Google Cloud Platform Virtual Private Cloud – Network, Infrastructure, and Security Controls

Google Cloud Platform Virtual Private Cloud Similarly, for GCP, the following security policies related to networking in the CIS Google Cloud Platform are recommended: For each control, the CIS benchmarks provide detailed instructions on why the policy is recommended, as well as the rationale. For example, for 3.1 Ensure that the Default Network Does Not […]

Assessing network and firewall settings – Walk-Through – Assessing Policy Settings and Resource Controls

Assessing network and firewall settings With network and firewall settings, it’s important to have clarity of environment isolation requirements, which resources are deployed in an environment, network traffic requirements, and governance over routing tables and defining subnets. For our walk-through in this section, our control testing will determine whether traffic logging and alerting have been […]

Preparing to assess change management controls – Walk-Through – Assessing Change Management, Logging, and Monitoring Policies

Preparing to assess change management controls As we covered in Chapter 5, Financial Resource and Change Management Controls, obtaining a thorough understanding of where logging and history can be found for changes performed is critical to determining which areas within a cloud environment should be scoped for audit. Chapter 5, Financial Resource and Change Management […]

Assessing change management and configuration policies – Walk-Through – Assessing Change Management, Logging, and Monitoring Policies

Assessing change management and configuration policies As we covered in Chapter 5, Financial Resource and Change Management Controls, in the cloud, automation is embedded into change management processes. Leveraging automation reduces the opportunity for manual IT control failures. Organizations need to ensure that there are safeguards within the automated process that enforce separation of duties, […]

Assessing change management and configuration policies 2 – Walk-Through – Assessing Change Management, Logging, and Monitoring Policies

Azure Automation Another tool that organizations use for change and configuration management is Azure Automation. Azure Automation allows an organization to automate changes in the Azure environment and across external systems. You first need to create an Automation account before using Azure Automation. To launch Azure Automation, use the following steps: A useful feature for […]

Performing changes – Financial Resource and Change Management Controls

Performing changes Beyond using policies and tags to control compliant management of resources, these same features, along with others, may be used to restrict changes. Each of the cloud providers offers a way of grouping resources together for ease of classification. Both at a group and individual level, settings can be applied to lock the […]

Financial billing and cost controls – Financial Resource and Change Management Controls

Financial billing and cost controls In a cloud environment, setting up services can be as easy as providing a credit card number. Although this provides the benefit of making cloud services easy to enable and consume, this also adds risk in terms of business continuity (what if the credit card holder leaves the company?), as […]

Common pitfalls – Tips and Techniques for Advanced Auditing

Common pitfalls With the scale, speed, and flexibility of the cloud comes complexity. This complexity leads to inherent pitfalls. We will review two broad areas that are common pitfalls for organizations that the IT auditor should be aware of. The first area involves administrative pitfalls that include not managing resource usage, an inability to control […]

Avoiding automation – Tips and Techniques for Advanced Auditing

Avoiding automation Many organizations execute processes in the cloud manually, including installation processes, configuring virtual servers, setting up a network, storage volumes, or other cloud resources. Manual processes are time-consuming, error-prone, and hard to scale. Automation encompasses solutions and tools that help eliminate repetitive aspects managed by one or more manual processes in the cloud. […]

AWS Trusted Advisor – Tips and Techniques for Advanced Auditing

AWS Trusted Advisor AWS Trusted Advisor provides real-time best practice guidance to help provision, monitor, and maintain AWS resources. You can then follow AWS Trusted Advisor recommendations to optimize your services and resources. These best practice recommendations span five categories: To launch AWS Trusted Advisor, search for the service in the AWS console, as seen […]