Cloud Security Experts
AWS, Azure, GCP, OCP Cloud Security Reviews
The growth of cloud services has led to new categories of security vulnerabilities that are not necessarily picked up by traditional testing methodologies. Providers like AWS, GCP, Oracle and Azure use a shared security responsibility model where the security “of” the cloud is the providers responsibility but security “in” the cloud is the customer’s responsibility. Cloud providers are extremely secure if used correctly and are compliant to more security standards that most traditional data centres. However, it is not uncommon for a cloud customer to expose themselves unnecessarily via misconfigurations or not setting key security controls.
Red Cursors Cloud Security Reviews are designed to identify missing security controls, dangerously configured items, and dangerous management procedures. We have expertise in securing the following technologies:
- Amazon AWS
- Microsoft Azure
- Google Cloud Platform
- Oracle Clous Platform
Because most cloud breaches are caused by human error and dangerous changes going unnoticed, it is extremely important to ensure that the cloud environment is hardened and that the correct alerting and monitoring controls are in place. If the right controls are in place these accidents are not possible.
For this reason, Red Cursor uses the Centre for Internet Security (CIS) hardening benchmarks as the hardening standard. These are peer reviewed security whitepapers and are considered the industry standard for hardening best practices for cloud environments.
To perform this testing Red Cursor requires access to the cloud admin console. The final report provides instructions on how to apply any missing security controls.
Microsoft 365 Security Reviews
Email and backend office providers like Microsoft use a shared security responsibility model where the security “of” the cloud is Microsoft’s responsibility but security “in” the cloud is the customer’s responsibility. Microsoft Azure and Office 365 are extremely secure if used correctly and are compliant to more security standards than most traditional data centres. However, it is not uncommon for an Office 365 customer to expose themselves unnecessarily via misconfigurations or by not setting key security controls.
Common security issues that most companies fail are:
- Not disabling legacy authentication which can be used to bypass MFA
- Allowing uses to create app passwords which can be used to bypass MFA
- Allowing users to install non signed plugins and applications that can be used as a backdoor into companies
- Allowing guests to share company documents
- Having MFA enabled but not enforced
The above issues are common areas of mistakes made by Office 365 customers. It is in no way an exhaustive list. The full audit covers every possible security control to protect the organisation. To perform this testing Red Cursor requires access to the admin console to validate configuration settings. The final report provides instructions on how to apply any missing security controls.