HARPO: security audit on AWS

Relying on our expertise and our cloud security experiences acquired with clients in all business sectors, we will quickly and efficiently identify security vulnerabilities and non-compliance in your environment with our in-house scans customised for cloud & CICD environments. Highlight your security best practices. Benefit from a remediation plan adapted to your organisation's realities and increase the knowledge and accountability of your teams on the audited services & components.

At the end of the project, you will have:

• Audit report: evaluation of good practices and compliance, vulnerabilities and non-compliances with internal and external standards (internal policy, ANSSI / CSI / CSA / AWS matrix, PCI-DSS, GmP, GDPR, other national and international legislations,...), classified by level of criticality; list of remediation measures, grouped into a prioritised and budgeted treatment plan
• Restitution - Presentation support of the results, adapted to the different target audiences (operational and decision-making teams)
• During the audit, on-the-fly knowledge transfer on good security practices and immediate alerts in case of detection of a critical vulnerability / non-compliance

Our project methodology is divided into 4 steps:

• Scoping of the on-demand audit on following themes: AWS accounts, managed services, IAM, network & remote accesses, encryption, resiliency, containers, patch management, incident handling, monitoring, control disposal and security guardrails, etc.
• Conducting the audit: automated analyses via our in-house audit tool (HARPO) and interviews
• Formalization of the recommendations and action plan, validated with the operational teams (pre-restitution)
• Presentation of the results of the audit during a restitution meeting and discussion on the remediation plan