Cloud Security Consultancy
Our customers often deploy their whole infrastructure in Amazon’s cloud. As much as Amazon has taken care to protect their infrastructure and that of their customers, many, if not most of the security settings we audit in our assessments, are either left in their default state or are misconfigured.
IT departments are often under pressure to deploy things quickly and are understaffed and overworked. Mistakes are inevitable.
Every mistake made by someone in the IT department – be it a developer, system administrator, or external service provider can lead to a disastrous security breach, exposing customer information and leading to regulatory and compliance penalties.
Our cloud security consulting experts have years of experience in finding these mistakes and suggesting the best ways of fixing them without causing downtime or usability issues.
Our Methodology
All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
• Planning – Customer goals are gathered and rules of engagement obtained.
• Discovery – Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.
• Attack – Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
• Reporting – Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.