How to start
If you decided requesting services from USUA we would recommend follow the steps:
1. Make basic questionnaire sessions, where USUA security specialists will ask questions about
a. Do you have static cloud credentials
b. How often static credentials are rotated
c. How rotation process look like
d. Do you use OIDC
e. Do you use PAM and JIT
f. More than 100 questions will be asked
2. Based on the basic questionnaire replies USUA specialists will build a report and present you a CSPM evaluation plan
3. The next step will be implementing security evaluation
a. Collect all identities in cloud or clouds
b. Define identities type and usage
c. Evaluate identities’ permissions
d. dentify overprovisioned permissions
e. More than 50 metrics will be evaluated
4. Then USUA will provide a detailed report that will contain
a. IAM vulnerabilities and weaknesses
b. The list of identities and their permissions
c. The list of overprovisioned permissions
d. The list of static credentials with the risk level
e. The list of pipelines that can be switched from the static credentials to the dynamic ones
f. The list of access where PAM and JIT have to be implemented
g. The list of places where UBA and least privileges continuous monitoring has to be implemented
h. The list of processes that have lack of IGA
5. USUA can implement or help with implementation of the remediation actions
a. IAM vulnerabilities and weaknesses
b. The list of identities and their permissions
c. The list of overprovisioned permissions
d. The list of static credentials with the risk level
e. The list of pipelines that can be switched from the static credentials to the dynamic ones
f. The list of access where PAM and JIT have to be implemented
g. The list of places where UBA and least privileges continuous monitoring has to be implemented
h. The list of processes that have lack of IGA
Contact us