Skip to main content

3. Conducting Cloud Security Assessments

Ensuring cloud security requires regular vulnerability assessments and compliance checks across various cloud providers. This guide outlines the procedures to assess security posture in AWS, Azure, and Microsoft Security (M365 & Entra ID).

Cloud Security – AWS Security

  • Log in to the Platform

    • Access the platform and sign in using your credentials.
  • Navigate to Cloud Security

    • Open the Side Navigation Bar on the left.

    • Click on the Cloud Security tab to access security tools.

  • Select AWS Security

    • Click on AWS Security to view available scanning options.

image.png

  • Verify AWS Account

    • Ensure that an AWS account has already been added to the platform.

    • If no account is available, navigate to the Integrations page to add an AWS account.

  • Choose a Compliance Standard

    • Select a compliance framework to evaluate security posture:

      • CIS (Center for Internet Security)

      • PCI DSS v3.2.1 (Payment Card Industry Data Security Standard)

      • GDPR (General Data Protection Regulation)

      • SOC2 (System and Organization Controls 2)

  • Initiate the Scan

    • Locate the AWS account under the selected compliance framework.

    • Click Scan to initiate an automated security check.

image.png

Monitor and Review Results

  • Monitor scan progress, and upon completion, a report will be generated then open it.

image.png

  • Review findings, including:

    • Compliance gaps

    • Security misconfigurations

    • Vulnerabilities

image.png

Cloud Security – Azure Security

  • Log in to the Platform

    • Access the platform and sign in using your credentials.
  • Navigate to Cloud Security

    • Open the Side Navigation Bar and select Cloud Security.

  • Select Azure Security

    • Click Azure Security to access scan options.

image.png

  • Verify AWS Account

    • Ensure that an Azure account has already been added to the platform.

    • If no account is available, navigate to the Integrations page to add an AWS account.

  • Choose a Compliance Standard

    • Select a compliance framework for the security assessment:

      • ISO (International Organization for Standardization)

      • SOC2 (System and Organization Controls 2)

      • CIS (Center for Internet Security)

  • Initiate the Scan

    • Locate the Azure account under the selected compliance framework.

    • Click Scan to start the security analysis.

image.png

Monitor and Review Results

  • Monitor scan progress, and upon completion, a report will be generated then open it.

image.png

  • Analyze scan results to detect:

    • Compliance gaps

    • Security misconfigurations

    • Vulnerabilities

image.png

Cloud Security – Microsoft Security (M365 & Entra ID)

  • Log in to the Platform

    • Access the platform and sign in using your credentials.
  • Navigate to Cloud Security

    • Open the Side Navigation Bar and click Cloud Security.

  • Select Microsoft Security

    • Click Microsoft Security to access security assessment tools.

image.png

  • Verify AWS Account

    • Ensure that an Microsoft account has already been added to the platform.

    • If no account is available, navigate to the Integrations page to add an AWS account.

  • Choose the Desired Scan Type

    • Select the security scan based on the platform:

      • M365 (Microsoft 365) – Security and compliance assessment.

      • Entra ID (Identity Governance and Administration) – Identity security analysis.

  • Initiate the Scan

    • Locate the Microsoft account under the relevant security category.

    • Click Scan to start the assessment.

image.png

Monitor and Review Results

  • Track scan progress in the Cloud Security Dashboard.

image.png

  • Review scan findings to identify:

    • Security gaps

    • Misconfigurations

    • Vulnerabilities

image.png

Note:

  • For accessing historic reports or addressing scan failures, refer to the Report History Page for further details and View error.
Back to top