Welcome, readers! Whether you’re already an experienced penetration tester or you’re new to cybersecurity, penetration testing cloud networks requires specialized knowledge. One of the key differences between penetration testing cloud networks and penetration testing on-premises networks and computer systems is that the organization you’re working for doesn’t own everything in its computing environment. When you conduct red team engagements in cloud networks, both the organization you work for and its cloud provider (whether that's Amazon Web Services (AWS), Azure, or Google Cloud Platform (GCP)) have needs that must be respected. The good news is if you master the skill of pentesting cloud networks, you may have a lucrative career ahead of you. Organizations use the cloud now more than ever, and demand for cloud services continues to grow.

Penetration testers simulate cyber attacks within...

To be able to effectively test your pentest target, you must first understand it. Cloud networks have been popular with the enterprise market ever since AWS took its current form in 2006. Microsoft Azure and GCP have been around since 2008. These three cloud platforms are the most frequently used by businesses and enterprises of all kinds, all around the world. Most enterprises use at least one cloud platform in their networks these days. Some enterprises even use multiple cloud platforms. So, what are cloud platforms, and why are they so popular? How do cloud platforms improve how companies do business over the internet?

In the 1990s, enterprises had to host their own data centers on their premises. Web hosting providers started to operate that decade, but they only offered web servers and email servers. That’s good for an organization’s website and email, but not for anything else. If companies needed to run their own, more complex applications...

Cloud networks can take a few different forms. Some organizations maintain their client machines (such as PCs and mobile devices) on their own premises and then run their backend servers completely on one particular cloud platform. It’s an all-cloud network on one platform such as AWS, Azure, or GCP.

Some organizations run some server machines on their own premises and run the rest of their network on one or multiple cloud platforms. That’s a hybrid cloud network—partly on-premises, partly in the cloud.

Some organizations deploy their networks through more than one cloud platform. They may have some parts of their network running on AWS and other parts on Azure, for example. That’s a multi-cloud network.

Let’s examine how these different ways to operate cloud networks work, and why organizations may choose one way over another.

All-cloud networks

An all-cloud network is when an enterprise...

As I’ve mentioned, AWS, Azure, and GCP each have some services that are unique to each of them. A business may find that the combination of PaaS and SaaS applications that best serve its operational needs are all on different cloud platforms. An enterprise could have Azure OpenAI Service for automated customer service, Amazon GameLift to host its online video game servers, and a payment gateway on GCP to process customer credit card transactions.

Michael Warrilow, VP Analyst at Gartner, says this:

“Most organizations adopt a multi-cloud strategy out of a desire to avoid vendor lock-in or to take advantage of best-of-breed solutions. We expect that most large organizations will continue to willfully pursue this approach.”

According to a survey Gartner conducted in 2019, 81% of their respondents are working with two or more providers. That was at least a few years ago. Gartner foretasted an increase in...

Cloud migration is when an organization moves its data and services from its on-premises infrastructure to a cloud provider. With the rapid growth of the cloud market over the past 15 or 20 years, a large number of enterprises have engaged in the cloud migration process. But cloud migration isn’t simple, and it can be done incorrectly or ineffectively.

All enterprises must plan carefully in order to migrate to the cloud effectively. Depending on the situation and their needs, they may prefer to migrate to the cloud in stages over the course of months or years rather than do it all at once.

When planning a cloud migration strategy, organizations should understand the problems that can occur with cloud migration so that they can be avoided.

An enterprise’s services may experience downtime during the cloud migration process. Depending on how it migrates to the cloud, some of its servers may have to go completely offline for a period of...

As a cloud pentester, it’s important for you to understand how the shared responsibility model works in the cloud. The two entities involved are the organization that’s using cloud services, and the cloud provider. When you conduct red team engagements, the organization is the entity you report to, whether you’re an employee or a third-party contractor.

Overall, the organization and the cloud provider have shared security responsibilities. This is often called the shared responsibility model. However, cloud security controls and responsibilities are divided between the two entities.

It’s important for you to understand what the cloud provider is responsible for and what the organization you’re working for is responsible for. At the beginning of each pentest or red team engagement, you will sign a contract that outlines the scope of the pentests and what you’re allowed and not allowed to do. You absolutely...

All of the services provided by AWS, Azure, and GCP are either SaaS, PaaS, or IaaS. The classification of each of these cloud services will directly affect what you’re allowed to do when you’re pentesting, as I’ve explained. So, understanding the differences between these types of services is crucial!

SaaS means the cloud provider gives your organization lots of components—the infrastructure everything runs on, its software platform and related APIs, and the application-level functions of its software. For instance, when we use Gmail, we’re using a fully SaaS application. AWS defines SaaS thus:

“SaaS is a business and software delivery model that enables organizations to offer their solution in a low-friction, service-centric approach.”

So, your organization is putting its data into the service, but it isn’t doing much—or any—software application development. Your...

So, with this chapter, you now understand the basic nature of your testing targets—cloud networks. Later on in this book, I’ll explain more information you’ll need to know as a red teamer that’s specific to AWS, Azure, and GCP. But in the next chapter, we’ll explore how cloud networks in general are cyber-attacked. In a cloud pentest, the cloud is the “what” and your simulated cyber attacks are the “how.”

To learn more on the topics covered in this chapter, you can visit the following links:

• What is red teaming?: https://www.synopsys.com/glossary/what-is-red-teaming.html
• About AWS: https://aws.amazon.com/about-aws/
• The History of Google Cloud Platform: https://acloudguru.com/blog/engineering/history-google-cloud-platform
• The History of Microsoft Azure: https://techcommunity.microsoft.com/t5/educator-developer-blog/the-history-of-microsoft-azure/ba-p/3574204
• What are the benefits of cloud computing? (IBM): https://www.ibm.com/topics/cloud-computing-benefits
• What is cloud networking?: https://www.cisco.com/c/en/us/solutions/cloud/what-is-cloud-networking.html
• A Brief History of Containers: https://d2iq.com/blog/brief-history-containers
• What is DevSecOps? A guide from PortSwigger: https://portswigger.net/solutions/devsecops/guide-to-devsecops
• Multi-Cloud vs. Hybrid Cloud: 10 Key Comparisons: https://www.spiceworks.com/tech/cloud/articles...