Cloud Security · Preparation Kit
Cloud Security Controls Readiness
Cloud security controls preparation materials, from IAM best practices, encryption, network security, to logging & monitoring. Applicable to AWS, GCP, Azure. Required in ISO 27001 (A.5.23, A.8.9-8.11), SOC 2 (CC6), PCI-DSS (if processing card data on cloud).
Get pTrackly support →1. Identity & Access Management (IAM)
- □ Principle of least privilege: users have only minimum necessary permissions
- □ MFA mandatory for console access and privileged accounts
- □ No root account usage: disable root keys, use only for emergencies
- □ IAM roles instead of hardcoded credentials in code
- □ Regular access review: quarterly review of who has what permissions
2. Data Encryption
- □ Encryption at rest: enable for all storage (S3, EBS, RDS, GCS, Cloud SQL)
- □ Encryption in transit: TLS 1.2+ for all communications
- □ Key management: use KMS (AWS KMS, GCP Cloud KMS, Azure Key Vault)
- □ Key rotation: enable automatic key rotation (annually or per policy)
3. Network Security
- □ VPC/VNet segmentation: separate production / staging / development
- □ Security Groups / Firewall rules: restrict inbound traffic (whitelist approach)
- □ No public access: RDS, Redis, Elasticsearch not exposed to public internet
- □ Bastion host / VPN for admin access instead of public SSH
- □ WAF: enable AWS WAF / Cloud Armor / Azure WAF for web applications
4. Logging & Monitoring
- □ CloudTrail / Cloud Audit Logs: enable for all regions, log all API calls
- □ VPC Flow Logs: track network traffic patterns, detect anomalies
- □ Centralized logging: ship logs to SIEM or log aggregation tool
- □ Alerting: alert on suspicious activity (root login, security group changes, IAM changes)
- □ Log retention: at least 90 days (PCI-DSS requires 90 days, SOC 2/ISO 27001 recommend 1 year)
5. Backup & Disaster Recovery
- □ Automated backups: enable for databases, critical data
- □ Backup frequency: daily minimum, hourly if RTO/RPO requires
- □ Cross-region backup: store backups in different region for regional outage protection
- □ Backup testing: test restore quarterly to verify backups work
- □ Disaster Recovery Plan: document RTO/RPO, failover procedure
6. Compliance & Posture Management
- □ Cloud Security Posture Management (CSPM): AWS Security Hub, GCP Security Command Center, Azure Defender
- □ CIS Benchmarks: follow CIS benchmarks for cloud provider
- □ Config drift detection: alert on changes outside IaC pipeline
- □ Regular security assessments: quarterly cloud security review
pTrackly helps you implement Cloud Security faster with ready-made templates and automated evidence collection.
Get Free DemoReady to get audit-ready?
Book a 15-minute call. See the platform. Decide if it fits.
Book Free Demo 15 min, no commitment No credit card required Setup in 24 hours Cancel anytime