Cloud Security Assessment: AWS, GCP & Azure Checklist

10 min read

Cloud Security Assessment Framework

Cloud infrastructure introduces unique security challenges. Misconfigurations — not sophisticated attacks — cause most cloud breaches. This checklist covers the critical controls for AWS, GCP, and Azure.

Identity & Access Management (IAM)

  • Enable MFA for all human users (non-negotiable)
  • Use service accounts with minimal permissions for applications
  • Implement least-privilege access — audit permissions quarterly
  • Remove unused accounts and access keys
  • Use role-based access control (RBAC) instead of individual permissions
  • Set up automated alerts for privilege escalation events

Network Security

  • Use VPCs/VNets with proper subnet segmentation
  • Restrict security group rules — no 0.0.0.0/0 ingress on sensitive ports
  • Enable VPC flow logs for traffic analysis
  • Use private endpoints for cloud services (no public internet traversal)
  • Implement Web Application Firewall (WAF) for public-facing services

Data Protection

  • Enable encryption at rest for all storage (S3, RDS, EBS, GCS)
  • Use TLS 1.2+ for all data in transit
  • Manage encryption keys with cloud KMS (not hardcoded)
  • Enable versioning and access logging on storage buckets
  • Block public access on storage buckets by default

Logging & Monitoring

  • Enable cloud audit logging (CloudTrail, Cloud Audit Logs, Activity Log)
  • Centralize logs in a SIEM or log management platform
  • Set up alerts for suspicious activities (root login, security group changes, large data transfers)
  • Retain logs for at least 90 days (365 for compliance)

Container & Serverless Security

  • Scan container images for vulnerabilities before deployment
  • Use minimal base images (distroless, Alpine)
  • Don't run containers as root
  • Implement network policies for pod-to-pod communication
  • Set resource limits to prevent crypto-mining abuse

Automated Assessment

Beta Security scans your cloud infrastructure against these controls automatically. Our cloud security assessment covers AWS, GCP, and Azure with actionable findings and remediation guidance. Book a free assessment to see your current security posture.

Related

Security

Web Application Security Testing: OWASP Top 10 Guide

Security

API Security Best Practices for SaaS Companies

Security

Red Team vs Penetration Testing: What's the Difference?