The rise of computing in the cloud simplified some problems, but it also introduced new attack paths in configurations, policies and credentials associated with the accounts linked to the cloud provider. This technology also provides new security mechanisms based on access areas and levels, both in instances and in accounts that are different from the classic infrastructures.
Our professionals analyze every instance in order to avoid the existence of embedded credentials (commonly generated by the provider’s automatic procedures) and to evaluate the access policies in each one of them. Additionally, we directly audit the cloud provider's administration accounts to find configuration weaknesses.
As a final result, we deliver a report containing every problem found during the process with their respective solutions, together with suggestions that help to strengthen the system and its containment against attacks.