Infrastructure (DevOps) Audit

Access security and reliability of your system infrastructure

The goal of the audit is to find suboptimal, inefficient or insecure components in client system infrastructure.

The audit can be performed using system documentation and customer input, or alternatively, onsite in the actual system, using both customer provided information and data derived from examination of the working  system.

The audit uses ISO/OSI layer 3 as its basis, namely, it begins with a review of network communications, then tests system session handling policies and finishes with an assessment of high level system availability and application level session handling.

Why Audit Your Infrastructure?

Lack of control over system infrastructure can compromise the stability and security of your entire system. e-point helps you make sure you maintain full control and your system is compliant with proper industry standards.

Good monitoring
should cover

  • runtime system metrics
  • configuration changes
  • load of key components
  • alerts for administrators
  • log aggregation

Key Benefits of
Infrastructure Audit

  • compliance with standards
  • guaranteed system scalability
  • reduced maintenance costs
  • easier configuration changes
  • early elimination of problems

Infrastructure Audit - the process

1. Determine quality of customer documentation

Analyze system documentation and determine if sufficient to perform audit. Recommend audit option to client and explain what can be audited and what cannot.

2. Decide level of access & tools needed, prepare tools

Based on option selected, determine tools needed, perform tool set up and if required gain access to client system.

3. Review documentation

Review available documentation, identify issues and prepare client environment inspection plan. Review plan with client and obtain go ahead to perform onsite inspection.

4. Analyze infrastructure onsite

Run diagnostic tools in system environment, document issues found including sub-elements discovered but not identified in documentation. Inspect configuration of selected components, check monitoring and log Inspection procedures.

5. Prepare report & support documentation

Compile preliminary findings into final report. Prepare recommendations on system fixes. Prepare architecture and flow diagrams (if Option C selected), and assemble infrastructure documentation.

6. End of work

Present report to client. Remove diagnostic tools from system. Offer assistance in implementing recommended changes.

Variants of Application Security Audit

This audits variants guarants best results but at expense at audit duration and price.

A. Documentation - based Audit Only

If customer has high-quality system infrastructure documentation, e-point may perform Audit based on documentation only. Such an audit has lower value for customer but it is cheaper and faster than full system inspection.

B. System inspection Audit (recommended)

Standard infrastructure Audit variant, in which documentation is analyzed and then system infrastructure is inspected by e-point DevOps experts.

C. Explorative Stocktaking Audit

In this variant, the system infrastructure is examined, even if there is no good documentation on the system. It’s components are uncovered by Auditor then architecture and inter-component communication is described in the architecture document prepared by e-point.