Cloud security assessment

The cloud - whether IaaS, PaaS or SaaS - can be secure if it is properly planned and configured. We help you ensure that!

Cloud Security Assessment
This video will be loaded from YouTube while playing. By clicking here you accept the data protection declaration of HVS Consulting / IS-FOX and YouTube.

Cloud security assessment

What is the security level of your Microsoft 365, Azure or AWS Cloud?

A cloud security assessment is a structured and in-depth review of your cloud design and configuration, supplemented by various technical tests in specific scenarios.

In interviews with the responsible persons, we learn about the desired level of protection and the intended measures for it and review this design for its viability. Alternatively, our experts independently review your cloud security settings and supplement this technical review with selected penetration test scenarios.

As a result, you receive a detailed test report that describes and evaluates all identified risks, provides meaningful recommendations and summarizes them in a management summary.

Cloud Security Assessment

Why cloud assessments with HvS?

Our assessment approach is applicable to all cloud solutions: "Software as a Service" (SaaS), "Platform as a Service" (PaaS) or "Infrastructure as a Service" (IaaS) solutions, for Microsoft Azure, Amazon Web Services or the Google Cloud. And we have the right skills thanks to our portfolio:
Pentester
Pentester
We are proficient in various types of penetration testing and know most components from cloud environments. So we know what and how to test.
Incident Responder
Incident responder
From our numerous incident response engagements, we repeatedly experience first-hand what often goes wrong and where the greatest cloud risks are located.
Auditoren
Auditors
Large parts of a cloud assessment do not need to be tested, only reviewed. This reduces problems if your provider does not allow active testing. And it saves money.

Cloud assessment characteristics

Approach

When reviewing M365 or other "Software as a Service" (SaaS) solutions, we focus on the features selected and configured for use - in other words, what you as the customer have in your hands. We can either review the settings together with your administrators and transfer know-how in the process, or we can check them independently and carry out technical tests.

Preparation

  • Coordination of the scope and the depth of testing
  • Kick-off meeting

Execution

  • Interviews with admins and / or
  • Review of security configuration and manual tests

Evaluation

  • Preparation of a detailed report
  • Best practice workshop (optional)
Methods and standards used

In terms of methodology, we follow proven guidelines wherever it makes sense to do so:

In terms of content, we are mainly guided by established standards:

In addition, we draw on our HvS vulnerability database, which is regularly fed with new attack vectors and test cases through our incident response and threat intelligence activities.

Approach

Based on how you deploy IaaS/PaaS cloud services in your organization, these and other questions usually arise:

  • Are the publicly accessible services properly secured, or is there perhaps even too much accessible from the Internet?
  • What protective measures have been implemented for applications or infrastructure in the cloud - also compared to on-premises?
  • Could attackers penetrate your on-premises network via the cloud?

Preparation

  • Coordination of the scope and the depth of testing
  • Kick-off meeting

Execution

  • Security configuration review
  • Automatic scans for vulnerabilities
  • Manual analyses and hacking
  • On demand also interviews with administrators

Evaluation

  • Preparation of a detailed report
Methods and standards used

In terms of methodology, we follow proven guidelines wherever it makes sense to do so:

In terms of content, we are mainly guided by established standards:

In addition, we draw on our HvS vulnerability database, which is regularly fed with new attack vectors and test cases through our incident response and threat intelligence activities.

Cloud can also be secure! Want to learn how?

Let's get to know each other in a web meeting and talk about your objectives and current status.
Yes I'm interested