     

    • Review of Azure AD configuration (see Azure AD for details)
    • Review of logging, monitoring and alerting
    • Review of the configuration of M365 services, this includes:
      • Exchange Online
      • Sharepoint Online
      • Teams
      • Intune (Endpoint Manager)
    Azure Active Directory (AAD) Audit

    The following checks, among others, are part of the Cloud Security Audit of your Azure AAD:

    • Review of access policies, multi-factor authentication and password policies
    • Review of emergency and fallback measures
    • Review of permissions, this includes:
      • Privileged permissions
      • Non-privileged user permissions
      • Guest user permissions

     

    Azure Conditional Access Policies (CAP) Audit

    During the review of the security of your Azure Conditional Access Policies, we also perform the following checks:

     

    • Compliance with basic recommendations, which include multi-factor authentication, emergency accounts, and verification of atypical authentications
    • Verification that the conditional access policies meet your individual requirements and are configured appropriately
    • Looking for known errors such as:
      • Policies with gaps or ineffective configuration
      • Manipulation of approved client applications
      • Circumvention of device compliance
    Azure AD Connect Audit

    When auditing the security of Azure AD Connect, we perform the following checks:

     

    • Review of permissions
    • Review of access policies, such as multi-factor authentication, password policies, and remote access
    • Review of logging, monitoring, and alerting of critical changes and related metrics
    • Compliance with basic recommendations for maintenance and hardening
    • Review of configuration
      • Synchronization settings
      • Self-service password recovery
      Azure DevOps Audit

      During the review of your Azure DevOps security, we also perform the following checks:

       

      • Review of the organization's access permissions
      • Review of the access permissions of the projects
      • Review of the approvals and user validation of the pipelines
      • Review of build artifacts for hardcoded secrets
      • Review of logging and monitoring of critical events and audit logs
      • Review of the access permissions of the feeds
      Microsoft Defender Audit

      During the review of your Microsoft Defender security, we perform the following checks:

       

      • Review MS Defender plans to determine if verification services are adequately monitored by MS Defender according to the use case
      • Verification whether sufficient notifications are displayed
      • Check if other Microsoft Defender services are correctly integrated
      Microsoft Dynamics 365 Audit

      During Microsoft Dynamics 365 security audits, we also perform the following checks:

       

      • Verification of logging and monitoring of the log collection and its retention
      • Review if weak encryption keys are used
      • Review of session management
      • Analysis of connector security and content management security policy
      • Review of auto-updates and maintenance windows
      Other Cloud Services and Providers

      Do you need a cloud security audit for a provider or cloud service you couldn't find above? We can also check these providers and services, such as: Kubernetes Services or Software-as-a-Services.

       

      We recommend performing a Cloud Security Audit at least annually or immediately after significant changes.

      Contact

       

      Please contact us with any questions or queries.

       

      Phone: +49 6102 8631-190
      Email: sales@usd.de
      PGP Key
      S/MIME
      Contact Form

       

      Daniel Heyne
      usd Team Lead Sales,
      Security Consultant Pentest, OSCP, OSCE