Our team are experts in designing, reviewing and tuning security at different layers of the technology stack.
Cloud service provider security
Security and transparency of operation is critical in all IT workloads, on cloud or off. With AWS, much of this is wrapped up in an API activity log service, AWS CloudTrail. Akkodis likes sending this log stream directly to separate, dedicated security logging accounts, were general administration staff can’t access logs. We’re also keen on using automated security log event identification and alerting in near real-time.
For secure interactive (AWS Web Console) access, we use and recommend FIDO2 physical multi factor authentication tokens for all master (root) account credentials, with federation of identity to your corporate directory (such as Active Directory by way of SAML federation) which may also implement an MFA policy for your administrative users.
Understanding these configurations, and working to ensure that the client’s security posture is maximised without unduly inflicting delay and complication on staff is important; we work with our clients and their existing IT security teams to help them understand any risks and benefits.
Application level security
We’re fanatical about encryption, algorithms, ciphers, signatures, and validation. Akkodis’ cloud approach is to use only encrypted protocols for all data transfers, both in transit to/from the cloud, as well as intra-cloud. We love disabling old crypto protocols, using only the latest and strongest ciphers, ephemeral keys for forward secrecy protection, and strong chains of trust.
We also love helping our clients understand how this looks over time. With Akkodis, you can be as secure as your bank, if not more so.
Akkodis is keen to assist clients however they need. Here are some of the ways we’ve previously assisted clients:
Security Reviews: Development Practices
Inspect, review and recommend changes for developers and release managers around Continuous Integration and Continuous Delivery, Development, API usage, API design, credential handling. Authenticating using two-way x509 certificate verification, and more.
Security Reviews: Operations
Observe and inspect operational processes and procedures, recommending changes to improve security, logging, visibility, governance, and timeliness to mitigate potential future security considerations. Tuning and automating TLS Certificate issuance and renewal, TLS option configuration, etc.
Design and architect security frameworks around applications, including using single sign on technologies such as LDAP, SAML and other techniques, AWS IAM Roles and Policies, public/private asymmetric keys and key management, AWS Key Management Service, and more.
Cloud Governance Services
We can also engage to put cloud governance teams into your organizations, providing best practice and assistance to your existing development and line-of-business service teams. This service continually appraises, researches and improves your security posture over time, which is often overlooked in a project completion and migration to support approach to IT projects.
Security staff capability
Akkodis maintains a number of staff holding the coveted AWS Security Specially Certification. This challenging certification is critical recognition by Amazon Web Services of Akkodis’ technical staff in the capability they bring to bear for our clients in the security space. Our team also hold many other industry and 3rd-party vendor security-releated certifications, professional memberships and more. Our security staff are well versed with decades of experience in security.