New release : CTI Report - Pharmaceutical and drug manufacturing 

                 Download now

AWS Environment Security Audit

April 17, 2019

AWS Environment Security Audit

[et_pb_section fb_built="1" admin_label="section" _builder_version="3.22.3" fb_built="1" _i="0" _address="0"][et_pb_row _builder_version="3.25" _i="0" _address="0.0"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" _i="0" _address="0.0.0" custom_padding__hover="|||"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2019/04/aws-3.png" align_tablet="center" align_last_edited="on|desktop" _builder_version="3.23" width="54%" module_alignment="center" _i="0" _address="0.0.0.0"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row admin_label="row" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" _i="1" _address="0.1"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" _i="0" _address="0.1.0" custom_padding__hover="|||"][et_pb_text admin_label="Text" _builder_version="3.27.4" text_font="||||||||" background_size="initial" background_position="top_left" background_repeat="repeat" min_height="1295px" custom_padding="||0px|||" _i="0" _address="0.1.0.0"]

Interview with’Adrien Bouteiller, security consultant at Intrinsec

 

Hi Adrien. Can you tell us about the “AWS Environment Audit” offer?

Adrien: We need to see an environment Amazon Web Services (AWS) like a composition of numerous services of very varied constitutions and natures.

AWS offers database management systems, storage solutions, and services that connect to physical infrastructure. But what interests us most are the security services. To name just three, we have:

  • Identity and Access Management (IAM), which notably allows you to define permissions and control access to different resources; ;
  • Key Management System (KMS), an encryption key manager used by many other services; ;
  • CloudTrial, CloudWatch and GuardDuty, a suite for logging, monitoring and intrusion detection.

What we propose, in our audit process, it's d’'assess the security level of an AWS environment', through configuration analysis of the various services involved and its architecture. The objective of this work is to answer the following two questions:

  • A outside forward can he introduce in the environment?
  • Can a malicious employee or service provider to raise one's privileges, or illegitimately accessing sensitive resources of the environment?

We also carry out a conformity study, This involves analyzing the consistency between the actual environment configuration and the requirements defined in the company's security policy. This approach incorporates organizational components through interviews with the teams in charge of the infrastructure.

In addition, we establish concrete, tailored and prioritized recommendations, with the aim of establishing a short and medium-term action plan.

 

What type of environment are we working in?

Adrien: In business, we encounter both small-scale environments, centered around a network infrastructure of the "web hosting" type«, and much larger environments, including part of the company information system and operating numerous AWS services.

This division is very generic and undoubtedly admits some singularities, but still allows us to distinguish the two main observable families.

We most often work on "web hosting" type infrastructures, but we also have the opportunity, although less frequently, to work on larger-scale environments.

 

Why was this offer created? What is the added value of conducting this type of audit for a company?

Adrien: Unsurprisingly, it's the growth of the cloud provider market which led us to become interested in this subject.

«By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today» 

Gartner Inc.

Indeed, it's common to see companies choose to host part of their infrastructure with AWS or a competitor, particularly for reasons of flexibility. Despite all the advantages this practice offers, a major drawback remains: the high complexity of the services provided.

Everyone knows that security is a profession. We therefore felt it was necessary to build our expertise in this area, in order to to support our clients through this transition and allow them to’'to fully exploit the potential of the security-oriented service offering from AWS.

 

What are the prospects for development?

Adrien: Today, we primarily take an offensive approach to the security of AWS environments. Over the next few months, we plan to expand our expertise to include defensive aspects. Our SOC and our CERT are currently undertaking research and development cycles that go in this direction, and will undoubtedly have the opportunity to communicate about their activities soon.

On a more formal level, we currently have two certifications : there Solutions Architect Associate certification, which justifies a comprehensive understanding of AWS services, and the Security Specialty certification, which covers security-related topics in depth. We plan to pursue other, more functional certifications, particularly to better understand the specific business constraints of AWS.

Finally, from a broader perspective, we wish to extend our business to other major cloud computing providers (namely Microsoft Azure and Google Cloud Platform) by 2020.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version="3.25" min_height="72px" _i="2" _address="0.2"][et_pb_column type="4_4" _builder_version="3.25" custom_padding="|||" _i="0" _address="0.2.0" custom_padding__hover="|||"][et_pb_button button_url="https://www.intrinsec.com/contactez-nous/" url_new_window="on" button_text="Contact us to discover our solution" button_alignment="center" _builder_version="3.22.1" custom_button="on" button_text_color="#ffffff" button_font="Raleway||||||||" button_use_icon="off" button_text_size_phone="17px" button_text_size_last_edited="on|phone" custom_css_main_element=" padding: 0.4vw 2.0vw!important;||" button_text_color_hover="#c41718" button_border_color_hover="#c41718" button_bg_color_hover="#ffffff" button_text_size__hover_enabled="off" button_one_text_size__hover_enabled="off" button_two_text_size__hover_enabled="off" button_text_color__hover_enabled="on" button_text_color__hover="#c41718" button_one_text_color__hover_enabled="off" button_two_text_color__hover_enabled="off" button_border_width__hover_enabled="off" button_one_border_width__hover_enabled="off" button_two_border_width__hover_enabled="off" button_border_color__hover_enabled="on" button_border_color__hover="#c41718" button_one_border_color__hover_enabled="off" button_two_border_color__hover_enabled="off" button_border_radius__hover_enabled="off" button_one_border_radius__hover_enabled="off" button_two_border_radius__hover_enabled="off" button_letter_spacing__hover_enabled="off" button_one_letter_spacing__hover_enabled="off" button_two_letter_spacing__hover_enabled="off" button_bg_color__hover_enabled="on" button_bg_color__hover="#ffffff" button_one_bg_color__hover_enabled="off" button_two_bg_color__hover_enabled="off" _i="0" _address="0.2.0.0"] [/et_pb_button][/et_pb_column][/et_pb_row][/et_pb_section]

Contact