Cloud Security Assessments
Let's work together to ensure security is treated as a first-class citizen in all aspects of your business.
Chat to usWHAT ARE...
Cloud Security Assessments
The more businesses move to the cloud, the more threats will grow. Seeing that the cloud supports the main infrastructure of your business, it is of utmost importance to ensure all of your data, processes, and platforms are secure. Just like you would have regular check-ups with your physician, it is recommended to regularly test the security posture of your Cloud Infrastructure.
OUR APPROACH
How we assess your security
Our Cloud Security Assessment comprises 2 main security concepts:
- Penetration testing
Involves assuming the role of a cyber attacker with the intent of breaking in and gaining access by means of exploiting system vulnerabilities and technical oversights in the implementation. - Vulnerability Assessment
Aims to identify any security weaknesses in a system that is commonly known and exploited. During an assessment, methodologies similar to penetration tests are employed with a clear focus on finding known vulnerabilities.
Deimos performs automated security testing as well as manual testing as part of all its security packages. Performing an automated security assessment first allows the team to catch all low-hanging fruit, before focussing on more complex attack vectors. Most often, the real value comes from manual testing.
Below are various steps performed as part of a Cloud Security Audit:
- Inspect application and infrastructure
- Run automated scans
- Review scan results
- Perform manual testing
- Review test results
- Compile finding in a Security Audit Report
- Review the Security Audit Report with you, the client
For automated security testing, our team uses a combination of OWASP ZAP and Google Web Security Scanner.
Below are only a few steps we take during our assessment:
- During our security assessment, we review your application and infrastructure architecture, focussing on the security posture. Ensuring that you Identity and Access Management is configured appropriately, Cloud Audit Logs are enabled and that you are gaining the most from your Security Command Center.
- We spend time in your application architecture, reviewing your code and architecture against industry standard benchmarks such as CIS, and OWASP.
- We ensure Secrets are appropriately managed via Secret Manager, Security events are captured in a platform such as Chronicle.
- We review your resource hierarchy, network structure (segmentation and security), key management and logging.
- We assess your software supply chain using frameworks like SLSA.
Project Kickoff
The Security Audit starts off with a project kickoff meeting. This meeting allows us to align on expectations and determine any specific areas you, the client, wants us to focus on. This session is also used to get a good understanding of the business and its use of technology.
Discovery
The Discovery sessions are used to gain a better understanding of the various systems at play. Discovery sessions are extremely important to any closed-box testing. It provides us with an opportunity to fast-track our understanding of the systems under attack.
Assessment
This is where the magic happens. During the assessment step, our security and infrastructure engineers perform a review of your systems in the hope of surfacing any security issues and/or concerns.
Reporting
We compile our findings into a well-written report. We always include recommendations on how to address any issues we raise.
Review
We will review the report together. Our Security Engineers will explain our findings in detail and facilitate any conversations about potential remediations.
KEY DELIVERABLES
What you’ll see from us
Report
Deimos will schedule a workshop with the Deimos Security team to discuss the findings and recommendations in more detail.
Workshop
Deimos can offer the services of its Software Architects, Security Engineers, and Software Engineers to assist with fixing the issues outlined in the report. This will be done on a time and material basis.
Resolution
Deimos can offer the services of its Software Architects, Security Engineers, and Software Engineers to assist with fixing the issues outlined in the report. This will be done on a time and material basis.
WHY DEIMOS?
Why we’re the best fit for your business
At Deimos, we treat security as a first-class citizen in everything we build, taking into consideration that everything we do has to be done with security in mind. By using battle-tested, cloud-native technologies that have matured over time and gained extensive support, Deimos positions itself to be a domain expert in hosting and maintaining well-secured systems in the cloud.