In this blog post, we’ll debunk two common myths about cloud environments and their relation to information security, explain the process of a cloud security review, and discuss its importance in SOC2, ISO 27001 or any other security transition and certification process. For more information visit our website.
To know more click here: www.komodosec.com
For further details please contact: ISR: +972 9 955 5565, USA: +1 917 5085546, UK: +44 20 37694351
What Is A Cloud Security Review And Why Do I Need It?
The cloud can be a wild place. With dozens of acronyms, hundreds of products and
even more rule sets, it is difficult enough to set up a simple working environment, let
alone a secure one. Practically, the ease of deploying cloud services means it is also
very easy to make mistakes — even too easy.
Most startups and SaaS vendors operate in the cloud for obvious reasons. While many
of our clients reach out to us to perform black box penetration tests for their platforms,
they don’t put much attention in their entire cloud environment; rather, they only focus
on the customer-facing “public” portion of it, usually a web-based dashboard or some
REST API exposed to their customers, which is only the tip of the iceberg.
Recent security breaches show that most of the leading reasons for these breaches
are misconfigurations in the cloud security settings, as seen in the Capital One breach
and Imperva breach.
In this blog post, we’ll debunk two common myths about cloud environments and their
relation to information security, explain the process of a cloud security review, and
discuss its importance in SOC2, ISO 27001 or any other security transition and
Myth No. 1: The cloud is inherently more secure than
Although cloud infrastructure is great for rapid development because it supports
DevOps pipelines and scalability, transitioning to the cloud also has its security
drawbacks. In cloud environments, each server (or service) uses an identity that
allows it to perform actions or interact with different services. From our experience, the
biggest pitfall in cloud security is the improper management of permissions for the
In addition, moving to the cloud makes you lose the concept of an “internal network”
and traditional network-based boundaries. For example, an attacker who manages to
somehow “steal” the identity of a service can directly reach the API (exposed to the
internet by d