Architectural audit

Audit architecture

A technical architecture audit to reinforce the security of your IT infrastructure

Contact us
Share :

Purpose of an architecture audit

professional-team-of-programmer-working-on-project-in-software-development-computer-in-it-company-office-writing-codes-and-data-code-website-and-coding-database-technologies-on-new-application_web

The aim of an architecture audit is to identify weaknesses or non-compliance with recommended security practices.
An architecture audit is based on a documentary analysis followed by interviews with the people in charge of the design, implementation, administration, supervision and maintenance of the target information system.

Additional analyses can be carried out on network configuration samples (e.g. switches, firewalls, etc.) to complete the audit.

Schéma décrivant le processus d'un audit d'architecture

Benefits expected from a technical architecture audit

The benefits of an architecture audit include :

  • Identification of potential risks within the audited perimeter;
  • An action plan including recommended remedies in the specific context of the target system;
  • Enhanced protection for your data;
  • Optimizing IT resources;
  • Verify the security of your architecture to prevent future incidents.

As Synetis is a PASSI-qualified company, the architecture audit can be carried out under this qualification as defined by ANSSI. This applies, for example, to the audit of a Restricted Diffusion network or a SecNumCloud qualification.

Architecture audit methodology

During an architecture audit, the following aspects in particular are checked (non-exhaustive list):

  • Perimeter defense ;
  • Defense in depth ;
  • Partitioning ;
  • Breaking protocol;
  • Flow management ;
  • MCO/MCS, backup and logging policies ;
  • Disaster recovery plan ;

The methodology used by Synetis is based on the various technical guides and recommendations issued by ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information). At every point in the infrastructure, Synetis auditors focus their attention on meeting the needs of Information Systems Security (ISS), i.e. : Availability, Integrity, Confidentiality and Traceability.

Any operational constraints and business needs in the application of these guides and the associated recommendations are taken into account by Synetis auditors.

Literature review

This part of the audit consists of comparing your documentation with the selected standards. The audit team uses the various mappings provided to analyze your security:

  • Mapping information system administration ;
  • Logical network mapping ;
  • Application mapping ;
  • Physical mapping of the network.

Interviews with teams

Carrying out an audit also requires discussions around the business context of the audited perimeter and questions to clarify the auditors’ and teams’ understanding of the documentation received.

Additional questions may also be asked on less technical aspects.

Some examples of architecture audit results

The following are some illustrative results from our IS architecture audit work:

  • Unsatisfactory partitioning (risk of lateral displacement) ;
  • Lack of separation between critical services ;
  • Little or no filtering of incoming and/or outgoing flows;
  • Lack of nomadic access control ;
  • No system hardening ;
  • No maintenance policy procedures ;
  • No centralization and/or supervision of logs.

An architecture audit is an essential investment for any company wishing to verify and improve the security of its infrastructure. By identifying and correcting vulnerabilities, you can considerably reduce the risk of incidents, while improving the performance of your IT department.

Contact our Synetis experts for more information about architecture audits to improve your cybersecurity!

Protection and monitoring of si

Our Audit experts
answer your questions

Contact us

These articles may be of interest to you: