Cloud Security Reviews
Validating the security architecture and implementation of your cloud environment.
Why perform a cloud security review?
Security misconfigurations continue to be a root cause for many infrastructure security weaknesses. These misconfigurations exist as a by-product of not validating the security of IT migrations and adherence to security processes.
Wilbourne has experience exploiting cloud misconfigurations in hybrid and cloud-only environments to achieve a full compromise of all devices and data belonging to those organisations.
What does a cloud security review involve?
A focused review on identifying misconfigurations within your cloud environment. This review is tailored based on the cloud resources and services your organisation leverages.
​​
Wilbourne's reviews are predicated by a deep understanding of the unique facets of your cloud architecture. This empowers our cloud security consultants with context of your cloud deployment. Our consultants will leverage this context to direct our review and help identify niche misconfigurations which would otherwise go unnoticed.
Our approach to cloud security reviews
Wilbourne disagrees with the dated approach of delivering cloud reviews focused on automated benchmark scanning.
Our approach favours an initial manual review of critical cloud resources in the context of the overall threat profile of your cloud deployment. This is then augmented with automated scans to support the goal of identifying misconfigurations which present a realistic attack vector to breach your defences.
Step 1
​Understanding your cloud service provider and architecture.
​
The majority of our reviews are conducted against GCP, AWS or Azure. We also have experience with IBM Cloud, Alibaba and Salesforce Cloud.
​
Based on your service provider we will apply our relevant in-house methodology.
Step 2
Begin the technical review of your cloud environment, and build attack chains based on security vulnerabilities identified.
​​
Present the interim attack chains to you during a mid-engagement status update, and collaborate with you to define the remaining direction of the review.
Step 3
Based on the input you have provided, we will then continue the review.
This may involve reviewing a particular service in further depth or to expand on an existing attack vector to demonstrate the impact further.