‘Audit’ is a word laden with significance, impact, gravitas, formality and consequences. And, we freely admit they are frequently slanted towards the negative side of the fence – audits are often seen as a threat, an intimidating challenge.
Actually an audit will help you avoid a Judgement Day, by reviewing and understanding the state of your infrastructure you can make sure you avoid any potential security incidents. It’s a tool to collect information used to plan and execute changes to your infrastructure to make it more secure, to improve on it.
Let’s have a look at what that entails
Despite its potentially negative semantics, we use the term ‘audit’ to convey that the security and vulnerability reviews follow a well developed and structured process to the point of being formalised. This ensures no nooks and crannies are overlooked and all audits are performed to the same high standard. It is as simple as that.
There are many ways to carry out vulnerability and security audits, and quite a few aspects may be involved. Our approach to vulnerability scanning is solution-oriented tailored specifically for the needs of our customers.
A secure IT workload needs to address five domains of IT security architecture:
Having only scratched the surface a little, there is a lot which can be done in each of these five domains – and it quickly gets very confusing what set of security and vulnerability tests and analyses are necessary or desirable for your use case.
Therefore, we have packaged up well-defined sets of scanning and testing profiles based on typical use cases. Do your workload(s) fall into any of these categories?
We are not covering everything in our pre-packaged vulnerability scan offerings – nor should we (or anyone else for that matter) as that is rarely necessary, if at all.
However, we also conduct bespoke custom vulnerability reviews that are tailored to your specific needs. In collaboration and agreement with you, these reviews can be as succinct or comprehensive as required, and can go far beyond the level of detail and coverage pre-defined packages can provide.
Why bother, you might ask?
In 2019 the most popular passwords were “123456”, “123456789”, 2qwerty” and “password” – and nothing has changed since 2018.
Yes, it’s true and is one of the most common threats as a successful login from an illicit person is virtually undetectable. Whilst this is possible with pure password guessing (and there are tools available to detect that), it is far more common attackers to break into the system only to obtain sensitive information. The easiest way is to obtain password information, and then sail through open gates and be near undetectable.
Protecting your infrastructure does not stop with only enforcing strong passwords. It is an ongoing process to harden and secure your entire infrastructure in as many ways possible and required.
And it all starts with a security and vulnerability scan. You can sign up for a free Cloud Health and Vulnerability scan by clicking here.
Why not give the Digital Craftsmen team a call to find out more about our ranges of services and consultancy we offer to businesses and start your New Year knowing your infrastructure and business are secured.
Contact us on +44 (0)20 3745 7706 or email us on [email protected]