Security Evaluation for Cloud Services

IAAS

For IaaS providers we aim to enable secure automation and allocation of processing resources, uptime and availability by toughening under-the-hood Data Loss Prevention mechanisms.

  • Trace issues that allow attackers to mount privilege escalation attacks and credentials abuse.
  • Harden VMMs and hypervisor environments against bypass of data confidentiality and exploitation of migration and replication features.
  • Optimize usage monitoring, tracking and orchestration.

IaaS

PAAS

PaaS

Platform as a Service must provide a reliable base of operations on the cloud that seeks to offer highly extensive uses and greater control. These capabilities pose the risk of unintended data leakage.

  • Prepare your PaaS layer to support secure development of SaaS applications.
  • Examine risks introduced by data and application integrations.
  • Optimize your PaaS solution to facilitate Secure Cloud Application Development.
  • Review Outage prevention planning and patch provisioning methods to ensure high service availability and data protection

SAAS

Cloud analytics applications present an easier opportunity to mount attacks that compromise service availability - reason why extortionist DDoSers find more success with them.

The security of SaaS APIs and applications are also impacted by the Infrastructure and Platform layers.

  • Minimize security issues in the internal development environment when the application enters the external cloud-based production platform.
  • Assess security implications of interdependencies to develop bespoke strategies for secure development.

SaaS
  • API interface insecurities
  • Virtualization Infrastructure Hardening
  • Management of shared resources and configuration flaws
  • Data integrity issues in multi-tenancy maturity models
  • Identity and access audit trails
  • Injection vulnerabilities in VM image repositories
  • Data Leakage Protection and Least Privilege Policy
  • Regression on rollback of VMs
  • VLANs, Isolation and Containerization
  • Administration flaws in Rights Management Services