What is it about?
Cloud computing, i.e. moving or creating applications or entire portions of your information system in remote environments provided by external providers, has many advantages; it’s flexibility, scalability and economy of scale, but it also requires due care.
A cyber attack can take place from outside or inside the cloud; the threat can come from outsiders or insiders (employees or “infidel” consultants placed in the provider’s structure), as well as from roommates of the cloud itself (“tenant threat”).
This applies regardless of the type of structure such as Software as a service (SaaS), Platform as a service (PaaS) or Infrastructure as a service (IaaS).
CryptoNet Labs carries out its comprehensive Vulnerability Assessment and Penetration package dedicated texts on all components of the cloud structure: front-end, REST services, ancillary services, network and management network, analysis of specific instances and templates up to the revision of the configurations of the individual tenants.
The tests, which are always planned according to real needs, can be modulated on:
- origin of the attacks (emulating outsiders, insiders, “tenants” suspects);
- information or resources made available, on a “black-box” basis (i.e. without previous knowledge), gray-box (with partial information, e.g. tenant credentials), white-box (with prior knowledge of implementation details, architectural schemes or other).
Who can benefit from it
Any company or organisation using public cloud platform and infrastructure providers, and related services (based on OpenStack, Azure, Google Cloud or AWS) to control associated risks and follow industry best practices (e.g., Cloud Security Alliance).