Over the years of product development lifetime there are various shortcuts that become permanent solutions instead of the temporary ones. The cloud infrastructure state is usually a place where things evolve and the leftover bits just accumulate over time increasing the potential vector for the attack. Pinpointing them and getting rid of those leftovers is a time consuming task, therefore it's usually just pushed to "the next sprint".

​

Bringing in someone from outside is an effective way to audit the "hidden corners". After that, the plan to remediate them in a timely fashion could be formed.

 

What the Infrastructure Review Brings to You

​

• Looking at the existing solution from a security standpoint.

• Ranking the problems by severity together with an easy to understand explanation.

• Possible fixes for the solution.

​

The fix itself can also be on the table, but that's for a discussion after the review.