Background
As part of a large cyber recovery plan aimed at moving core services into the cloud, Wavestone were engaged to provide assurance and a testing strategy for the client’s cloud architecture design. This work fell under the client’s security function who are responsible for the delivery of the Group’s Security strategy and services to all its entities across the globe.
What did Wavestone deliver?
Throughout the design phase, Wavestone analysed the security of the cloud design. Based on our previous knowledge of cyber attacks, we provided feedback and suggestions on the design and what areas needed to be considered when to ensure the cloud was secure. Additionally, we reviewed the process of moving an object into the cloud and recovering it. We highlighted potential vulnerabilities at each process step and identified the tests that would be required.
Challenges
Our biggest challenge was creating a testing strategy when the cloud design was not complete. This meant that practical assumptions had to be made, documented and communicated to all stakeholders; where where we didn’t have the technical detail, we assumed worst case scenario.
Results
After 2 months on this project, we provided the client with a testing strategy document that included various test scenarios, details regarding potential cyber attacks as well as design vulnerabilities.
The key to success was starting the test strategy early in the design phase of the project as we were able to highlight vulnerabilities and concerns from our extensive cybersecurity knowledge that the client had not previously considered. This allowed them to take these ideas into the design phase early; saving time, money and effort if they had been discovered at a later stage.
