Cloud Service Reconnaissance

by Frank Siemons
Oct. 7, 2017 0 comments INFOSEC Institute Pen Testing & Audits

These days many organizations have migrated at least some of their IT services to a cloud environment. Cloud adaptation could be as basic as the use of Microsoft Office 365 on some workstations, or it could be much more comprehensive, such as the use of a fully integrated Azure or Amazon AWS infrastructure. One of the main reasons for cloud migration is the redundancy and the reliability of the platform. What this means is that organizations quite often have a lot of their most important information and systems stored in the cloud, such as e-mail and database servers. With this increased importance comes an increased level of risk as well, which needs to be taken into account when allocating resources to security tasks. Regular penetration testing and vulnerability scanning have been a critical part of a comprehensive security policy for decades now, and with the shift of critical data and systems towards the cloud, the focus of these services will also need to change.