ClickCease

SOLUTIONS

AWS Cloud Security Assessment

Identify Your Security Gaps & Develop Remediation Steps

SOlution Overview

AWS Cloud Security Assessment

Assess your cloud security and gain actionable remediation strategies

Many of today’s businesses rely on the cloud to remain competitive and agile in their various industries. However, being in the cloud comes with security risks and exposure that require adherence to rigorous compliance standards and constant vigilance in following best practices. 

Our security assessment gauges the security posture of your cloud environment against AWS best practices. We then use the assessment results to recommend remediation strategies to prevent future attacks.

The Benefits of an AWS Cloud Security Assessment

Get a clear picture of your security posture & areas for improvement

We designed our comprehensive security assessment to help you identify risks and avoid future attacks on your cloud environment.

Improved Security Posture
Gain insight into your current security posture and set priorities for improving your AWS Infrastructure and related technology operations.
Team of AWS Security Experts
Mission is an AWS Level 1 Managed Service Security Provider (MSSP) Competency Partner with certified cloud experts that can assess your security posture and strengthen your AWS environment to protect your business and data.
Optimize Resources
Security assessments give you the actionable insights that you’ll need to understand how to prioritize security resources and develop a proactive strategy. Investing in an assessment is better than the potential cost of a possible future security breach.
Proactive & Focused Strategy
Set a long-term strategy for strengthening your infrastructure’s security and build a plan to stay aligned with the ever-evolving threat environment and best practices.
Actionable Insights that Protect Your Business
To gain the most out of your security assessment, we generate a report that includes actionable insights that will help protect you from any number of threats.
Peace of Mind
Leverage the industry-leading Center for Internet Security (CIS) Foundations Benchmark to ensure your business is following best practices to reduce risk to your environment.

Contact us for a Security Assessment

Discovery Process
During the discovery phase, we work with you to understand your cloud environment and seek ways to minimize risk and maximize protection of your infrastructure. We facilitate this process through video conference meetings and collaboration between you and your Mission Solutions Architect.

Our experts review and analyze current security and AWS access controls to identify areas for improvement. Mission has extensive knowledge and experience with various types of workloads and AWS environments to help you meet your business goals and serve your needs.
Francesca J.
Cloud Communications Specialist

Comprehensive Security Evaluation

Well-architected security best practices & strategic technology roadmapping

Once Mission fully learns and understands your business objectives, our security assessment evaluates your AWS environment against AWS well-architected security best practices and Center for Internet Security (CIS) benchmarks for AWS. This process consists of a two-prong approach: 1) A security best practices scan and 2) A hands-on security assessment and review.

A Mission Security Assessment is an effective way to gauge the fundamental health of a company’s cloud infrastructure. It is a valuable starting point for integrating the technologies, design elements, and operational practices that drive sustained, cost-effective, secure utilization of the cloud. We evaluate the following areas:

Organizations and Identity & Access Management (IAM)
AWS Organizations
Organizational units and policies
Root access controls
IAM settings
IAM users, groups, roles, and policies
Federation and authentication
Network Architecture
Security Groups
Ingress/egress controls and management access patterns
Virtual Private Cloud (VPC) Subnet design
AWS Security Services and Tools
AWS CloudTrail
AWS Config
AWS Security Hub
Amazon Detective
S3 Access Logging
IAM Access Analyzer
Centralized Logging

Our cloud experts consolidate all data, recommendations, and insights from the assessment into an actionable formal findings report so that you can see your security strengths and weaknesses. From there, we can establish an actionable plan.

A sample security findings report: 
PASSED CHECKS
10.9%(5)
PARTIALLY PASSED CHECKS
30.4%(14)
Failed Checks
58.7%(27)
CIS Check Name List
(Select Check Name to view level info)
Section
Check Name
Passed/Total
Status
1. Identify & Access
Avoid the use of the "root" account
2/2
Passed
Do not setup access keys during initial user setup for all IAM users that have a console password
3/38
Partially Passed
Enable detailing billing
0/2
Failed
Ensure a support role has been created to manage incidents with AWS Support
0/2
Failed
Ensure access keys are rotated every 90 days or less
24/38
Partially Passed
Ensure credentials unused for 90 days or greater are disabled
33/38
Partially Passed
Ensure hardware MFA is enabled for the "root" account
1/2
Passed
Ensure IAM instances roles are used for AWS resource access from instances
2/2
Failed
Ensure IAM password policy prevents password reuse
0/2
Failed
Ensure IAM password policy require at least one lowercase letter
0/2
Failed
Ensure IAM password policy require at least one number
0/2
Failed
Ensure IAM password policy require at least one symbol
0/2
Failed
Ensure IAM password policy require at least one uppercase letter
0/2
Failed
Ensure IAM password policy requires minimum length of 14 or greater
0/2
Failed
Ensure IAM policies are attached only to groups or roles
36/38
Partially Passed
Ensure IAM policies that allow full"*:*" administrative privileges are not created
96/102
Partially Passed
Ensure MFA is enabled for the "root" account
1/2
Partially Passed
Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
37/38
Partially Passed
Ensure no root account access key exists
1/2
Partially Passed
1. Logging
Ensure AWS Config is enabled in all regions
0/2
Failed
Ensure CloudTrail is enabled in all regions
2/2
Passed
Ensure CloudTrail log file validation is enabled
1/2
Partially Passed
Ensure CloudTrail logs are encrypted at rest using KMS CMKs
0/2
Failed
Customer success story

Preverity

Preverity, Inc., a healthcare analytics firm that offers a risk prediction platform, needed a way to continuously assess the security of its AWS environment, employ security controls to meet current best-practice standards, and meet the security criteria of customers. Preverity turned to Mission to conduct an AWS security and best-practices assessment report.

Mission also helped implement security controls and train the IT team to manage and monitor the environment. Partnering with Mission enabled Preverity to increase its already significant security posture and implement AWS Security Hub to continuously monitor based on best practices. The Preverity sales team can now reference the strong security posture on customer RFPs, and IT can respond efficiently and easily to security audits requested by customers.
Read the full story
Resources you may be interested in

Explore Resources

Schedule an AWS Security Consultation

You Cannot Fix What You’re Unaware Of

Each company’s security posture is unique. A security assessment from Mission gives you the knowledge and confidence you need to protect your AWSinfrastructure and digital assets. Schedule a free consultation with one of our cloud advisors to discuss your cloud security needs.