☁️

Cloud Security Audit Services

Deep configuration reviews of AWS, Azure, and GCP environments — IAM, storage, network, and attack-path analysis.

AWSAzureGCPKubernetesTerraformCSPM
Serving clients across the United Kingdom & United States of America

What You Receive

  • Cloud security posture report with prioritised findings
  • Attack-path analysis identifying exploitable misconfiguration chains
  • Infrastructure-as-Code review for Terraform, CloudFormation, Bicep
  • Mapped to CIS Benchmarks, AWS Well-Architected, and Microsoft Cloud Adoption Framework
  • 90-day free retest of remediated findings

Cloud security audits are configuration-driven assessments of your cloud environment against best practice baselines, attack-path analysis, and the specific threat model relevant to your business. Unlike a penetration test, which exercises specific attack paths, an audit aims to surface the complete inventory of misconfigurations and prioritise them by exploitability and business impact.

We have conducted over 120 cloud security audits across AWS, Azure, and GCP environments, ranging from single-account SME deployments to multi-account FTSE 250 and US enterprise estates. Our findings are documented in our analysis of the 7 AWS misconfigurations we find in every audit.

What We Audit

Identity and Access Management

IAM is the largest source of critical findings in cloud audits. We analyse:

  • IAM policies for over-permissive Action and Resource wildcards
  • Role assumption chains and cross-account trust relationships
  • Service-linked roles and their effective privileges
  • IAM Identity Center / Azure AD / Google Cloud Identity federation configurations
  • Privileged account usage patterns and break-glass procedures
  • Long-lived access keys, unused credentials, and stale roles
  • Multi-factor authentication enforcement across all access paths

Network Security

  • VPC, VNet, and VPC Service Controls configuration
  • Security group, NSG, and firewall rule analysis for over-permissive ingress
  • VPN and Direct Connect / ExpressRoute / Cloud Interconnect configurations
  • Public-facing resources audit — load balancers, API gateways, exposed databases
  • Network segmentation and microsegmentation patterns
  • DDoS protection configuration

Data Protection

  • S3 bucket / Blob storage / GCS bucket public access and encryption configuration
  • Database encryption at rest and in transit (RDS, CosmosDB, Cloud SQL)
  • KMS key configuration, key policies, and rotation
  • Secrets Manager / Key Vault / Secret Manager usage patterns
  • Backup configuration, retention, and recovery testing evidence

Logging and Monitoring

  • CloudTrail / Activity Logs / Audit Logs configuration and coverage
  • VPC Flow Logs and equivalent network telemetry
  • SIEM integration and log retention
  • GuardDuty / Defender for Cloud / Security Command Center configuration
  • Custom detection rules and alerting

Infrastructure-as-Code Review

  • Terraform module security review
  • CloudFormation / ARM / Bicep template analysis
  • Kubernetes manifest analysis using Trivy and kube-bench
  • CI/CD pipeline security — secret management, OIDC federation, runner configuration
  • Pre-commit and pre-deployment policy enforcement (Checkov, tfsec, OPA)

AWS, Azure, and GCP Specifics

AWS

AWS audits cover the entire account or organisation, including: IAM (users, roles, policies, Identity Center), S3, EC2 and Auto Scaling, Lambda, RDS, DynamoDB, ECS, EKS, EFS, ELB, API Gateway, CloudFront, Route 53, Cognito, KMS, Secrets Manager, Systems Manager, CloudTrail, CloudWatch, Config, Security Hub, GuardDuty, Macie. We follow the AWS Well-Architected Security Pillar and CIS AWS Foundations Benchmark.

Azure

Azure audits cover: Entra ID (formerly Azure AD), Conditional Access, PIM, Azure Subscriptions, Resource Groups, Storage Accounts, Virtual Networks, Network Security Groups, Azure Firewall, Application Gateway, Front Door, App Services, Functions, AKS, SQL Database, CosmosDB, Key Vault, Defender for Cloud, Sentinel, Activity Logs. We follow the Microsoft Cloud Adoption Framework security guidance.

Google Cloud Platform

GCP audits cover: Cloud IAM, Organization Policy, VPC and VPC Service Controls, Cloud Storage, Compute Engine, GKE, Cloud Run, Cloud Functions, Cloud SQL, Spanner, BigQuery, Cloud KMS, Secret Manager, Cloud Audit Logs, Security Command Center.

UK & USA Compliance Coverage

We map audit findings to compliance frameworks relevant to your jurisdiction:

UK & EU: UK GDPR, NIS2 (where applicable), ISO 27001, Cyber Essentials Plus, NCSC Cloud Security Principles

USA: SOC 2 Type II (CC6.1, CC6.6, CC7.1), HIPAA Security Rule, GLBA Safeguards Rule, PCI-DSS, FedRAMP Moderate baseline, NIST SP 800-53

What You Receive

  • Executive summary — top 5–10 findings translated into business risk language
  • Technical findings report — every misconfiguration documented with evidence, exploitability assessment, and remediation steps
  • Attack-path analysis — combinations of findings that together enable a critical compromise
  • Compliance mapping — findings mapped to the framework(s) in scope
  • Remediation roadmap — prioritised by exploitability and effort
  • Free retest within 90 days — we re-verify remediated findings at no charge
  • IaC review (where in scope) — pull-request-style annotations on Terraform / CloudFormation / Bicep

Frequently Asked Questions

What clouds do you audit?
AWS, Microsoft Azure, and Google Cloud Platform — including the major managed services (RDS, S3, Lambda, Kubernetes, Functions, Storage). We also audit hybrid environments where on-premises Active Directory integrates with cloud identity providers via Azure AD Connect, AWS IAM Identity Center, or Google Cloud Identity.
How does a cloud security audit differ from a penetration test?
Cloud security audits are configuration-driven. We use read-only access to your cloud accounts to enumerate every resource, IAM policy, network rule, and managed service configuration, then compare against best practice and threat models. A penetration test exercises specific attack paths. The two are complementary: audits surface the inventory of misconfigurations; pen tests demonstrate exploitability of the most critical ones.
Do you need write access to our cloud accounts?
No — read-only access is sufficient for audit work. We use a dedicated audit role with the minimum permissions needed (typically equivalent to ReadOnlyAccess plus a few additional permissions for KMS key inspection and Lambda code review). All audit activity is logged in CloudTrail for your inspection.
What tools do you use?
We combine commercial CSPM tools (where the client has them) with open-source tooling (Prowler, ScoutSuite, CloudSploit, kube-bench, Trivy) and manual analysis. Tools cover breadth; manual analysis adds attack-path reasoning and business-context prioritisation that automated tools cannot.
Can you audit Infrastructure-as-Code before it's deployed?
Yes — IaC pipeline review is one of the highest-value engagements available. Terraform plans, CloudFormation templates, ARM/Bicep, Pulumi, and Kubernetes manifests can be reviewed pre-deployment to catch misconfigurations before they reach production. We integrate with GitHub Actions, GitLab CI, and Azure DevOps pipelines.
How long does a cloud security audit take?
Single AWS account: 3-5 working days. Multi-account AWS organisation: 7-15 working days. Azure subscription with Entra ID integration: 5-10 working days. GCP project or organisation: 5-10 working days. Multi-cloud audit: 10-20 working days. Specific scope is agreed during a one-hour scoping call.
Do you support compliance evidence collection?
Yes. Reports map findings to the relevant compliance framework: CIS Benchmarks, AWS Well-Architected, Azure Security Benchmark, ISO 27001, SOC 2, HIPAA, PCI-DSS, FedRAMP. Evidence-quality screenshots and configuration exports are provided alongside narrative findings.
How is pricing structured?
Fixed-price per engagement based on scope (number of accounts, regions, environments). Pricing for UK clients is in GBP; US clients in USD. Retainer arrangements are available for organisations requiring continuous monitoring or quarterly re-assessments.

Request a Cloud Security Posture Review

Tell us about your environment. We'll respond within one working day with a scoping call calendar invite and an initial price guide.

By submitting this form you agree to our privacy policy. We will only use your details to respond to this enquiry.