Data Risk Assessment

Discover locations and types of sensitive data, determine if sensitive data is secure, and reduce compliance risk.

How it works

The Open Raven Data Risk assessment provides critical insights and recommendations for securing sensitive data and reducing compliance risk. Far too often, attackers simply have to discover sensitive data that has been mistakenly left exposed by human error.

All it takes is three simple steps:

01  Establish access

A one-hour meeting to establish read-only access to your AWS account and to understand what types of sensitive data you need to protect. All data remains in your cloud. Open Raven uses only metadata. Connections are made using either CloudFormation templates (automatically or manually), or via Terraform.

02  Scan of assets

A rapid discovery and inventory of assets followed by classification of sensitive data using PII, PCI/Financial, PHI, and Developer Secrets data classes. The use of custom classes may also be considered. Data scans are curated to focus on high risk areas including, but not limited to, publicly accessible or unencrypted S3 buckets.

03  Review findings

A one-hour meeting to review the risk assessment report which includes a high-level map and asset inventory list, a summary of data discovered by type and class, detailed findings regarding critical data security issues, and more.

What you'll receive

Upon completion of the assessment, a detailed report will be presented with the following sections:

High-level map view and asset inventory

An output of the discovery and mapping exercise which includes all assets, both native and non-native, security groups, VPC peering connections, and resources connected to external facing IP addresses.

Policy violations

Detailed findings regarding critical data security issues, ransomware specific controls, AWS Security Best Practices, and verification that critical assets are part of an AWS Backup plan.

Insights and trends

A summary of trends in AWS asset activity, insights into the types of storage data used in the environment which directly relates to cost, and security specific insights into resource types, regions, accounts (open/closed, encrypted/not encrypted).

Summary of at-risk data

Details of public facing and/or unencrypted S3 Buckets, VPC peering relationships, details of access by Security Group, S3 Bucket configurations, and AWS Backup configurations.

Data classification and sensitive data findings

A summary of discovered data by type and class.