Haven Logo
  • Services

    Explore our Services

    • Exploitative External Penetration Test

      Simulate a cyberattack to evaluate the organization’s external networks, web applications, and systems.


      Fixed Price: $3,995

    • Essential External Threat Evaluation

      Comprehend the risks posed by cyber threats to your operations, assets, and individuals.


      Fixed Price: $1,395

    • External Vulnerability Assessment

      Scan perimeter defenses such as websites, web applications, and network firewalls for weaknesses.


      Fixed Price: $995

    • Public Cloud Best Practices Review

      Explore best practices related to public cloud environments. Assess operations, security, reliability, performance, and costs.


      Fixed Price: $2,995

    • Phishing Assessment

      Measure end-users’ vulnerability to perform actions requested by attackers.


      Fixed Price: $495

    • Enterprise Security Assessment

      Conduct a comprehensive security analysis of an entire infrastructure, hosts, networks, applications, etc.


      Fixed Price: $7,995

    • Internal Vulnerability Assessment

      Identify vulnerabilities within networks, internal servers, workstations, and applications.


      Fixed Price: $1,795

    • Automated Dynamic Application Security Test

      Black-box testing methodology used to uncover potential security flaws by performing automated security scanning againsts an application


      Fixed Price: $1,995

    • FTC Safeguards Rule Compliance Assessment

      Refers to a process undertaken by the United States Federal Trade Commission to assess and enforce privacy safeguards and regulations


      Fixed Price: $7,995

  • Solutions

    Organization Size

    • Customer Experience list icon Small Business
    • Customer Experience list icon Medium-sized Companies
    • Customer Experience list icon Enterprises

    Industry Solutions

    • Car Light Icon Automotive
      Car Light Icon Construction
      Car Light Icon Retail
      Car Light Icon Manufacturing
    • Car Light Icon Shopping
      Car Light Icon Healthcare
      Car Light Icon Travel
      Car Light Icon Technology
    • Car Light Icon Hospitality
      Car Light Icon Insurance
      Car Light Icon Transportation
      Car Light Icon Legal
    • Car Light Icon Apps
      Car Light Icon Realty
      Car Light Icon HR
      Car Light Icon Civic

    Financial Institutions & FTC Safeguards Rule

    • Financial Advisors
      Investment Advisors
      Tax Preparers
    • Accountants
      Payday Lenders
      Appraisers
    • Mortgage Brokers
      Wire Transferors
      Check Cashers
    • Collection Agencies
      Fintech
      Auto Dealers
  • Learn

    Learning Center

    • Customer Experience list icon Everything
    • Customer Experience list icon News
    • Customer Experience list icon Statistics
    • Customer Experience list icon Insights
    News image
    Insights

    Cybersecurity Essentials: Building Digital Fortresses

    Learn more
    Case Study image
    Insights

    Navigating the Regulatory Maze: Guide to FTC Privacy Safeguard Compliance

    Learn more
  • About

    Company Profile

    • Customer Experience list icon About Us
    • Customer Experience list icon Customer Experience
    • Partnerships list icon Partnerships
    • Customer Experience list icon Contact Us

    Message from our Team

    Icon for citate

    Here at Haven, we're dedicated to fortifying your digital defenses. Through innovative technology and a growing team of experts, we're staying ahead of emerging threats to safeguard your valuable assets. We continually strive to enhance our services and adapt to the evolving landscape of cybersecurity, ensuring that you remain protected against new challenges and vulnerabilities. Thank you for entrusting us with your cybersecurity needs and trusting us to keep your digital world secure. Your confidence in us drives our commitment to excellence.

    CEO profile photo
    • USA
    • European Union
  • Contact Us
  • My Account
  • Start
  • Services

    Explore our services

    • Exploitative External Penetration Test

      Simulate a cyberattack to evaluate the organization’s external networks, web applications, and systems.


      Fixed Price: $3,995


      Fixed Price: $3,995

    • Essential External Threat Evaluation

      Comprehend the risks posed by cyber threats to your operations, assets, and individuals.


      Fixed Price: $1,395

    • External Vulnerability Assessment

      Scan perimeter defenses such as websites, web applications, and network firewalls for weaknesses.


      Fixed Price: $995

    • Public Cloud Best Practices Review

      Explore best practices related to public cloud environments. Assess operations, security, reliability, performance, and costs.


      Fixed Price: $2,995

    • Phishing Assessment

      Measure end-users’ vulnerability to perform actions requested by attackers.


      Fixed Price: $495

    • Enterprise Security Assessment

      Conduct a comprehensive security analysis of an entire infrastructure, hosts, networks, applications, etc.


      Fixed Price: $7,995

    • Internal Vulnerability Assessment

      Identify vulnerabilities within networks, internal servers, workstations, and applications.


      Fixed Price: $1,795

    • Automated Dynamic Application Security Test

      Black-box testing methodology used to uncover potential security flaws by performing automated security scanning againsts an application


      Fixed Price: $1,995

    • FTC Safeguards Rule Compliance Assessment

      Refers to a process undertaken by the United States Federal Trade Commission to assess and enforce privacy safeguards and regulations


      Fixed Price: $7,995

  • Solutions

    Organization Size

    • Customer Experience list icon Small Business
    • Customer Experience list icon Medium-sized Companies
    • Customer Experience list icon Enterprises

    Industry Solutions

    • Car Light Icon Automotive
      Car Light Icon Contruction
      Car Light Icon Retail
      Car Light Icon Manufacturing
    • Car Light Icon Shopping
      Car Light Icon Healthcare
      Car Light Icon Travel
      Car Light Icon Technology
    • Car Light Icon Hospitality
      Car Light Icon Insurance
      Car Light Icon Transportation
      Car Light Icon Legal
    • Car Light Icon Apps & Software
      Car Light Icon Real Estate
      Car Light Icon HR
      Car Light Icon Public Services

    FTC Safeguard Rule & Financial Institutions

    • Financial Advisors
      Investment Advisors
      Tax Preparers
    • Accountants
      Payday Lenders
      Appraisers
    • Mortgage Brokers
      Wire Transferors
      Check Cashers
    • Collection Agencies
      Fintech
      Auto Dealers
  • Learn

    Learning Center

    • Customer Experience list icon Everything
    • Customer Experience list icon News
    • Customer Experience list icon Statistics
    • Customer Experience list icon Insights
  • About

    Company Profile

    • Customer Experience list icon About Us
    • Customer Experience list icon Customer Experience
    • Partnerships list icon Partnerships
    • Customer Experience list icon Contact Us

Public Cloud Best Practices Review

Explore best practices of public cloud environments

Server image
Clouds
Clouds

Cloud Computing Tailored to Your Needs

Our extensive expertise in working with industry-leading cloud platforms provides us with a distinct advantage in analysis of public cloud operations, security, reliability, performance, and cost savings. Envision novel business models, unlock growth, enhance agility, and reduce costs through cloud and infrastructure review.

Cloud Secure: Safeguard, Strengthen, and Sustain.

Embrace the future with confidence by securing your public cloud environment. Our comprehensive cloud security assessment provides your organization with critical insights into the potential vulnerabilities and threats lurking in your cloud infrastructure. As organizations increasingly rely on cloud services, understanding and mitigating these risks become essential to ensure robust and resilient operations.

  • $2,995 Fixed Price
  • Test one public cloud tenant
  • Extensive Formal Threat Report
  • #NoGimmicks Guarantee
  • Get Started
  • Let's Talk

Benefits of the Public Cloud

As discussed below, public cloud services have tremendous benefits for many organizations; however, public cloud services also introduce new vulnerabilities, particularly with regard to the management plane or the administrative interface for the public cloud systems. Ensuring that identity management, access rights, and account security settings are configured correctly is paramount for protecting the integrity of public cloud accounts.

  • File Certificate Icon
    Scalability

    Public cloud services offer scalability, allowing users to easily scale resources up or down based on demand. This flexibility is particularly beneficial for businesses with fluctuating workloads.

  • Basic External Penetration Test Icon
    Cost-effectiveness

    Public cloud services typically operate on a pay-as-you-go model, meaning users only pay for the resources they consume. This can result in cost savings compared to traditional IT infrastructure, as there's no need to invest in and maintain physical hardware.

  • Basic External Penetration Test Icon
    Accessibility

    Public cloud services are accessible from anywhere with an internet connection, enabling remote access to applications and data. This accessibility promotes collaboration and allows users to work from various locations.

  • Basic External Penetration Test Icon
    Security

    Public cloud providers invest heavily in security measures to protect data from unauthorized access, ensuring compliance with industry regulations. Additionally, they typically offer advanced security features such as encryption, identity and access management, and threat detection.

  • Basic External Penetration Test Icon
    Automation and management

    Public cloud services offer automation tools and management services that streamline processes and reduce the burden on IT teams. This includes services for provisioning, monitoring, and scaling resources.

  • Basic External Penetration Test Icon
    Innovation

    Public cloud providers regularly introduce new features and services, enabling users to leverage the latest technologies without the need for significant upfront investment. This fosters innovation and allows businesses to stay competitive in a rapidly evolving digital landscape.

  • Basic External Penetration Test Icon
    Elasticity

    Public cloud services allow users to quickly adjust resources to meet changing demands, whether it's a sudden spike in traffic or the need for additional storage capacity. This elasticity ensures optimal performance and responsiveness.

  • Basic External Penetration Test Icon
    Global reach

    Public cloud providers have a global presence, with data centers located in multiple regions around the world. This global reach enables businesses to easily expand into new markets and reach customers globally without having to invest in physical infrastructure.

  • Basic External Penetration Test Icon
    Reliability and redundancy

    Public cloud providers often have multiple data centers across different geographic regions, ensuring redundancy and high availability. This minimizes the risk of downtime and data loss.

Public Cloud Best Practices Review Steps and Duration

Duration: 1-3 days
Deliverables: Formal Threat Report
Preparation & Planning
1-2 hours

Define the scope of the test, including the accounts to be assessed in accordance with the Statement of Work of the engagement. Obtain necessary permissions and authorizations from relevant stakeholders, as applicable. Determine an acceptable testing date and window of time for performance of the assessment.

Configuration Scanning
12-24 hours

Utilize automated tools to scan account configuration settings for conformance with industry best practice standards and benchmarks.

Reporting & Remediation
4-8 hours

Document all findings, including identified vulnerabilities, successful exploits, and recommendations for remediation. Present a comprehensive report to the organization's stakeholders, detailing the results of the test and providing guidance on prioritizing and addressing security weaknesses.

Frequently Asked Questions

In order to clarify any questions you may have regarding this service, we have provided a series of common questions below. Also, Please be sure to read the Terms & Conditions of this advertisement for further information.

What does the Public Cloud Review cover and how will it be performed?
This service is an off-site compliance review of one (1) designated public cloud account from an eligible cloud service provider. To perform this service, you must designate the account you wish to be tested, and we will perform testing using our toolkit of automated testing solutions and manual review processes.
What public cloud providers can you review?
We offer this fixed price service for the following public cloud providers: Amazon Web Services (AWS), Microsoft Azure/Microsoft Office 365, Google Cloud, and Salesforce.
What is tested in the Public Cloud Review?
This service is an account-level review of your designated public cloud account. Specific assessment parameters vary based on your specific cloud provider. For example, AWS clients may choose from two test parameters based on either the CIS AWS Foundations Benchmark or a Best Practices assessment.

This service evaluates account-level configuration settings regarding considerations such as (1) session security, (2) password policies, (3) user accounts, (4) and access restrictions.
Does the Public Cloud Review include performance of a vulnerability assessment or penetration test on our assets hosted by our public cloud provider?
No, this service represents an account-level review and does not include performance of assessment services targeting individual assets hosted by the public cloud provider. In other words, this review seeks to evaluate the configuration of the management plane or interface used to configure and control hosted resources, but does not assess those resources directly.

If you’re interested in services that evaluate assets hosted by a public cloud provider, please check out our other IT service offerings, such as our $995 External Penetration Test service.
What tools will you use to perform the review?
Our toolkit is constantly reviewed to ensure we are able to meet the challenges presented by a continuously evolving security environment. We presently utilize Nessus Expert to perform this assessment. The tool(s) selected for your engagement may vary based on our perception of the appropriate tool necessary to properly assess your environment. As a rule, we only utilize subscription-based tools in order to ensure we are using tools with updated definition files to facilitate testing for current compliance standards.
My public cloud provider isn’t listed as an eligible provider for this service. Can you still work with me?
Potentially, but please contact us for details. In order to deliver a fixed price assessment, we are required to restrict the number of eligible cloud providers to those optimized to integrate with our automated toolkit. We also offer manual account review and ‘hands-on’ auditing services, but the nature of these services requires that we learn more about your environment and the goals of the engagement before we can provide a price estimate.
Who will be assigned to our review? Do you utilize 3rd party contractors or outsourcing for this service?
For our review services, you will work with one of our experienced technical IT auditors, which provides our firm with the ability to discuss – in detail – the findings of our review with your internal IT personnel or your 3rd party network services providers or vendors. Your test will be performed by direct employees of HavenRisk. At present, all of our employees are based in the United States, subject to extensive criminal and civil background checks, and have confidentiality agreements with our firm. We do not utilize 3rd party contractors to perform any of our testing without providing prior notice to you and, unless otherwise stated, all testing will be performed by our direct employees. We do not outsource any testing or assurance activities outside of the United States.
We utilize a cloud hosting provider (AWS, Azure, Google Cloud, etc.). Can you still perform testing services?
Absolutely. We frequently performing testing services on systems hosted by Amazon Web Services, Microsoft Azure, and other cloud providers. Please note: these providers commonly require YOU to request and obtain permission from them prior to the start of any testing. It is your responsibility to obtain this permission and provide documentation to this effect to our personnel prior to the commencement of any testing.
When can the review be performed?
Performance of testing requires an executed engagement letter, which includes a comprehensive statement of work, between HavenRisk and your company. Once we have the appropriate contracts in place, testing can ordinarily be scheduled to commence within the next 72 to 96 hours; however, expedited testing may be available upon request.
How frequently will the review be performed?
Our fixed price review services provide for the performance of a single assessment at a time of your choosing. We also offer more frequent testing intervals, which may or may not be further discounted depending on scope size and frequency.
How are review results reported?
We issue a formal report for all of our review services. This report will include an overview of the findings from our test (management report), a summary of the scope, as well as any recommendations regarding remediation. A copy of the full testing results will be included as an appendix to our report where applicable. To reiterate the above, the management report is written directly by our personnel and the results of any automated testing or other technical activities are added as an addendum, with our goal being that the final deliverable from our engagement will be polished and understandable.
How will we receive the findings from our review?
We issue all of our reports in electronic format (PDF) via our proprietary secure website or via secure e-mail. Report turnaround time may require one to two weeks in order to process the report through our internal quality control function; however, expedited issuance of reports is available upon advance request.
Can you issue multiple reports for your test? I have several wholly-owned subsidiaries in other countries that require separate formal reports, even though all IPs are owned by our parent company.
Yes, we are able to issue additional formal reports that separate the results of our testing, but an additional cost may be incurred. As stated above, our fixed price is for delivery of a very inclusive yet specific service offering. We don’t pad our pricing to cover deviations from the norm, so changes of this nature may result in an additional charge. We always commit to keep any additional costs fair and commensurate to the cost of the underlying engagement.
Can I receive a sample report?
Absolutely, please  contact us  if you would like to obtain a sample review report.
We have more IPs or accounts than what is specified in the scope of your fixed price services. Can you provide testing for more than the advertised scopes?
Certainly! We commonly perform services that exceed our baseline scope sizes and we will work with you to adjust our advertised fixed pricing to accommodate your scoping needs.
Is re-testing included in the fixed price and, if not, do you offer this service?
Re-testing is not included in the fixed price. By utilizing fixed, value-based pricing, our goal is to deliver a fair value to all our clients regardless of whether or not a given client requires re-testing services. In consequence, our service offering is not padded with additional time or margins that may or may not be justified depending on your decision to request re-testing. If re-testing is required, we do offer this service at a reasonable additional fixed fee of 60% of the original project cost for a single re-test, including the issuance of another formal report. Re-testing must be performed within 180 calendar days of the initial test.
Does your test satisfy compliance with PCI DSS or another compliance requirement or our contractual obligations?
We encourage every client to review services offered by HavenRisk or any other service provider independently to form a judgment as to whether or not a given offer will satisfy a legal, regulatory, or industry audit or monitoring requirement as we make no representations as to the sufficiency of our procedures for satisfying any contractual or regulatory requirements.

Clear compliance guidelines

Ensure that your organization adheres to relevant laws, regulations, and industry standards. By staying compliant, you minimize risks associated with legal penalties, fines, and lawsuits. Non-compliance can lead to financial losses and damage to your organization’s reputation.

Terms & Conditions

This advertisement represents an ‘invitation to treat’ and any acceptance of the advertised terms will not be considered a binding contract, which requires the written execution of an engagement letter with Haven Risk & Advisory Services, LLC. This engagement letter includes additional restrictions and limitations regarding the advertised service and must be executed before the commencement of these services. The terms stated above, as well as through any mailings, brochures, or electronic advertisements, may be amended, or this advertisement may be revoked or cancelled, at any time by Haven Risk & Advisory Services, LLC, with or without notice. As advertised above, the stated service fee will cover the performance of off-site review services based on the scoping limits described on this site. This testing will be conducted using automated tools of our choice and we will rely upon information provided to us by the client in the performance of this test. At the conclusion of our testing, we will issue a report to the client in electronic format via secure e-mail or our secure website. The terms advertised above are only available to formally organized business or non-profit entities located in the United States of America. Entities located outside the United States should contact us for further information regarding these services.

Proactively take Control of your Organization's
IT Security and Risk Management

Establish a strategic plan to shield against potential risks

Get Started
Let's Talk
  • 1 (888) 484-7945 (US & Canada)
  • 1 (415) 418-2185 (International)
  • Get in Touch
  1. Services
  2. Exploitative External Penetration Test
  3. Essential External Threat Evaluation
  4. External Vulnerability Assessment
  5. Public Cloud Best Practices Review
  6. Phishing Assessment
  7. Enterprise Security Assessment
  8. Internal Vulnerability Assessment
  9. Automated Dynamic Application Security
  10. FTC Safeguards Rule Compliance
  1. Solutions
  2. Automotive
  3. Construction
  4. Retail
  5. Manufacturing
  6. Online Shopping
  7. Healthcare
  8. Travel
  9. Technology
  1. More Solutions
  2. Hospitality
  3. Insurance
  4. Transportation
  5. Legal
  6. Apps & Software
  7. Real Estate
  8. Human Resources
  9. Public Services
  1. About
  2. About Us
  3. Customer Experience
  4. Partnerships
  5. Contact Us
Services
  1. Exploitative External Penetration Test
  2. Essential External Threat Evaluation
  3. External Vulnerability Assessment
  4. Public Cloud Best Practices Review
  5. Phishing Assessment
  6. Enterprise Security Assessment
  7. Internal Vulnerability Assessment
  8. Automated Dynamic Application Security
  9. FTC Safeguards Rule Compliance
Solutions
  1. Automotive
  2. Construction
  3. Retail
  4. Manufacturing
  5. Online Shopping
  6. Healthcare
  7. Travel
  8. Technology
  9. Hospitality
  10. Insurance
  11. Transportation
  12. Legal
  13. Apps & Software
  14. Real Estate
  15. Human Resources
  16. Public Services
About
  1. About Us
  2. Customer Experience
  3. Partnerships
  4. Contact Us

© Haven Risk & Advisory Services, LLC  |  Privacy Policy  |  Terms of Service  |

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.