10 likes | 55 Views
Cloud computing has evolved into the preferred solution for many organizations to store corporate data and infrastructure.
E N D
Penetration Testing of Cloud Computing Environment Cloud computing has evolved into the preferred solution for many organizations to store corporate data and infrastructure. However, the on-demand nature of cloud computing increases the possibility of security breaches. Cloud providers deploy security controls to protect the cloud environments, but organizations need to deploy their own security measures to protect their data that is stored in the cloud. Many enterprises use shared cloud environment and have open communication channel between the cloud environment and their network. In such a scenario, a potential attacker can use the cloud as the entry point to your internal network and servers. By performing penetration testing (also known as “pen testing”) on the cloud environment will help organizations to determine the vulnerabilities and what risks they pose. However, pen testing on cloud is somewhat different from performing pen tests on internal networks and systems. Here are a few considerations that organizations need to evaluate before performing pen tests on their cloud environment. 1.Type of Cloud: Only Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) clouds allow pen testing. Software as a Service (SaaS) providers do not give permission to enterprises to pen test cloud applications and networks. 2.Coordinate with your Cloud Service Provider (CSP): The next step in the cloud pen testing process is to coordinate with your CSP. You can coordinate with your CSP via phone or online through their website to communicate that you want to perform pen test on your cloud-based resources. 3.Type of cloud pen tests: Check the contractual agreement between you and your CSP to learn the type of cloud pen tests your provider allows. For majority of cloud solution providers do not allow pen tests wherein one compromised system is used to attack another system due to liability issues. Another reason for not allowing such pen tests is that any attack that uses local system resources on the cloud may directly affect multiple customers’ system performance. Your cloud service provider is not solely responsible for the security of resources in the cloud environment. In fact, it is the obligation of organizations to ensure that their cloud data, infrastructure and other resources are as secure as their internal server and network. Penetration testing should be applied to your cloud computing environment in order to comply with your security policies. You should perform your own pen tests with your own IT team or by hiring a trusted third-party. You should perform authenticated pen tests by considering the above mentioned factors if you want to get more accurate test coverage of your cloud environment.