Unauthorised access to data is a primary concern of clients who commission a Salesforce assessment. The Salesforce documentation acknowledges that the sharing model is a "complex relationship between role hierarchies, user permissions, sharing rules, and exceptions for certain situations". It is often said that complexity and security are natural enemies. Salesforce empowers its users with … Continue reading Are you oversharing (in Salesforce)? Our new tool could sniff it out!
Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend PMapper's functionality for other use-cases. … Continue reading Tool Release – Principal Mapper v1.1.0 Update
Introduction At NCC Group, we routinely assess the configuration of our clients’ cloud environments. These reviews aim to ensure that the environments are in line with security best practice and provide appropriate protection for sensitive information and resources. Google Cloud Platform (GCP) has grown steadily since 2011 – both in features and in adoption. This … Continue reading Securing Google Cloud Platform – Ten best practices
Conducting a thorough Azure security build review or Azure security assessment can be difficult. Clicking through the Azure Ibiza  portal to review the details on many of its services, including, but not limited to, Azure Active Directory (Azure AD), resource groups, virtual machines, storage accounts, databases, database servers and other services isn’t always feasible. … Continue reading Introducing Azucar
Introduction As more of our services move to rented virtual servers, applying centralised protective monitoring becomes more of a challenge. Offerings such as Assuria’s Cloud Security Suite and Splunk’s Storm show the demand for elastic and easily configurable monitoring that can be deployed on cloud provisioned infrastructure. Amazon has responded to these services by creating … Continue reading CloudWatch: Amazon Web Services & Shellshock