Privva launches AWS, Azure and G Suite specific assessment

Privva launches AWS, Azure and G Suite specific assessment

May 27, 2020

 

How many times have you had vendors say they’re secure because they’re using AWS, Azure or G Suite? Unfortunately, just because AWS is SOC II compliant that doesn’t mean that every vendor application running on AWS is equally compliant. Cloud hosting is based on a shared responsibility model. The cloud service provider is responsible for security of the cloud and the cloud service user is responsible for security in the cloud.

 

To get an accurate picture of your third-party vendors’ security in the cloud, Privva now offers a Cloud Security Assessment. The assessment focuses on best practices within each cloud environment as well as discovering which products third parties use to secure their cloud offerings.

 

Best Practices

The most secure cloud infrastructure in the world won’t protect applications if they use unpatched software with known vulnerabilities. Cloud-based application providers should implement best practices for the security of the virtual servers that they spin up, the applications they build on them, and the configuration of security groups, firewalls and other built-in security features. Are your application providers keeping all machines images up to date with the latest OS and security updates? Do they have appropriate access controls in place for admin users?  Do they have robust security group rules to only allow the kind traffic that is absolutely essential into the cloud hosting environment? Privva’s Cloud Security Assessment will help you find out.

 

Security Products

There are numerous security products available on each of the cloud platforms that can improve security awareness and preparedness. On AWS, for example, there are numerous products available for threat detection, protection from distributed denial of service (DDoS), management of SSL certificates, and log analysis. Assess which types of security products your cloud-based vendor is using with the Cloud Security Assessment to understand where their vulnerabilities lie.

 

Don’t let your third-party vendors hide behind the cloud when asked about their security practices. Contact Privva to start assessing the real security in the cloud of your vendors.

 

Sample Questions

AWS

Best Practice: If your solution leverages S3 to store PII or other sensitive information, are your S3 buckets encrypted?

Product: Do you use Amazon Guard Duty or a similar solution for threat detection and continuous monitoring?

 

Azure

Best practice: Have you disabled RDP and SSH access to virtual machines?

Product: Do you have Azure AD Privileged Identity Management enabled to monitor privileged access?

 

G Suite

Best practice: Do you have user login challenges set up for suspicious login attempts?

Product: Do you have spam moderation enabled for Google groups?

 

Schedule time with Privva to learn more.

Please reload

Featured Posts

Hackers Have Found the Sum of the Small Firms Is Greater than the Big Firm. Are Vendors of Law Firms Going to Be the Next Big Target?

March 17, 2017

1/5
Please reload

Recent Posts
Please reload

Archive