What is an AWS Security Proof of Concept?
The first step in a security PoC is an audit of your existing infrastructure. Typically there are a number of items that are discovered including gaps in IAM roles, poorly configured groups, using the root user for workloads, and more.
Once these issues are identified, we create a Proof of Concept new environment with the gaps fixed. This new environment can be tested, evaluated, and either A) applied to the existing environment using infrastructure as code (IAC) or B) by switching to the new environment.
How much money does an AWS Security Proof of Concept cost?
The hard costs can range from $5k to $25k for AWS Security Proof of Concepts, however these costs can be offset or completely covered by AWS depending on your annual AWS spend. In many cases by involving a qualified AWS Consulting Partner they can be absolutely free for the end customer!
No matter the cost, preemptive security fixes are much less expensive than security incidents. According to security magazine the average cost for a data breach is a whopping $4.35M.
How long does an AWS Security Proof of Concept take?
This largely depends on how much Infrastructure As Code is in place; for well-managed environments the audit and reporting can be completed as quickly as in a few days, while larger more complex environments it can take a couple weeks. This includes:
- AWS automated tools
- Manual review
- Report of findings
- Recommendations with level of effort
- Recommended prioritization
Implementation time can vary, but most criticals can be resolved in a couple of days, and the minor —but still important— issues can be addressed over a few weeks.
FAQ/Common Objections
Q: Why should I pay for a partner to get to learn my business?
A: Security audits don’t require any knowledge of the business (e.i. we don’t need to know why you are using encrypted traffic, we just need to know it’s there).
Q: We don’t have time internally to prioritize this.
A: Security gaps have a way of prioritizing themselves. Audits are much faster, cheaper, and more pleasant to deal with than breaches. By working with a qualified AWS Consulting Partner the amount of work required internally is minimal.
Q: I’ve had a bad experience in the past with security vendors. What makes Metal Toad different?
A: As a qualified AWS Consulting Partner with 20+ years of experience in software we understand both the technological requirements and the business realities faced by IT departments. We present our findings in an easy to understand format and help to execute against the priorities you set.
Q: I’ve never needed a security audit before, why do I need one?
A: If you’ve never had a security audit you might really need one. Just because you’ve never been to the dentist, doesn’t mean you don't have cavities. In reality the less you have screened for security the more you need one. In many cases, these PoCs can be completely free with AWS PoC funding.
Q: How can I get my executive team to prioritize this?
A: Let them know the average cost of a security breach and that you have a potentially free or low cost solution. Our 60 minute assessment is absolutely free and has no obligation.