In parallel with the release of our whitepaper “Cloud Computing – Assessing Cloud Node Security”, Context is pleased to announce the introduction of our new Cloud Security Assessment Service. As a result of the increasing popularity of Cloud computing, more and more Context clients have requested our support in helping to determine and improve the security posture of their Cloud-based systems.
Our new Cloud Security Assessment Service analyses the security of the client’s Cloud system from three different perspectives. Initially, we perform a security assessment of the Cloud system from an external, Internet-facing perspective. This involves the use of classic network infrastructure and application penetration testing methodologies. Due to the shared nature of the Cloud environment, we also assess system security from the perspective of a neighbouring, malicious node. This assessment includes network-based attacks and exploitation of shared resources in an attempt to gain access to the target system. Finally, Context conducts an audit of the security protection enforced on the node in order to prevent it from being compromised. This includes a node hardening assessment, a review of virtualisation security, an analysis of how the node is remotely administered and a review of the external and internal network infrastructure security related to the node.
As with all of Context’s technical security assurance services we provide a formal report at the conclusion of the assessment containing a high-level summary, detailed technical findings, technical impact and exploit difficulty ratings, along with detailed remedial recommendations and supporting materials.
Clients should note that Context’s ability to perform the Cloud Security Assessment Service in full depends upon the terms of the contract between your organisation and the Cloud provider.
Find out more about the Cloud Security Assessment Service here.