AWS Security Assurance as a Service

Do you want a dedicated AWS Security Consultant but without the overhead of having to employ a full time person? Our Security Assurance-as-a-Service provides you with a dedicated, named, security consultant for a fixed number of hours per month, based upon your needs. Your consultant will act as a subject matter expert on AWS security and will be on-hand to answer any questions or help resolve issues that you may have.

View case study

Benefits:

• Gain the benefit of an experienced AWS Security consultant without the need for a full time employee
• Can scale based on need
• Fill any security knowledge gaps that you may have

Our Approach:

We agree with you a minimum number of serviceable hours per month based upon your need. You are then provided with a named Security Consultant who will become your SME during the lifecycle of the service. You can then request access to your consultant via one of our contact methods and they will arrange a time with you to help with your query.

AWS Security Architecture Review

Are you operating securely in the AWS Cloud? Does your cloud environment meet your organisation security requirements? In the ever changing world of cyber threats it important to ensure that any environment you run within the cloud is appropriately secure. Not only will this reduce your risk exposure but could also protect your company from reputational damage and legal repercussions.

Our Security Architecture review will provide a deep-dive analysis of your cloud infrastructure, highlighting security risks and gaps and providing recommended solutions. The aim is to improve your overall security posture, reduce risk and meet security best practices.

View case study

Benefits:

• Improve your AWS security posture by understanding gaps in your current design
• Ensure your AWS infrastructure meets security best practices
• Reduce your risk & exposure to the ever evolving threat landscape
• Meet security compliance requirements

Our Approach:

We aim to ensure that you are operating securely in the cloud. Our AWS security architecture review assesses AWS infrastructure that either will be, or is already deployed into the AWS cloud and covers the following areas:

• Identity and Access Management
• Logging and Monitoring
• Infrastructure Protection
• Data Security
• Incident Response & Remediation

Using our tried and tested process we firstly document your existing (‘as-is’) AWS infrastructure into easy to consume architectural diagrams. Using a mixture of techniques we then perform a detailed review of your infrastructure against AWS security practices and your company security control framework and identify areas for improvement.

Finally, we produce a desired (‘to-be’) architecture diagram that contains the proposed recommendations along with a detailed gap analysis. This allows you to implement those changes, immediately improving your security posture.

AWS DevSecOps Review

Are you deploying code securely? Does your CI/CD pipeline process implement security testing? Not only it is important to maintain a good security posture whilst operating within the cloud but it is arguably more import to ensure that security is implemented before code is even released into the cloud, ideally even before a single line of code is written.

Adopting good security practices early on in the development cycle is known as shift left and it provides the ability for development teams to deliver secure software at speed without compromising operational security.

Our DevSecOps review will take a holistic view of your software delivery process, from feature design through to production deployment, analysing each stage of the deployment pipeline and providing recommended security improvements. However, not only does our review look at security within the pipeline but also security of the pipeline, ensuring that the appropriate controls are in place to maintain the integrity of the deployment process.

Benefits:

• Allows you to identify and remediate security controls early on in the development cycle
• Reduces the chance of security issues within the production environment
• Builds a security culture by improving developer knowledge of security tooling, threats and how to overcome them

Our Approach:

Firstly we aim to understand your software deployment process. We will document each stage of deployment from design through to deployment. We will then perform a detailed review looking at both the security of the pipeline and also within each stage of the pipeline. This review covers the following areas:

• Security Design
• Threat Modelling
• Secure Coding Techniques 
• AI assisted coding
• Code scanning 
  • Infrastructure as code scanning 
  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
• Container scanning
• Security Testing

Based on this we will then make recommendations for improvement and put together an implementation plan to gradually introduce security controls onto your current processes.