Cloud is the preferred solution for data storage, infrastructure and services on demand today. Most enterprises migrate to the Cloud following different models as alternatives; Public, Private or Hybrid and also service models of choice SaaS, IaaS or PaaS.
The vulnerabilities faced by the data stored on the Cloud or applications hosted there are self-explanatory, justifying the increasing importance of the Penetration Testing of Cloud based applications, services and infrastructure. With a increasing number of enterprises migrating to the Cloud, the chances of breaches, threats and vulnerabilities increase day by day. Enterprises face unique challenges in protecting their resources over the various models of the Cloud.
Cloud Applications Penetration testing comes with a unique challenge. The test strategy changes if the testing is to be done for the Cloud Service Provider versus the Tenant. Since a Cloud is essentially a multi-tenant model; when the Cloud testing needs to be done for a particular tenant, it should avoid putting others at unease and also be conducted within the legal limits.
A pervasive Cloud Pen test would be a combination of using internal as well as external Pen Tests.
An internal pen test accesses the servers and hosts in the Cloud, initiating a vulnerability test with the authenticated credentials. Once inside the perimeter, the Pen Tests stimulate what a hacker could. Security in the Cloud requires a well thought of strategy with continuous vigil and surveillance.