We at Migo-Group successfully audit both information systems based on monolithic and microservice architecture, as well as professionally audit IT business processes. Our approach to auditing information systems depends on the customer’s goals and may differ depending on the architecture.

For monolithic systems we focus on the following aspects:

1. System stability assessment – analyzing performance and fault tolerance.
2. Data integrity and security testing – investigating data storage methods and data protection.
3. Scalability and flexibility analysis – assessing the system’s ability to change and scale rapidly.

For microservices, we pay special attention to the interaction and independence of components:

1. Analyzing interactions between services – investigating the data exchange between services and the protocols used.
2. Evaluation of container management tools and orchestration systems – checking the configuration of Kubernetes, Docker, and similar systems.
3. Security assessment of individual microservices – checking for vulnerabilities and ensuring compliance with security requirements.

 

IT business process audit

Our comprehensive business process audit methodology covers all stages of the production cycle, from planning and development to launch and monitoring. We aim to identify problems and form detailed recommendations for process optimization.

We strongly recommend our customers to implement DevOps and DevSecOps practices to improve production processes. This helps to speed up product release and improve product quality, as well as ensure safety at all stages of development.

 

Audit of IT regulations.

Our company also provides the service of IT-regulations audit. This service is aimed at in-depth assessment of current documentation, identifying inconsistencies and proposing recommendations for their elimination.

 

Our methodological and instrumental approaches:

We evaluate approaches of DevSecOps practice formation for compliance with the main recommendations of global security expert centers such as CyBOK and OWASP SAMM, as well as domestic recommendations from FSTEC Russia.

 

In today’s world, companies often face challenges in implementing common open source tools such as Kubernetes, Istio, ELK and others. The main obstacles include lack of expertise, experience and implementation methodology, which can lead to inefficient operation or even problems. Our company has in-depth knowledge and experience in auditing software and toolkit implementations to avoid these challenges and ensure your IT landscape is running efficiently.

 

We offer services to audit implementations of the following tools and software:

• Kubernetes
• Istio
• ELK
• SonarQube
• Nexus
• Prometheus + Grafana
• Ansible / AWX
• Keycloak
• Sentry / Jaeger
• Vault
• Trivy and similar scanners
• DefectDojo or similar software
• Zed Attack Proxy (ZAP)
• Audit of backup verification systems
• GitLab

 

Following the audit, we provide:

• Reasoned audit passport and further work plan based on the audit results.
• Recommendations on defining the range of problems to be solved and business value of DevOps/DevSecOps practices implementation, if they are absent.
• Identification of technological and organizational needs at each stage of the production cycle.
• Tool stack to realize tasks within the formed needs.
• Tooling implementation and deployment plan.
• Proposal for qualification of DevOps/DevSecOps engineering team, if the customer has such a team. In its absence, we are ready to offer our qualified resources.
• Definition of a pilot project to test the process.
• Optimized and extended pipeline of building, testing and delivery of software solutions (GitLab CI/CD).

 

We apply a comprehensive and thoroughly developed approach to auditing information systems and business processes, which enables our clients to effectively utilize the latest technologies and methodologies. This allows us to optimize operations, improve the performance and reliability of IT infrastructure, and ensure sustainable business development in a rapidly changing technological landscape.