What's involved in a security architecture review?
Security has a history of being an end of project consideration. This has inevitably occurred with cloud architecture, as organisations move away from their legacy on prem networks. Nuvolo Sicuro offer a review of your cloud architecture; from how you present externally facing services, to a gap analysis of potential holes in the entire estate.
Whilst yearly penetration tests offer some insight on potential misconfigurations, we believe that security must be an ongoing practise; a lot can happen in a year, and intrusion attempts happen around the clock. Furthermore, a penetration test will only uncover what the tester discovers- a comprehensive review into architecture, coupled with the use of tools to detect misconfigurations will position your organisation stronger against a potential attacker.
We approach this in the following way:
- Obtain a full architecture diagram, showing all components and their connections to other public clouds/on prem. This helps us understand your environment in the necessary detail.
- Creation of a threat model, to highlight potential attack vectors.
- Break each component (whether it be IaaS, PaaS or SaaS) down to show where hardening is required.
- If applicable, show potential gaps in security tooling. We don’t operate on a commission model; but where necessary a soft recommendation will be made for future consideration.
We’ll look at the cloud native options, and recommend the use (and if required, help with the deployment of) built in cloud security tools and logging that enhance visibility of your environment.