Cloud Configuration Review
Cloud Configuration Review ⫘
Important
The service listed above is only available to any customer for whom IMR was quoted on or before to March 31, 2022, and that customer executed a Transaction Document for the IMR within 90 days of the quote. By selecting this Service, Customer acknowledges and agrees that, notwithstanding anything to the contrary set forth in Customer’s agreement with Secureworks, Secureworks may subcontract these Services to Insight Direct USA, Inc., provided that, Secureworks will remain responsible for the performance of the Services to the same extent that it would be liable for its own acts or omissions.
Service Overview ⫘
Secureworks will review your cloud configuration—as specific to security configurations and controls—for one or more Google Cloud Platform (GCP), Amazon Web Services (AWS), and/or Microsoft® Azure cloud environments as related to recommended security practices, including, but not limited to, the Center for Internet Security (CIS) benchmarks and other security standards. Secureworks will document primary findings, discuss your security controls with your primary personnel, and provide recommendations and remediation opportunities to address the findings.
The review will be conducted remotely through teleconferencing tools such as Microsoft Teams. Data for analysis will be collected using the VMware® Secure State platform. Secureworks will provide you with the consultant’s analysis of results, recommendations for improvements to security configurations and controls, and data used for analysis. For the analysis, Secureworks will only include the agreed-upon cloud environment(s) for GCP, AWS, and/or Azure, as documented in the Statement of Work.
Service Methodology ⫘
The review process consists of the components described below.
Initial Meeting: Secureworks will contact you to schedule the initial meeting. This initial meeting will be conducted remotely through teleconference as a workshop for planning and for gaining a clearer understanding of your objectives and environments. We will discuss and confirm the following:
- Your goals and objectives
- Your subject matter experts (SMEs) and points of contact (POCs)
- Roles and responsibilities
- Scope
- Your organizational and industry context
- Timing/scheduling for Onboarding and Analysis
- Your report requirements
- Deliverable timing/scheduling
After the initial meeting, Secureworks will send an email to your POC(s) confirming the logistics for Onboarding and Analysis.
Onboarding and Analysis: During Onboarding and Analysis, onboarding of your cloud environment(s) is completed and then Secureworks will begin analysis. Secureworks will do the following:
- Coordinate with your POCs and SMEs to onboard cloud environment(s) for initial data collection
- Analyze and interpret the data according to your specific context and use cases, and as related to the Control Areas, Frameworks and Standards, and Benchmarks defined in Specifications
- Identify cloud security configuration vulnerabilities and provide tailored guidance for areas of improvement
- Identify potential business impact of findings to enable risk-based security improvements
- Facilitate a discussion with your POCs and SMEs regarding any additional context in your environment to consider for analysis and apply to results
- Discuss and advise you regarding list of findings and potential business impact (includes providing organization-specific recommendations to address primary findings based on your security objectives and providing a context and risk-based view of prioritized remediation opportunities)
Concluding Activities: Secureworks will prepare a final report and provide it to you. Also, Secureworks will schedule and conduct a summary teleconference for up to one hour.
Outcome ⫘
You will receive a report that includes the following:
- Analysis of your cloud configuration findings as related to the Control Areas, Frameworks and Standards, and Benchmarks defined in Specifications
- Consolidated actionable roadmap for context and risk-based remediation
- Data from cloud environment(s) that was used for analysis
In addition, Secureworks will coordinate with you to determine requirements for a formal summary teleconference, and to confirm timing and scheduling as needed. A summary teleconference consists of an executive-level summary of findings, including discussion of areas considered higher risk and approaches for remediation. The summary teleconference will be conducted remotely through teleconferencing tools such as Microsoft Teams and will be scheduled for up to one hour.
Scope and Service Units ⫘
| Scope | Description | Service Units |
|---|---|---|
| Small | Up to 1,000 Cloud Assets | 12 |
| Medium | Up to 2,500 Cloud Assets | 16 |
| Large | Up to 5,000 Cloud Assets | 24 |
Scheduling and Booking Information ⫘
See Service Scheduling for information about scheduling this service.