Cloud security assessment for a FinTech

Following the complete migration of its platform to a public cloud infrastructure, a fast-growing FinTech commissioned us with a comprehensive security assessment. The aim was to combine regulatory requirements with a high level of security - particularly with regard to sensitive payment and customer data. The focus was on reviewing the identity access management structures (IAM) used, encryption concepts and the isolation between clients. The project was supplemented by the introduction of a CSPM framework for the continuous monitoring of misconfigurations in the cloud.

Core aspects of our project work:

• Review of the security architecture in AWS/Azure
• Check of data encryption and access authorizations
• Establishment of Cloud Security Posture Management (CSPM)
• Recommendations for regulatory protection