Testing Services provides a platform for QA professionals to discuss and gain insights in to the business value delivered by testing, the best practices and processes that drive it and the emergence of new technologies that will shape the future of this profession.

« What to expect from Test Automation of Oracle Applications? | Main | The Future of Testing in Financial Industry »

Testing for cloud security- What is the infrastructure focus of QA teams (Part 1/3)

One of the biggest barriers to cloud adoption is security concerns. Any enterprise that wants to migrate on to cloud based environments needs to ensure comprehensive cloud testing, encompassing infrastructure, software and the platform, in order to validate the security of the cloud, cloud related application and data.  I believe that cloud adoption is a radical change for any enterprise to make and the move from physical to virtual accessibilities poses several challenges from a security standpoint. To start, let us take a look at what security testing would need to focus on at an infrastructure level, since this is the first step on the path towards successful cloud adoption.


Any enterprise subscribing to the cloud cannot completely depend on the cloud service provider's contract for the security of the cloud infrastructure, the QA teams would also be needed to validate the security of the cloud from the infrastructure layer itself. Once the desired computing power is allocated along with the software, QA teams need to scan cloud instances for existing security vulnerabilities, malware and threats. This would help detect security flaws such as unpatched operating systems at the infrastructure layer.  Also, it's important to check if there are adequate security measures in place like user access control, privilege based access and security policies for governing the QA infrastructure itself. Lastly, the encryption of cloud instances need to be validated since there are security threats involved with recovering previously deleted data in case of unencrypted cloud instances.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Infosys on Twitter