Global Security Forum

Security Global Forum

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Security solutions.

 View Only
Back to discussions
Expand all | Collapse all

What's the ideal scope for a first-time penetration test in a multi-cloud setup?

  • 1.  What's the ideal scope for a first-time penetration test in a multi-cloud setup?

    Posted yesterday

    What's the ideal scope for a first-time penetration test in a multi-cloud setup?

    Hi all,

    We're planning our first full-scale penetration test across a multi-cloud environment that includes a mix of private and public workloads. We're trying to define the right scope-whether to test everything at once or phase it out based on criticality.

    A few questions for those who've been through this:

    • Should we start with external-facing apps only, or include internal networks from the beginning?

    • Are there recommended scope limits for first-time assessments?

    • How do you balance between surface-level testing vs. in-depth manual testing?

    We're considering reaching out to a penetration testing company in India with experience in handling complex infrastructure like this, but I'd love to hear how others scoped and structured their first few tests.

    Appreciate any insights or checklists you might have used!



    ------------------------------
    Naveen Kumar
    Cybersecurity
    StrongBox IT
    chennai
    ------------------------------


Related Content