Cloud IAAS Audits
The current trend is for companies to outsource all or part of their information systems. Although often beneficial for the company, such outsourcing should not make us forget the security issues that are not all managed by the service provider.
Synetis can analyze the configuration of your resources in the cloud, including resource partitioning, access to administration consoles, access to services that are too highly exposed (e.g. an ElasticSearch server “forgotten” on the Internet). In addition, these audits are accompanied by architectural advice, particularly with regard to the interconnection(s) with your information system.
This audit combines an architecture audit and configuration audit of elements such as Gsuite, AWS and Azure. Auditing the architecture and configuration of the target information system is a way for us to check for any weaknesses in the design, in the choice of protocols used or non-compliance with recommended practices in terms of Security.
After an analysis of the documentation and (if necessary) interviews, the target component is audited at the configuration level in order to identify deviations from the state of the art.
These actions can be bolstered by offensive tests (Black Box and Gray Box) in order to vet security in-depth.