Cloud and App Security Reviews
Convergent’s comprehensive cloud and application security review methodology has been designed to provide assurance for the vendor and the content owner, that their systems have been correctly configured and are being operated securely.
Convergent has carefully selected and aggregated the relevant industry standards and best practice guidelines into a Cloud Security Controls matrix for specific use cases within the M&E supply chain. This provides a robust and repeatable cloud-agnostic assessment framework for solutions built in public and private cloud environments.
Approach – We verify evidence provided, against the industry standards best practice controls in conjunction with live testing. The output of the assessment is a detailed report on overall compliance which will highlight security issues identified together with practical remediation advice.
This will provide the necessary assurance that the operations, service or application being assessed meets recommended security compliance. Our dedicated team of experienced cloud security architects will guide you through the assessment process explaining each stage and advising on the vulnerabilities found and how best to conduct any remediation.
Methodology – For all instances where public cloud is used, the assessment will be based on CIS cloud baselines, the OWASP ASVS and the cloud providers’ best practice controls (Azure, AWS, GCP, IBM etc). This is complemented with live configuration vulnerability testing.
For SaaS applications and cloud hosting services a service provider assessment will also be conducted using the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) which is based on ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP. A CSA CAIQ Level 1 Self-Certification can be achieved and displayed on the CSA portal for customers to view.