Overview:

Customers are responsible for the secure configuration, workload protection and data governance, as per the shared responsibility model of Cloud. Majority of the successful attacks on cloud services are the result of misconfiguration, mismanagement, or human mistakes of the public cloud environment. Misconfigurations can potentially lead to the public exposure sensitive workloads or data. These factors are compounded by the lack of visibility in complex environments such as multi-account or multi-cloud architectures where asset sprawl is vast. Additionally, many of our customers have told us that they are looking for better and efficient way to validate and report on cloud compliance status to meet security standards and regulations (For example: PCI-DSS, GDPR, HIPAA/HITECH, FedRAMP, NIST, ISO, SOC2, and others). These compliance violations can result in significant penalties for organizations. Wipro’s cloud security posture assessment solution is designed to solve these problems for our customers!

Wipro, in association with Palo Alto Networks, will assess your AWS Cloud configurations and identify gaps or compliance deviations to provide better visibility so that you can understand the risk and take appropriate action(s). This rapid assessment will be agentless and requires few minutes to complete the onboarding process.

What will this assessment cover:

Wipro’s Cloud Security Posture Assessment is a point-in-time assessment activity, available to you in either of the below packages, based on your requirement:

• Basic Assessment (up to 2 weeks)
• Advanced Assessment (~4 - 12 weeks)

The Basic Assessment covers the following areas of Cloud Security, for a focused AWS Cloud environment:

• Asset discovery
• Cloud native security services configuration review
• Compliance assessment and reporting
• Cloud network traffic anomaly detection
• Gap assessment reporting and remediation recommendation

The Advanced Assessment includes all aspects of Basic Assessment plus the following:

Cloud Security Posture:

• Wipro customized checks for configurations in line with AWS recommendations and best practices.
• Data Security (data discovery, data classification and data exposure) check
• Identity and access management risks (over-provisioned permission, Enforced permissions and secure identities across workloads and clouds)
• Suspicious network traffic flows for the AWS workloads providing security visibility, analytics, and anomaly detection
• Process integration with security incident response

Cloud Workload Security:

• Cloud workload security health assessment (VMs, containers, serverless)
• Security integration check across the application lifecycle
• Vulnerability assessment
• Review security policies to prevent unsecured builds from moving forward in pipelines
• Forensics process for security audit or security incident investigation

Identity & Access:

• Analyze entitlements granted across multiple cloud providers
• Calculates users’ effective permissions across cloud service providers
• Identify overly permissive access, public exposure, risky permissions, and malicious user activities
• Detect compromised accounts and credentials, insider threats using UEBA capability

Network Configurations:

• Discovering applications, learning the communication patterns and identify abnormal traffic flows both inside and across clouds
• Detect network-based violation, anomalies, and threats & incidents.
• Recommendation to secure traffic between cloud native applications

DevSecOps:

• Scan policy-as-code across all configurations
• Dashboard and compliance checks reporting on the Codes
• Review existing governance in a code
• Recommendation to prevent code errors from being deployed

Value delivered for Advanced Assessment:

• A view on your AWS and other major CSPs (for a multi-cloud environment) compliance posture, covering all aspects of security
• Prioritized view of gap findings with impact & severity analysis
• Actionable recommendations to fortify your cloud strategy
• Remediation support for controls deployment and managed security services support, as an additional scope