Cloud Security Checklist
Comprehensive security assessment guide for AWS, Azure, and GCP. Use this expert-curated checklist to evaluate your cloud security posture and ensure compliance with major frameworks including SOC2, PCI-DSS, and HIPAA.
Interactive Checklist
Track your progress, filter by category and priority, and download a PDF report.
Progress
Completed
0/30
Identity & Access Management
Require MFA for all privileged accounts and administrative access
Grant minimum required permissions and regularly review access rights
Implement automatic rotation of API keys and service account credentials
Regularly audit and deactivate dormant user accounts and service accounts
Use predefined roles instead of individual permissions assignment
Network Security
Set up proper network segmentation with private and public subnets
Configure subnet-level firewall rules to control traffic flow
Configure instance-level firewalls with specific port and protocol rules
Activate cloud provider DDoS protection services
Deploy WAF to protect web applications from common attacks
Data Protection
Encrypt all stored data using strong encryption algorithms
Use TLS/SSL for all data transmission between services
Classify data based on sensitivity and apply appropriate protections
Set up automated backups with tested recovery procedures
Deploy DLP tools to prevent unauthorized data exfiltration
Monitoring & Logging
Activate comprehensive logging for all API calls and resource changes
Implement SIEM or security monitoring tools for threat detection
Set up real-time alerts for security events and anomalies
Define and enforce appropriate log retention periods
Track and log all administrative and privileged user actions
Compliance & Governance
Perform quarterly security assessments and vulnerability scans
Establish formal procedures for infrastructure and application changes
Document comprehensive security policies and operational procedures
Provide regular security awareness training for all employees
Conduct annual penetration testing by qualified third parties
Container & Kubernetes
Implement automated container image scanning in CI/CD pipeline
Configure containers to run as non-root users
Apply Kubernetes Pod Security Standards or admission controllers
Implement Kubernetes network policies for pod-to-pod communication
Deploy runtime security tools like Falco or Tetragon
Need Help Implementing These Security Controls?
Our cloud security experts can help you implement and automate these security controls. Get a personalized security assessment and implementation roadmap.
Cloud Security Checklist
Comprehensive Security Assessment Guide
Generated by CloudRaft.io
Identity & Access Management
Enable Multi-Factor Authentication (MFA)
Require MFA for all privileged accounts and administrative access
Implement Least Privilege Access
Grant minimum required permissions and regularly review access rights
Rotate Access Keys Regularly
Implement automatic rotation of API keys and service account credentials
Remove Unused Accounts
Regularly audit and deactivate dormant user accounts and service accounts
Implement Role-Based Access Control (RBAC)
Use predefined roles instead of individual permissions assignment
Network Security
Configure VPC/Virtual Network Properly
Set up proper network segmentation with private and public subnets
Implement Network Access Control Lists (NACLs)
Configure subnet-level firewall rules to control traffic flow
Use Security Groups/Network Security Groups
Configure instance-level firewalls with specific port and protocol rules
Enable DDoS Protection
Activate cloud provider DDoS protection services
Implement Web Application Firewall (WAF)
Deploy WAF to protect web applications from common attacks
Data Protection
Enable Encryption at Rest
Encrypt all stored data using strong encryption algorithms
Enable Encryption in Transit
Use TLS/SSL for all data transmission between services
Implement Data Classification
Classify data based on sensitivity and apply appropriate protections
Configure Backup and Recovery
Set up automated backups with tested recovery procedures
Implement Data Loss Prevention (DLP)
Deploy DLP tools to prevent unauthorized data exfiltration
Monitoring & Logging
Enable Cloud Audit Logging
Activate comprehensive logging for all API calls and resource changes
Set Up Security Monitoring
Implement SIEM or security monitoring tools for threat detection
Configure Alerting and Notifications
Set up real-time alerts for security events and anomalies
Implement Log Retention Policies
Define and enforce appropriate log retention periods
Monitor Privileged Account Activities
Track and log all administrative and privileged user actions
Compliance & Governance
Conduct Regular Security Assessments
Perform quarterly security assessments and vulnerability scans
Implement Change Management Process
Establish formal procedures for infrastructure and application changes
Create Security Policies and Procedures
Document comprehensive security policies and operational procedures
Conduct Security Training
Provide regular security awareness training for all employees
Perform Penetration Testing
Conduct annual penetration testing by qualified third parties
Container & Kubernetes
Scan Container Images for Vulnerabilities
Implement automated container image scanning in CI/CD pipeline
Use Non-Root Containers
Configure containers to run as non-root users
Implement Pod Security Standards
Apply Kubernetes Pod Security Standards or admission controllers
Configure Network Policies
Implement Kubernetes network policies for pod-to-pod communication
Enable Runtime Security Monitoring
Deploy runtime security tools like Falco or Tetragon