Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Security Risk Assessments / Rapid Cloud Security Posture Assessment
156RCSP Base

Rapid Cloud Security Posture Assessment

On this page

    Service Overview

    The Rapid Cloud Security Posture Assessment offering by DeepSeas partners with clients to assess their cloud environments and map information about cloud inventory, safe configurations, cloud security architecture, cloud workload traffic, compliance gap and risk analysis.

    The program provides the client with a detailed view of the misconfigurations across multi-cloud environments and gaps that help them to understand, prioritize and enhance their cloud security while maintaining compliance with applicable laws and regulations.

    Methodology

    Our robust Cloud Security Posture Management framework based on DeepSeas’ proprietary methodology enables a standardized approach across public cloud service providers including Amazon Web Services, Microsoft Azure and Google Cloud. The Cloud Security Posture Management methodology comprises of the following phases: - 

    Phase 1 – Assess

    This initial phase assesses your cloud environment combining scanning outcomes through our partner's CSPM platform with our consultative assessment to provide a detailed view of the current state cloud security posture 

    Phase 2 – Baseline

    This Phase establishes the cloud security requirements, governance criteria and processes to ensure prioritized remediation efforts. 

    Phase 3 – Implement

    This phase would help clients with complete implementation of the Cloud Security Posture Management platform including policy configuration, compliance requirements, alerting profiles and integration with other security tools in the ecosystem. 

    Phase 4 - Monitor

    This phase which follows the implementation of the CSPM platform would be steady state in which we help administer the platform and monitor any configuration drifts, runtime anomalies and incidents from your cloud services and networks.

    For scope of this project, we will execute only Assess phase and provide you with cloud asset inventory, usage, misconfigurations and non-compliance cloud services.

    The Rapid Cloud Security Posture Assessment includes the following service elements: 

    • Onboard Cloud accounts
    • Kickoff and Posture Assessment
    • Cloud Risk Posture Workshop with key stakeholders
    • Finding Summary + Findings Details
    • Executive Briefing

    Deliverables

    The deliverable Materials, resulting from completion of the Services, are detailed below:

    1. Project Kickoff- Project Kickoff presentation with details on scope, team, project objectives, timelines and cloud registration prerequisites.
    2. Executive Presentation: - An Executive report on approach, current state assessment of the cloud estate for security misconfiguration and deviations from compliance frameworks and security best practices with remediation recommendations
    3. Detailed Cloud Security Posture Assessment Report:- Detailed report of the current state assessment of the cloud estate for security misconfiguration and deviation from compliance frameworks and security best practices including remediation recommendations.

    Service Assumptions

    The service(s) described in this Statement of Work will be delivered by DeepSeas according to the following assumptions, which will govern all work, deliverables, and interactions:

    1. Services will be conducted remotely unless otherwise noted
    2. All work not specifically described in this Statement of Work will be subject to a Change Order. In these cases additional fees may apply.
    3. All scheduled work will be performed during DeepSeas-defined normal business hours, which are Monday-Friday from 8:00am to 5:00pm. Any work performed outside of normal business hours will be subject to a Change Order.
    4. Delivery delays caused solely by client or their agent are not covered under this Statement of Work and will be subject to a Change Order.
    5. The Client will collaborate via DeepSeas' collaboration tools.
    6. The cloud security posture scanning platform used for the assessment is available to access for only 30 days from the start of the assessment.
    7. All DeepSeas projects will be initiated by an initialization call, not to exceed 1hr, including:

    a. Client PoC’s

    • Client main project point of contact (POC)
    • For technical projects, DeepSeas requires an assigned technical POC.

    b. DeepSeas PoC’s

    • Project Manager
    • Delivery Lead
    • Where applicable, Delivery Support

    c. Agenda

    • Project goals and objectives overview
    • Timeline Review
    • Deliverable Review
    • Overview of the closeout process

    Client Responsibilities

    The Client is responsible for the completion of the following tasks, in accordance with agreed-upon timelines established as part of the project plan.

    GENERAL RESPONSIBILITIES

    1. Client to assign a Single Point of Contact (Client POC) responsible for Client coordination and logistics.
    2. Client is responsible for providing DeepSeas with key stakeholder information such as name and email address
    3. The Client is responsible for scheduling and coordination of internal Client resources for all project work.
    4. The Client is responsible for the approval and implementation of draft documents within the organization.
    5. Client to provide necessary access, accurate and up-to-date inventory and asset information, and timely support for the DeepSeas delivery consultant during the assessment, planning, and implementation phases.
    6. Client to ensure that all relevant stakeholders are aware of the planned security measures and are trained to use the new security tools and processes.
    7. Client to review and approve all deliverables produced by the consultant as part of the Project. This includes providing feedback and revisions in a timely manner to ensure that the Project stays on track and meets the agreed-upon timelines.
    8. Client to allocate appropriate resources to support the Project, including personnel, equipment, and other necessary resources. This may involve reassigning staff members to work on the Project or acquiring new resources as needed.
    9. Client to provide the DeepSeas consultant with access to all necessary data and information required for the Project.
    10. Including the DeepSeas delivery team on invites leveraging the client’s video conferencing platform.
    11. Collaborate via DeepSeas’ collaboration tools.
    12. Having Client POC, empowered by executive management, to be available as needed.
    13. Providing access to all resources necessary to deliver selected services on time, as agreed upon in this Statement of Work.
    14. Providing advanced notification of any cancellations (including reschedules) according to CANCELLATIONS disclosure below.
    15. Timely payment for all services and expenses, regardless of Carrier involvement.

    Deepseas Responsibilities

    As the provider of the services described in this Statement of Work, DeepSeas will have the following responsibilities before, during, and after the engagement:

    1. Supplying a primary point of contact for all services being delivered.
    2. Providing expertise to collaboratively develop an appropriate solution and timeframe.
    3. Delivering all services referenced in this Statement of Work on time and aligned with Client’s expectations.
    4. Timely billing for all services and expenses.