Cloud
Security

Orenda Security assessment services simulate real world attempts to breach your networks, applications and cloud environments.

Cloud is disrupting most industries in a rapid fashion and is becoming the back end for all other forms of computing, such as mobile, Internet of Things and future technologies not yet conceived. As governments, businesses and consumers move to adopt cloud computing, the stakes could not be higher to gain assurance that cloud is a safe, secure, transparent, and a trusted platform. It is more important than ever to identify and address security risks of cloud adoption. We can assist with security assessments and testing to provide the risk assurance you need.

Cloud applications & infrastructure

The security assessment  covers cloud infrastructure, applications and corporate network integration. Our services takes into consideration the specifics of your cloud infrastructure as IaaS (Infrastructure as a Service), PaaS (Platform as a Service) or SaaS (Software as a Service).

Orenda Security has extensive experience testing cloud deployments. We can assess the effectiveness of your security controls and determine if they are properly implemented. We will help your team understand how difficult or easy it would be for an attacker to penetrate your defenses and understand the potential impact. Our testing will also ensure you are meeting compliance and regulatory requirements.

We will determine the specific steps you should take to securely move any business process to the cloud, Identify the security controls that are available, and define how they should be deployed to mitigate risk and establish control criteria for cloud providers and different classes of information.


Assessment and testing services:

Penetration testing

Penetration testing of cloud infrastructure requires additional communication and coordination efforts between Penetration Tester, Tenant and Cloud Provider. It is important whether the target system is running within an IaaS (Infrastructure as a Service), PaaS (Platform as a Service) or SaaS (Software as a Service) configuration to ensure the appropriate testing is performed. IaaS will allow for much more intrusive and broad testing than SaaS, because of the difference in the level of responsibilities and possibly the risk to multi-tenant shared systems. Our experience with cloud providers will help to ensure the testing is properly scoped and we assist with identifying the boundaries and approvals required to execute the testing.

Web application testing

Testing cloud based applications pose similar challenges as traditional web applications but with the added complexity of tenant and cloud provider restrictions and multi-tenant operational risks of SaaS and PaaS environments. Prior to scheduling testing, we analyze any available documentation that helps us understand the architecture and process flows of the cloud based application. Understanding the use of web services and APIs and other services help to identify potential threats and vulnerabilities discovered during automated and manual testing.

Architecture review

Assessing the proposed IaaS, PaaS or IaaS security architecture of your cloud services delivery model is essential not only to the protection of your critical information assets but also for added security assurance to your clients. We partner with you to analyze the risks the cloud architecture poses to your critical information assets. The architecture can have significant implications to your compliance with PCI DSS, security and privacy standards, regulatory and client requirements. Our review will ensure your cloud implementation aligns to the   

Configuration review

The hardened configuration of your cloud infrastructure, applications and effectiveness of security controls in place will be the determining factor in risk mitigation. We evaluate the configuration of your cloud environment and test the effectiveness of security controls in place. Recommendations will be made on mitigating configuration weaknesses identified and guidance on achieving a desired security state.

Testimonials

''Orenda has been a reliable partner for AMA and has helped us in our journey to develop and deliver secure applications to all of our AMA members. I recommend Orenda Security to other AAA and CAA clubs on the basis of a strong working relationship with AMA and an excellent track record of delivering technical expertise and high-quality assessments.”

 

Collin Moody
Chief Information Officer
Alberta Motor Association

Finding a reliable partner with a high degree of technical expertise is hard to find! Orenda Security was exactly what we were looking for. They help us improve the security posture of our product and application. I recommend Orenda Security to any security leader seeking reliable and robust security penetration testing services.

Kartik Agarwal
Chief Technology Officer
Concert Cloud Inc