AWS Cloud Security

Secure foundations without slowing delivery.

AWS is powerful and complex. We help you build secure, well-instrumented foundations and reduce the risk that comes with rapid growth. You get clear guidance, hardened baselines, and practical controls that teams can maintain.

Services Provided

Account Hardening

The first stage of cloud infrastructure security begins with the overarching AWS account. Any defaults must be changed and specific hardening measures enabled so that you are protected from security incidents. Successful hardening will also ensure that you are aware of all activities happening within the account and can be alerted to anomalous activities.

Core Features and Expectations

  • Review and assess current hardening guidelines.
  • Review current account status.
  • Create hardening standards based on industry best practices.
  • Implement hardening procedures.

Ask Yourself This

How many services and settings were left in their insecure default state? Did you document each of these hardening steps in case of audit?

Cloud Disaster Recovery and Business Continuity Planning

Within a long enough timeline there is a 100% chance that one of your systems will fail, whether by malicious activity, accident, or acts of nature. Accepting that these situations will happen and then planning around them will prepare your systems to be more resilient and fault tolerant. The goal here is not to make systems never fail, but fail in a way that does not bring down the entire service being provided to customers.

Core Features and Expectations

  • Review critical system inventory.
  • Review backup and recovery processes.
  • Review disaster recovery plans.
  • Review business continuity plans.

Ask Yourself This

Are there any single points of failure in my system? What about within my administrators?

Identity and Access Management

Many issues within AWS occur due to improper privileges applied to users and systems. Identity and access management is an area of security concerned with how users and machines (entities) are properly named in systems and whether these entities have just enough privileges to perform their job, and nothing more. Gaps in identity and access management are how attackers maintain a foothold in systems.

Core Features and Expectations

  • Review policies surrounding joiner-mover-leaver (JML) activity.
  • Assess administrator usage patterns.
  • Implement secure access and privilege patterns based on industry best practices.

Ask Yourself This

Are your employees accessing the Cloud infrastructure with least privileges?

How do I know when they are making administrative changes to critical systems?

Network Hardening

Being a company in the Cloud, you rely on both a secure and responsive network to be present at all times. Without proper security, holes in your network will allow malicious attackers to gain insight or a foothold into your infrastructure or, worse, into your systems where customer data is being processed.

Core Features and Expectations

  • Review network policies.
  • Assess existing network security.
  • Assess network logging and monitoring capabilities.
  • Review Data Leak Prevention (DLP) capabilities.
  • Implement network security recommendations to align with industry best practices.

Ask Yourself This

How do I know that attackers are not already poking around the perimeter of my network or, worse, already inside?

Secure Infrastructure Review

Your cloud infrastructure is key to providing either a service or product to customers. Without it, we are back to running a brick and mortar store, which is typically not feasible for most tech companies. Your infrastructure should be resistant to intrusion, elastic to expand when customer traffic is high but shrink when the traffic subsides. And most importantly, cost-effective so that you can reinvest those profits into increasing revenue.

Core Features and Expectations

  • Review infrastructure diagrams.
  • Assess fault tolerant processes.
  • Assess monitoring and alerting processes.
  • Review data flow security measures.
  • Implement secure infrastructure recommendations.

Ask Yourself This

Do I have a complete view of my system's Cloud infrastructure?

Will there be any cascading failures if a non-critical system goes offline?

System Hardening

Systems, or servers, process data in use and are critical to a successful security program. Whether systems are permanent installations or ephemeral, lasting only minutes, a secure system is one that is borne out of configuration standards and an attention to detail. Understanding how data is being processed and stored on a system is vital to knowing whether your customers' and your proprietary information is safe.

Core Features and Expectations

  • Review system configuration standards.
  • Review system baselines.
  • Review security controls in place.
  • Review logging, monitoring and alerting capabilities.
  • Review system lifecycle policies.
  • Implement recommended improvements.

Ask Yourself This

Do you know the last time you logged into the console on your server? Do you know what actions were taken?

Pricing

We are always up-front and transparent with our fees to save you time and money.

Hourly Rate

$ 185

The services listed on this page operate on a standard hourly rate. As every company has slightly different needs, estimates become increasingly difficult and fixed price contracts are untenable. Pricing is thus allotted in buckets of time. However, a more detailed scope of work may be created upon request.

Rates can vary based on a variety of situations and special requests. These requests can range from urgency, complexity of the system, longevity of the contract, daily or weekly rates, and so on.

Invoices are produced monthly, payment is NET-30. A 15% deposit is due upon contract signing. Applicable taxes may apply as required by law.

All prices are listed in Canadian dollars.