The cloud platform is a way to go for most companies today. With all the advantages like scalable, redundant, fault-tolerant, and highly available infrastructure, the cloud seems like a way to go for when thinking of long term growth. Let’s not go to the overly discussed topic of cloud vs on-primes infrastructure.
Security should be the main consideration when choosing a cloud provider. Most cloud providers today have established the highest level of security for their infrastructure and provide the best solution to their customers. But there is a big gap between the security solution provided by cloud providers and customers implementing it. Businesses using the cloud does not understand that security implementation is also to be considered on their side.
So to fill this gap there is a need of conducting a security audit on the infrastructure that the user has created. That is exactly what Scout2 is all about. Scout2 is an AWS security audit tool developed by nccgroup. It uses the AWS API to gather information about the environment. It is scripted to go through various services and read the information about resources and generate the report.
To successfully run the audit you will need an EC2 instance (Please don’t use t2.micro) and an account with read-only access and security audit privileges to the whole infrastructure. An Access Key ID and Secret Access Key for the account is needed to be provided during installation.
You can find a link to it’s repository here: https://github.com/nccgroup/Scout2
For installation instructions just follow the link of repository.