Cloud security assessment
The cloud - whether IaaS, PaaS or SaaS - can be secure if it is properly planned and configured. We help you ensure that!
Cloud security assessment
What is the security level of your Microsoft 365, Azure or AWS Cloud?
A cloud security assessment is a structured and in-depth review of your cloud design and configuration, supplemented by various technical tests in specific scenarios.
In interviews with the responsible persons, we learn about the desired level of protection and the intended measures for it and review this design for its viability. Alternatively, our experts independently review your cloud security settings and supplement this technical review with selected penetration test scenarios.
As a result, you receive a detailed test report that describes and evaluates all identified risks, provides meaningful recommendations and summarizes them in a management summary.
Why cloud assessments with HvS?
Cloud assessment characteristics
When reviewing M365 or other "Software as a Service" (SaaS) solutions, we focus on the features selected and configured for use - in other words, what you as the customer have in your hands. We can either review the settings together with your administrators and transfer know-how in the process, or we can check them independently and carry out technical tests.
Preparation
- Coordination of the scope and the depth of testing
- Kick-off meeting
Execution
- Interviews with admins and / or
- Review of security configuration and manual tests
Evaluation
- Preparation of a detailed report
- Best practice workshop (optional)
In terms of methodology, we follow proven guidelines wherever it makes sense to do so:
In terms of content, we are mainly guided by established standards:
- Hardening guides of the manufacturers or suppliers
- CIS Benchmarks (Review of configuration)
- IT-Grundschutz (Review of configuration)
- ISO/IEC 27001:2013 (for technical audits)
In addition, we draw on our HvS vulnerability database, which is regularly fed with new attack vectors and test cases through our incident response and threat intelligence activities.
Based on how you deploy IaaS/PaaS cloud services in your organization, these and other questions usually arise:
- Are the publicly accessible services properly secured, or is there perhaps even too much accessible from the Internet?
- What protective measures have been implemented for applications or infrastructure in the cloud - also compared to on-premises?
- Could attackers penetrate your on-premises network via the cloud?
Preparation
- Coordination of the scope and the depth of testing
- Kick-off meeting
Execution
- Security configuration review
- Automatic scans for vulnerabilities
- Manual analyses and hacking
- On demand also interviews with administrators
Evaluation
- Preparation of a detailed report
In terms of methodology, we follow proven guidelines wherever it makes sense to do so:
In terms of content, we are mainly guided by established standards:
- Hardening guides of the manufacturers or suppliers
- CIS Benchmarks (Review of configuration)
- IT-Grundschutz (Review of configuration)
- ISO/IEC 27001:2013 (for technical audits)
In addition, we draw on our HvS vulnerability database, which is regularly fed with new attack vectors and test cases through our incident response and threat intelligence activities.
