Since we advocate testing your IT services and devices, what if your organization has cloud services?
How about Amazon EC2? AWS compliance keep this in mind.
It is as Amazon AWS(Amazon Web Services) says it is a shared responsibility.
Rackspace has a security page - Rackspace Security rackspace says it is a shared responsibility as well.
There are different cloud providers with specific missions and infrastructure services.
Let's say you need PCI compliance completed for your website. That is on a cloud provider.
Rackspace has scanning rootkits among other links in a search.
As a computer professional in the Security field, one cannot just scan or perform penetration tests on any computer on the Internet, in fact we must get written approval to perform a scan on a computer.
Why? How about this example:
Internet Storm Center example
"However, their implementation of SSL is fragile enough that scanning them for the Heartbleed vulnerability will render them inoperable. This affects Proliants from G1 all the way up to G6, as well as many of the HP Bladesystems."
So when scanning for heartbleed on HP Proliant hardware iLO cards have a problem:
An iLO card allows a specific system administration remote ability:
"Before using an ILO card you must plug an Ethernet cable in to the server's ILO Ethernet jack. Once the ILO card is connected to the Internet, you must set up an ILO user account and IP network address in the server's BIOS menu"