Agile and Proactive Security Assessments of AWS Cloud Deployments

Is your company’s AWS environment secure? How would you know?

Most companies have security personnel, but their expertise in the cloud may be limited. To have a team of highly trained AWS security experts on staff is a bit of a rarity. Yet, security in the cloud is often paramount to the success of the organization.

As a result, organizations often call Optiv to assess the current state of their AWS implementations and report on security findings. We often find that the first hurdle to overcome is not technical in nature but related to developing trusted partnerships within the organization. We and our clients are able to do our best, and better achieve the businesses’ unique objectives, when we are tightly aligned.

Here’s a great example. Late last year, Alight Solutions (“Alight”) asked us to assess their AWS security environment and make recommendations based on our findings. Alight was in the early stages of implementation and had just begun laying out their architecture.

We had several meetings to determine the scope and understand their objectives. During the process, we developed a great working relationship with the Alight team. This enabled both parties to communicate effectively and to clearly convey expectations. As a result, we were able to marshal the right team of Optiv experts to:

• Analyze Alight’s AWS architecture;

• Assess Alight’s third-party proxy and firewall solutions;

• Provide an automated assessment of AWS configuration settings; and

• Perform a console-based hands-on evaluation of the security environment.

We generated a report that identified areas of concern where security gaps and vulnerabilities existed. Our report also provided a pathway to success by providing visibility into areas that needed the most attention. Alight was pleased with our deliverable and used the information during their development and deployment process.

About five months later, Alight called us back in to re-assess their AWS environment.  We found that the environment was secured, and the security policy was well developed and aligned with AWS security best practices. Alight was so buttoned up that the company scored 100 percent on a security health metric – a major improvement from their previous assessment. Security has become part of the culture and is now part of everything they do.

“We utilized Optiv’s Cloud Security Services to perform a security assessment of our AWS environment. As a result, Optiv helped enable Alight to identify areas of opportunities and position us to be more proactive when assessing our AWS cloud deployments. They were a great partner and provided tremendous value.”

- Jason Lish, Chief Information Officer at Alight Solutions