Cloud Configuration Security Review

Who is it for?

Many organisations these days have at least some workloads hosted within the cloud. Whether it’s a simple “lift-and-shift ” of moving onsite assets to the cloud, or something more ‘cloud native’, it’s important to make sure that these systems are secure.

We offer security testing appropriate for all levels of complexity, from simple security reviews of cloud hosted virtual machines, to deep-dive assessments of cloud-native applications.

How can we help?

If you’re hosting an application in the cloud and are concerned about application vulnerabilities within the system, then we can perform a traditional application penetration test.

However, if your concern is with how the hosting environment itself is set up then the most efficient way to determine if a cloud setup is secure, is to review the configuration panel itself.

This is an open book approach to security testing that ensures that available security options are configured, that systems are locked down, and that accounts with access are appropriately protected.

What we test

The specifics of the testing depend entirely on the deployment and features in use on the target cloud platform, however some commonly assessed areas include:

• Identity and Access Management – Ensuring account utilise multifactor authentication and adhere to the principle of least privilege.
• Storage – Ensuring that permissions to storage such as AWS S3 Buckets and Azure Storage are locked down and that keys are protected.
• Network and Instance Security – Ensuring that the cloud platform adequately filters traffic and segments services.
• Transit Security – Ensuring that data in transit between systems is encrypted and the configuration is hardened.
• Logging and Monitoring – Ensuring that any actions taken within the cloud platform, and that may impact the systems security, are appropriately logged and that significant issues are highlighted to administrators for review.
• Remote Access – Ensuring that remote access to the cloud platform is hardened against internet-based attacks.
• Key Management – Ensuring that services such as Azure Key Vault and AWS Key Management are appropriately used and hardened, and that logging is enabled.

Want to know more about how a cloud configuration security review could benefit your organisation? Get in touch with one of our experts today for more information.