Helping You Navigate Today's Shared Security Responsibility Model in the Cloud

Managing Security in the Cloud

Praetorian's cloud security assessment services are designed to help your organization navigate through the unique security responsibilities associated with operating in today's public cloud environments. Understanding the separation of responsibility and control is needed to effectively direct your organization's internal security, risk and compliance teams and external auditors.

AWS Security Shared Responsibility Model
Table: AWS Cloud Security Shared Responsibility Model (enlarge)

Understanding

Addressing security in a public cloud environment is slightly different than in your on-premises data centers. When you move systems and data to the cloud, security responsibilities become shared between your organization and the cloud service provider. Infrastructure as a Service (IaaS) providers, such as Amazon Web Services (AWS), are responsible for securing the underlying infrastructure that supports the cloud, and you are responsible for anything you put on the cloud or connect to the cloud.

When operating in cloud environments, your organization assumes responsibility and management of all guest operating systems (including updates and security patches) and other associated application software, as well as the configuration of security group firewalls offered by cloud solution providers such as AWS.

Care must be taken when choosing which services you adopt within cloud environments, because your responsibilities vary depending on the services in use, the integration of those services into IT environments, and applicable laws and regulations. Enhancing security and/or meeting more stringent compliance requirements is possible by leveraging technology such as host-based firewalls, host-based intrusion detection/prevention, and encryption.



We work with all major cloud platform and infrastructure as a service providers, including:
Major cloud providers


Security Assessments to Satisfy Internal Policies and Compliance Requirements

It's more than cloud security best practices. Obtain an accurate understanding of your security and risk posture, while ensuring compliance with industry regulators.

Cloud Application Assessments

The overall goal of an application security assessment is to uncover software vulnerabilities, demonstrate the impact of weaknesses, and provide recommendations for mitigation. Our security engineers will provide a detailed and in-depth security analysis of your organization's critical applications.


Cloud Infrastructure Assessments

Praetorian engineers will remotely identify the networks, hosts, and services that comprise your cloud's external and internal environments. Vulnerabilities are identified and if desired, exploited during a penetration test.


Host/OS Configuration Reviews

Host reviews comprehensively identify security issues within your cloud environment. Praetorian engineers remotely review the configuration of key applications, servers, databases, and network components to identify vulnerabilities that may go unnoticed during network testing.


Cloud Architecture Reviews

A network architecture review will evaluate the function, placement, and gaps of existing security controls and compare their alignment with the organization's security goals and objectives.


VPN Security Reviews

The VPN review compares your current configuration against recommended best practices and identifies any areas of concern. The assessment includes a remote configuration review as well as an architecture review.


Host-based Firewall Reviews

Analyze both the configuration of the host-based firewalls (accounts, logging, patch management, etc.) as well as the implementation of network security controls (ACLs) via the firewall.




Ready to get started?

Contact us at 1 (800) 675-5152 to get started with your Cloud Security Assessment needs, or request a callback by submitting the form below.