The AWS shared responsibility model outlines who is responsible for Security & Compliance when using the AWS Cloud.

• AWS is responsible for the security of the Cloud. They are responsible for protecting the infrastructure that runs all of the services in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and data centre facilities that run the AWS Cloud services.
• The customer is responsible for the security in the Cloud. As an AWS customer, you are responsible for the configuration of the Cloud services. For EC2 instances, for example, you are responsible for the operating system configuration, patches etc. For managed services, such as Amazon S3 and Amazon RDS, AWS operates the infrastructure layer, the operating system, and platforms. You access the endpoints to store and retrieve data and are responsible for managing your data (including encryption options) and managing access.

RedBear’s AWS Security Posture review covers the customer responsibility elements of the Shared Responsibility model. The review covers the following elements. Reports with findings and recommendations are provided for all three components of the review

• Technical assessment of your AWS configuration against the latest AWS CIS benchmark and against common best practice
• An AWS Well Architected Framework Review (WAF), covering all six pillars of the Well Architected Framework
• Application security architecture review covering the architecture and processes that power your workloads on the AWS platform

Optionally, we can also add Cloud Penetration Testing against your AWS hosted endpoints. This aims to identify vulnerabilities in applications and provide recommendations to improve security of your overall Cloud based environment. Our test coverage includes OWASP Top 10, SQL and noSQL injection, cross-site scripting and modern API enabled applications (included single page applications)

Are you ready for a review?

Are you ready to understand where you are on the Cloud Security maturity pyramid? Let RedBear help you identify your current security posture and where your organisation needs to be. Contact us for an assessment of your AWS security and your current maturity.