Cloud Security Assessments

Cloud Security Assessments

Analyzing the security of your cloud environments.

What are cloud security assessments?

A cloud security assessment is aimed at identifying exploitable weaknesses in cloud environments. Our cloud penetration testing services can assess configuration, permissions models as well as hybrid and multi-cloud environments to determine which avenues of attack are plausible within your estate. 

Context offers the following cloud vulnerability assessment services: 

  • Baseline account configuration review 
    These configuration reviews can be done in AWS, Azure, and Google Cloud Platform and assess the configuration of a cloud account itself, its access permissions, and any resources deployed within the account. What resources are users able to access? How could resources be misconfigured? And how might a potential attacker leverage these misconfigurations? 
  • Assumed compromise breakout assessment 
    These breakout assessments involve starting from an assumed compromise position on a compute instance and assessing what the blast radius is, and what an attacker can achieve from that position. Can other instances be accessed? Or worse, can they achieve privilege escalation within the account and gain full control of the cloud account? 
  • Egress assessment – breaking out
    For private hybrid cloud environments, where a public cloud provider is not being used for any public-facing services but purely as an extension of an on-premise environment, we can offer an extensive egress assessment. This serves to determine if any services have not been locked down sufficiently and therefore allow data to flow out from the VPC to the Internet, or worse, out from an on-premise instance, through the VPC and out to the Internet. 
  • Bespoke scenario assessment 
    This can be tailored specifically to your estate, assessing the extent at which specific scenarios can or cannot be achieved by each threat actor in your threat model.

These are in addition to our usual service offerings which can all also be performed inside cloud environments (e.g. web application assessments, build reviews, internal and external infrastructure assessments and others). 

Context’s cloud security testing allows you to:

  • Verify that your baseline account configurations are set up securely
  • Review hybrid and multi-cloud environments for vulnerabilities
  • Examine a broad variety of threat scenarios to determine the risk of your cloud environment being abused or compromised

Download our cloud security testing services brochure for more information:

DOWNLOAD BROCHURE

Book a consultation

Get in touch to learn more about our cloud security assessments or book a consultation.

Book a Meeting

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor