Data Risk Assessment
Discover locations and types of sensitive data, determine if sensitive data is secure, and reduce compliance risk.
01 Establish access
A one-hour meeting to establish read-only access to your AWS account and to understand what types of sensitive data you need to protect. All data remains in your cloud. Open Raven uses only metadata. Connections are made using either CloudFormation templates (automatically or manually), or via Terraform.
02 Scan of assets
A rapid discovery and inventory of assets followed by classification of sensitive data using PII, PCI/Financial, PHI, and Developer Secrets data classes. The use of custom classes may also be considered. Data scans are curated to focus on high risk areas including, but not limited to, publicly accessible or unencrypted S3 buckets.
03 Review findings
A one-hour meeting to review the risk assessment report which includes a high-level map and asset inventory list, a summary of data discovered by type and class, detailed findings regarding critical data security issues, and more.
High-level map view and asset inventory
An output of the discovery and mapping exercise which includes all assets, both native and non-native, security groups, VPC peering connections, and resources connected to external facing IP addresses.
Detailed findings regarding critical data security issues, ransomware specific controls, AWS Security Best Practices, and verification that critical assets are part of an AWS Backup plan.
Insights and trends
A summary of trends in AWS asset activity, insights into the types of storage data used in the environment which directly relates to cost, and security specific insights into resource types, regions, accounts (open/closed, encrypted/not encrypted).
Summary of at-risk data
Details of public facing and/or unencrypted S3 Buckets, VPC peering relationships, details of access by Security Group, S3 Bucket configurations, and AWS Backup configurations.
Data classification and sensitive data findings
A summary of discovered data by type and class.