protecting your cloud-based services

Migrating business functions and hosting requirements to the cloud is extremely popular, with more and more organisations taking advantage of the cost benefits, convenience, accessibility and flexibility it provides.

Despite widespread adoption, many organisations fail to appropriately lock down or secure their cloud instances, leading to sensitive data being available to internet-based attackers. 

Whether it’s Office 365, AWS, Azure or Google Cloud, our cloud assessments are designed to evaluate the security of your services, providing you with the assurances you require.

How is our testing delivered?

Testing is delivered remotely by our expert consultants and we will require the relevant access credentials in order to perform a full configuration review of the cloud service. This review allows us to confirm appropriate security controls are in place and check that your cloud services are as secure as possible.

What we review during cloud testing

Our cloud testing is tailored to your requirements and our consultants will perform a wide range of checks to ensure you are protected. The following provides an example of the checks we may perform, note this is not an exhaustive list and many of the checks will depend on the specific service under review:

Multi-factor authentication on administrative users and other high-privileged user roles

Anti-automation techniques are implemented, such as account lockouts

Appropriate logging is in place to allow auditing of suspicious behaviour

Appropriate warnings are sent when suspicious behaviour occurs, such as failed login attempts

Data loss prevention systems are configured to identify when sensitive data is being transferred

Secure access controls on any sensitive data held on the cloud services

Our approach to cloud testing

Every cloud test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages:

1. Scoping

We work closely with you and your team to define your exact requirements, to understand your desired goals and to gain comprehensive knowledge of the cloud service under review.

2. Proposal & prerequisites

A bespoke proposal of work will be drawn up based on your requirements, our experience and our consultant’s expertise. This proposal will outline our recommended test approach and provide details of the number of days we feel are needed to investigate the target environment thoroughly.

We will work with you to ensure this proposal meets your exact requirements and once authorised; we will outline any necessary prerequisites that are needed to ensure testing starts on time.

3. Testing

Testing will commence on the agreed date and our consultants will communicate with you throughout the test, to your set requirements.

All our testing is conducted manually, and our consultants will look to identify as many issues as possible in the time allotted, verifying whether these could be exploited.

4. Reporting

A comprehensive, quality assured report of our findings will be delivered within 5 days of the test finishing. Our reports can be tailored to your needs, providing both a technical and managerial overview of findings, as well as our detailed remediation advice.

5. Post-test support

Our job doesn’t finish on the delivery of the report, your test consultant will be available after the test to explain any aspect of the report, as well as provide remediation support to internal teams and/or external suppliers.

6. Retest

You have the option to retest, ensuring reported vulnerabilities have been addressed.

7. Evidence of testing

Many of our clients need to supply evidence of testing for security assurance purposes. We can supply documentation which will provide these assurances to internal and/or external stakeholders.

Why choose us

We act as a trusted adviser, not just a test provider. So, whether it’s your first test or you’ve conducted hundreds, our team are dedicated to making the process as seamless as possible, to pass on their wealth of expertise and to provide you with the information security support you need.

Penetration test experts since 2001

Dedicated account management

Comprehensive, quality assured reporting

Unrivalled post-test support

Optional retest of issues

Contact us

Want to find out more about our cloud testing services? Our team are on hand to provide you with the information and support you need. Please fill out the form below and one of our team will be in touch shortly.

Our latest research

Our Labs page is the place to discover our latest research, advisories, tool releases and challenges.

Looking to improve your security? Our insights are a great place to start.