Skip to content

HARPO: Security Audit on AWS

Quickly and efficiently audit your security on AWS environments

A Cloud Partner AWS

Devoteam A Cloud Consulting Offer

 

Based on HARPO, our own security audit tool, assess the level of technical and functional security and compliance of your cloud environments, including cloud platform, CI / CD chain, network, serverless components, containers, applications and get experiences remediation guidance from cloud security experts.

Starter Package Deliverables

  • Audit report: evaluation of good practices and compliance, vulnerabilities and non-compliances with internal and external referentials (internal policy, ANSSI / CSI / CSA / AWS matrix, PCI-DSS / GmP / GDPR other national & international legislations), classified by level of criticality, list of remediation measured, grouped into a prioritized and budgeted treatment plan
  • Restitution: presentation support of the results, adapted to the different target audiences (operational and decision-making teams)
  • During the audit, on-the-fly knowledge transfer on good security practices and immediate alerts in case of detection of a critical vulnerability / non-compliance

Customer Contribution

  • Identification of the audit scope (accounts, services, platforms..), level of depth and referents to be interviewed
  • Assigning RO access rights to perform automated security tests with HARPO tool
  • Providing internal referential (architecture diagram, security policy) 
  • Availability of referents aiming to participate in interviews

Key Activities

Scoping of the on-demand audit on following themes: AWS accounts, managed services, IAM, network & remote accesses, encryption, resiliency, containers, patch management, incident handling, monitoring, control disposal and security guardrails etc.

Conducting the audit: automated analyses via out in-house tool (HARPO) and interviews.

Formalization of the recommendations and action plan, validated with the operational teams (pre-restitution).

Presentation of the results of the audit during a restitution meeting and discussion on the remediation plan.

Customer Ready Solutions

Quickly and efficiently identify security vulnerabilities and non-compliance in your environment with our in-house scans customized for cloud & CICD environments. Highlight your security best practices. Benefit from a remediation plan adapted to your organization’s realities and increase the knowledge and accountability of your teams on the audited services & components.

“The Harpo audit offering was born out of our belief that security is job zero and an undeniable asset for large-scale cloud adoption. For this, it is key to have a comprehensive and constant view of its level of protection against threats and vulnerabilities, from the most traditional to the most recent. With HARPO, you can get this visibility as soon as possible and share it with all your internal stakeholders.”

Domenico Di Cicco, President, Devoteam Revolve