Testing for cloud security- What is the infrastructure focus of QA teams (Part 1/3)
One of the biggest barriers to cloud adoption is security concerns. Any enterprise that wants to migrate on to cloud based environments needs to ensure comprehensive cloud testing, encompassing infrastructure, software and the platform, in order to validate the security of the cloud, cloud related application and data. I believe that cloud adoption is a radical change for any enterprise to make and the move from physical to virtual accessibilities poses several challenges from a security standpoint. To start, let us take a look at what security testing would need to focus on at an infrastructure level, since this is the first step on the path towards successful cloud adoption.
Any enterprise subscribing to the cloud cannot completely depend on the cloud service provider's contract for the security of the cloud infrastructure, the QA teams would also be needed to validate the security of the cloud from the infrastructure layer itself. Once the desired computing power is allocated along with the software, QA teams need to scan cloud instances for existing security vulnerabilities, malware and threats. This would help detect security flaws such as unpatched operating systems at the infrastructure layer. Also, it's important to check if there are adequate security measures in place like user access control, privilege based access and security policies for governing the QA infrastructure itself. Lastly, the encryption of cloud instances need to be validated since there are security threats involved with recovering previously deleted data in case of unencrypted cloud instances.