Cloud Security Assessment
Today’s technology is rapidly adopting cloud technology to assist organisations in moving to a cloud-based or hybrid infrastructure to provide flexible, redundant and cost-effective computing on an enterprise level.
The main issues associated with this technology is its inherent availability and default configuration, which is often exploited by attackers as they can easily access and attack these services with little risk of identification. A compromised account could prove fatal for most organisations as attackers could access resources located in the cloud, and internal resources in hybrid environments.
Our Cloud Security Assessment audits your AWS, Azure and Microsoft 365 instances to identify misconfigurations, lack of best practices and secure configurations from a ‘Blue Team’ perspective, allowing you to remediate the vulnerabilities before they are exploited.
This testing is performed remotely from our office and data centre locations using credentials to your AWS, Azure and M365 Portals.
Our Cloud Security Assessment Methodology
Cloud infrastructures vary in size, complexity, technologies and in approaches to configuration, so our exact technical approach to each infrastructure may be very different. However, there are certain fundamental areas that are examined, which are as follows:
Open-Source Intelligence (OSINT)
The Cloud Security Assessment has a strong focus on publicly available information that could be leveraged in targeted attacks. Information such as links to cloud resources, document metadata, email addresses and leaked credentials are all gathered to identify common and applicable attacks from unauthenticated attackers.
AWS/Azure Configuration Review
The configurations of AWS/Azure environments and all encased services are systematically investigated to establish a secure baseline that conforms with best practices. This assessment will cover all entities based in your environment to highlight misconfigurations and bad practices and establish a secure environment which is resilient to modern cyber-attacks.
We understand that there are requirements and external factors that need to be satisfied – the consultant will take these into consideration when completing the post assessment report.
Microsoft 365 Configuration Review
Microsoft 365 and all connected apps, both first and third-party are reviewed to identify various issues. This can include (but is not limited to) application misconfigurations, weak security configurations and ‘low-hanging fruit’ issues that could be utilised by an attacker to escalate their access or access sensitive information.
What are the Risks?
Due to the rapid adoption of cloud services, many companies end up facing cyber risks both new and old that can lead to the compromise of customer-owned cloud platforms and on-premise infrastructures with hybrid cloud setups. All of which can have devastating consequences for any organisation.
How can our Cloud Security Assessment Help?
Our specialist consultants will identify vulnerabilities with practical exploitation of a compromised account. This test will give insight into your faulty configurations, controls and poor password usage. We can perform the test on multiple accounts to cover all access levels.