Cloud is the preferred solution for data storage, infrastructure and services on demand today. Penetration testers and ethical hackers are increasingly being called upon to evaluate the security of cloud-based applications, services, and infrastructures. Such work is fraught with political and technical complexity.

Penetration testing, the practice of testing a computer system, network, or hosted application to discover vulnerabilities that may be exploited by hackers, is a necessary evil these days, when security breaches are making the national news and hacking companies, have to pay out big settlements.

The value of this type of testing is that it keeps the security team on its toes and allows it to understand issues as they arise. Compared with the cost of recent settlements, pen testing is cheap insurance that one’s security is the best it can be and that any vulnerabilities will be identified and corrected immediately.

The growth of cloud has led to some interesting angles on pen testing. Cloud based applications need to be pen tested, as do their on-premises counterparts. However, pen-testing applications that run in public clouds come with some complexities you must deal with, including legal and technical obstacles. To help address the challenges, here are five steps on how to approach cloud-based pen testing.