Cloud security assessments

The cloud computing paradigm changes the way that you interact with and secure your infrastructure. These complex environments also offer your adversaries new attack vectors, and new ways to infiltrate your organisation. By preemptively assessing your cloud deployments and applications, you can stay in control of these risks and protect your data.

Why should I review my cloud?

Faults in the development, configuration, architecture, and operations of a cloud environment can lead to security vulnerabilities. Modern threat actors take advantage of these errors to compromise cloud-based environments, gaining them a foothold in your organisation and potential access to your sensitive data. Regular security testing and configuration control can help you identify these issues before your adversaries get a chance to use them.

What exactly is cloud?

Cloud can be interpreted in many different ways. To some, it means the services and infrastructure they host in public cloud providers such as Azure, Amazon Web Services of Google Cloud Platform. To others, their cloud deployment is defined by hybrid identity through Azure AD, and their usage of SaaS applications such as Office 365, Dropbox and Salesforce. Regardless of what cloud means to you, if it’s processing your data, it’s worth assessing the security of the solution.

Do public cloud providers allow us to test our cloud?

Most large modern cloud providers allow you to conduct penetration tests against the infrastructure you deploy in their cloud environment without prior notice. However, testing should be conducted against the infrastructure that you own, and not the infrastructure managed by the cloud provider. We can help you work out these details prior to an assessment.

What can/should I test?

Your cloud deployment has its own unique risks, so there is no one-size fits all approach to testing. Whereas one organisation may benefit from a configuration review against best practices, others may need a traditional web application penetration test custom-fit to address cloud-based issues, or even scenario-based exercises where our consultants imitate your adversary. Our approach is to work together to identify your priorities and goals, and deliver tests adopted to your unique needs, ambition and risk profile.

Example activities we can perform:

  • Scenario-based Penetration Testing
  • Configuration reviews
  • Cloud application penetration testing
  • Microservice penetration testing
  • Architectural reviews
  • Networking reviews 
  • IAM reviews
  • Risk assessment of cloud services
  • Security maturity assessment for cloud 
  • Security and privacy management in cloud projects

Are you looking to perform 24x7 threat detection and response in your cloud environments? Read more about how mnemonic’s Managed Detection and Response services can help.

Do you need cloud-oriented security solutions? Explore our security products and solution providers.

Contact me

Leder Risk Services

Andreas Furuseth