Can I Conduct A Penetration Test Of The Provider's Environment?
Security experts advise that penetration testing is a valuable tool to find weaknesses and configuration issues before a real attacker strikes. A full penetration test is unlikely in the case of a Salesforce.com or another SaaS provider, but a large infrastructure service provider will let potential customers conduct a penetration test. Conduct vulnerability scans or hire a firm to perform a full penetration test. If the service provider has an internal penetration testing team, you can request a detailed audit of reports. Third-party testing may be required to meet certain compliance mandates.