How secure is your cloud?
The variety of cloud services leads to a very high complexity in an IT landscape. Each cloud provider, such as Amazon or Google, also has its own unique security features using different technologies. Hundreds of configurations affect the security situation of cloud environments. Even a single misconfiguration can lead to major consequences for companies.
However, the verification of misconfigurations is very time-consuming and complex. Especially when using multiple cloud services, it is difficult to control and manage security.
The solution for cloud security
The Cloud Compliance and Security Inspector is a platform-based application for assessing and monitoring security configurations in hybrid-cloud and multi-cloud environments.
Our tool verifies compliance to various standards and best practices e.g. NIST, CIS, ISO and provides comparable assessment results on the security settings of cloud environments from different cloud providers based on a standardized scoring system. In addition, the tool can be used for continuous monitoring of compliance with standards and requirements as well as user and authorization audits.
Features and benefits of the Cloud Monitoring Service
Automated monitoring of the multi-cloud environment provides real-time insights, showing status and details of the cloud environment's security controls. Controls of different domains are considered, such as identity and access management, data security, infrastructure security, and logging and monitoring.
Our tool verifies the compliance of the cloud environment with various standards and best practices including NIST, CIS, ISO as well as independent PwC Good Practices. Based on a standardized scoring system developed by PwC, comparable assessment results on the security of cloud environments from different cloud providers (AWS, Azure, GCP, etc.) are facilitated.
In addition to the automated benchmarking of the technical security configurations, the associated superordinated processes are identified, analyzed and evaluated. This ensures a fully comprehensive holistic view of the cloud environment.
You can audit user and privileged accounts and keep an eye on compliance status. Hundreds of built-in, automated controls are available in a flexible and customizable way - as well as the development of your own controls based on your individual requirements.
Comprehensive reporting gives you detailed insights into the security of your multi-cloud environment. This includes easy-to-implement quick wins as well as long-term strategic recommendations. We use the results to prepare a roadmap tailor-made to your specific needs.
PwC consulting services are independent of cloud providers and are performed by certified experts. Our recommendations are always risk-based and tailored to your specific needs.
Full-stack cloud security in all stages of the life cycle
Our experts support you in establishing the necessary measures to protect your cloud environment. In doing so, we take into account the risk proﬁle of your company and the protection requirements necessary for your systems and data.
- Cloud provider and service model independent
- Security baseline for 5 cloud domains
- Cloud process check
- Automated* configuration check of 40+ PwC must-haves
- Cloud risk report
- Cloud security roadmap
*Tool-based with the Cloud Compliance and Security Inspector ©
- Fully comprehensive cloud assessment*
- Comprehensive evaluation:
- Cloud processes
- Cloud configurations
- 200+ best practices as well as customer specific rules
- Detailed risk analysis
- Risk mitigation recommendations
- Maturity assessment
- Management report
*Based on the established Cloud Security Governance Framework (CSGF). Includes all content included in Baseline Check.
- Implementation of the PwC Cybersecurity Baseline Check or an individual Cloud Security Assessment as a managed service:
- Regular benchmarking
- Regular report generation including interpretation of all results and recommendations
*Price is based on service scope and frequency
Cloud compliance and security made easy
Are you interested in the Cloud Compliance and Security Inspector? Our offer is exclusively for business customers. Therefore, please enter your business email address and we will get back to you as soon as possible.
How does the connection of the tool work?
For the connection, only a few configuration steps need to be carried out on the client side, such as setting up the necessary authorisations. In order to connect the required cloud platforms, there are instructions that guide easily through the process.
What impact will the scan have on my cloud environment?
The Cloud Compliance and Security Inspector only receives read access to the cloud environment. Performance losses or deterioration of the user experience are excluded.
How can clients use the tool?
Clients can choose between four models:
- Baseline check: quick assessment of 5 cloud security domains
- Full-scope assessment: a fully comprehensive cloud assessment with detailed risk analysis and management report
- Managed Service: assessments as a Managed Service by PwC with regular benchmarking and reporting
- Software-as-a-Service solution in a licence model: access to the tool for own assessments
What happens with the data in the Cloud Compliance and Security Inspector?
At the application level, only the login data (e.g. user ID) is processed in the tool. Data processing is carried out on databases which, like the tool itself, are hosted in the German PwC infrastructure. These instances can only be accessed via itself. Personal data is not transferred to different countries.
Can the controls be flexibly adapted to the clients' needs?
The integrated benchmark can be edited individually. In addition, the import function offers possibilities to adapt the controls to be audited to one's own company needs.
In which way can clients create their own benchmarks?
Clients can flexibly develop their own control catalogue for the creation of their own benchmarks. They can combine different standards such as ISO and CIS for their own benchmarks.