Solution: Security & Compliance Kit

Solution: Security & Compliance Kit
Security and Compliance is a shared responsibility between you and AWS. This shared model can help relieve your operational burden as AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. You assume responsibility and management of the guest operating system (including updates and security patches), other associated application software, as well as the configuration of all of the AWS-provided security services.

Attackers are constantly looking for weaknesses in your applications and infrastructure that can be exploited. The Security & Compliance Kit is a combination of security tool scanning, joint technical sessions, and off-line analysis, intended to gain a deeper understanding of your applications, infrastructure, AWS accounts, and how security is currently managed across all of your AWS accounts and applications.

The Security & Compliance Kit has been built based on years of experience helping clients secure their AWS environments and various security frameworks including Center for Internet Security (CIS) AWS Foundations Benchmark standards.
Infrastructure Security
A team of certified AWS experts will scan and review your current infrastructure for security best practices and help you identify security risks.
Identity & Access Management
We conduct a thorough review and analysis of your current Identity and Access Management (IAM) configuration as well as Single Sign-On (SSO) and Federation accounts.
Framework Compliance
We simplify and streamline compliance for your applications by analyzing your infrastructure for key security frameworks such as PCI DSS, ISO 27001, HIPAA, GDPR, NIST, and more.

Benefits

In-Depth Security Analysis
In-Depth Security Analysis

In-depth security analysis of your AWS infrastructure, network configuration, deployment process, and operations in order to better understand your current security posture.

Security Compliance Scans
Security Compliance Scans

Intelligent security and vulnerability scans using industry-leading tools to check for nearly 1,000 cloud service configuration best practices and provide you with comprehensive visibility into your infrastructure security.

Recommendations & Action Plan
Recommendations & Action Plan

Get a prioritized set of recommendations for remediating high-risk security gaps along with a detailed plan for implementing a proactive strategy to achieve your security goals.

The Security & Compliance Kit is a combination of joint technical session(s), security scans, and off-line analysis, intended to gain a deeper understanding of your application, infrastructure, the AWS services being used, how the application and infrastructure are managed and deployed, and how security is currently managed across all of your AWS accounts and applications. 

The Security & Compliance Kit is a packaged service built out of years of experience analyzing AWS accounts and infrastructure for security risks. We simplify and streamline compliance for your applications by automatically addressing key frameworks such as PCI DSS, ISO 27001, HIPAA, GDPR, NIST, and more.

Process:

  1. Stratus10 will perform a thorough review and analysis of all infrastructure and services running on your AWS accounts in order to:
    • Assess the configuration of the current environment from a security perspective and compare it against AWS Well-Architected Security Best Practices.
    • Measure security compliance against the CIS Amazon Web Services Foundations Benchmark.
    • Measure high-level security compliance against a specific compliance framework such as PCI DSS, ISO 27001, SOC2, HIPAA, GDPR, or NIST.
    • Identify any misconfigurations that could be exploited to compromise your environments.
    • Identify a prioritized list of remediation steps to improve your security posture.
    • Identify areas of Shared Security Responsibility that need to be addressed.
    • Identify data or data storage resources that could be better protected via encryption or other security methods.
  2. Stratus10 will compile a thorough assessment report of the current security state of the AWS accounts and infrastructure with a focus on security and a list of recommended remediation items.

  1. Requirements Gathering
    Stratus10 works with your team to identify and understand the current state of your AWS accounts, infrastructure, delivery process, and compliance requirements.
     
  2. Security Scans
    Stratus10 works with your team to install and configure tools to run the required security analysis scans.
     
  3. Reporting and Analysis
    Stratus10 will compile all the data gathered from the security scans and the engineering analysis and finalize detailed reports for the overall risk assessment, including compliance-specific SOC2, PCI DSS, HIPAA, and GDPR reports. 
     
  4. Analysis Review
    Stratus10 will review the reports, diagrams, and risk analysis documentation developed as part of the engagement with your team and explain the results and recommendations.
     
  5. Remediation Plan
    Stratus10 will provide a detailed remediation plan and proposal based on the performed analysis and priorities.

Security Policies and Compliance Requirements

Provide Stratus10 with access to internal security policies and compliance requirements for AMIs.
 

Current Infrastructure, Accounts, and Access Management

Provide Stratus10 with an overview of your current AWS accounts, infrastructure configuration, and security management process. 
 

AWS Account Access

Provide Stratus10 personnel with appropriate temporary access to your AWS accounts to implement the solution.
 

  • Security scan reports for CIS Foundation Benchmark and other selected security frameworks 
     
  • Security team analysis of existing AWS accounts, infrastructure, deployment process, user access, and other artifacts as applicable
     
  • All source code, scripts, templates, and technical artifacts developed for your solution
     
  • Training session(s) to review the analysis and make sure your team understands the results
     
  • Remediation proposal and recommended action plan from Stratus10's security and compliance team

 

 

Connect with a Cloud Expert