Infrastructure (DevOps) Audit
Access security and reliability of your system infrastructure
The goal of the audit is to find suboptimal, inefficient or insecure components in client system infrastructure.
The audit can be performed using system documentation and customer input, or alternatively, onsite in the actual system, using both customer provided information and data derived from examination of the working system.
The audit uses ISO/OSI layer 3 as its basis, namely, it begins with a review of network communications, then tests system session handling policies and finishes with an assessment of high level system availability and application level session handling.
Why Audit Your Infrastructure?
Lack of control over system infrastructure can compromise the stability and security of your entire system. e-point helps you make sure you maintain full control and your system is compliant with proper industry standards.
Key Benefits of
- compliance with standards
- guaranteed system scalability
- reduced maintenance costs
- easier configuration changes
- early elimination of problems
1. Determine quality of customer documentation
Analyze system documentation and determine if sufficient to perform audit. Recommend audit option to client and explain what can be audited and what cannot.
2. Decide level of access & tools needed, prepare tools
Based on option selected, determine tools needed, perform tool set up and if required gain access to client system.
3. Review documentation
Review available documentation, identify issues and prepare client environment inspection plan. Review plan with client and obtain go ahead to perform onsite inspection.
4. Analyze infrastructure onsite
Run diagnostic tools in system environment, document issues found including sub-elements discovered but not identified in documentation. Inspect configuration of selected components, check monitoring and log Inspection procedures.
5. Prepare report & support documentation
Compile preliminary findings into final report. Prepare recommendations on system fixes. Prepare architecture and flow diagrams (if Option C selected), and assemble infrastructure documentation.
6. End of work
Present report to client. Remove diagnostic tools from system. Offer assistance in implementing recommended changes.
Variants of Application Security Audit
This audits variants guarants best results but at expense at audit duration and price.
A. Documentation - based Audit Only
If customer has high-quality system infrastructure documentation, e-point may perform Audit based on documentation only. Such an audit has lower value for customer but it is cheaper and faster than full system inspection.
B. System inspection Audit (recommended)
Standard infrastructure Audit variant, in which documentation is analyzed and then system infrastructure is inspected by e-point DevOps experts.
C. Explorative Stocktaking Audit
In this variant, the system infrastructure is examined, even if there is no good documentation on the system. It’s components are uncovered by Auditor then architecture and inter-component communication is described in the architecture document prepared by e-point.