Cloud-Focused Red Teaming
In my Red-Teaming Engagement article, I’ve mentioned about its methodology and difference between Red Team and Penetration Testing. In this article, I’ll be focusing only on the Cloud side of Red Teaming Engagement.
Shared Responsibilities for Overall Cloud Security
The below chart shows a high-level view of Shared Responsibilities between Cloud Provider and Customer for the overall cloud security. As sometimes it gets trickier to understand what you can or cannot perform during a pentest or red teaming exercise.
Cloud Companie’s Red Teaming
A cloud provider company covers the following areas for their own red teaming exercise. These are:
- On their Tenants, Applications and Data.
- On their infrastructure and platforms.
- Software as a System (SaaS).
Cloud Providers never targets the user-operated services during their Red Teaming Engagement.
