Shiny. Let’s Be Bad Guys.

One of the most difficult challenges for security professionals when it comes to moving to a cloud environment centres around the increased complexity of domain ownership as it relates to penetration testing. The key reason for this is that in a private cloud environment, meaning the entire infrastructure is physically located in domains where the organization has full control over every aspect, security teams generally maintain control of the infrastructure from a policy standpoint, and can perform various security processes without requiring the intervention of outside resources. Once the infrastructure is moved off-site to a hosted model such as IaaS, PaaS or SaaS, suddenly the provider becomes an extension of your IT team and part of the security equation. This is just the beginning of the effect cloud has on vulnerability and penetration testing. Continue reading