Hardening Your Cloud in 5 Steps
Most cloud breaches don't come from zero-days — they come from misconfigured buckets, over-permissive IAM and forgotten public endpoints. Here is the 5-step checklist I run on every cloud engagement.
1. Enforce least-privilege IAM
Audit every role and policy. Replace wildcard actions with explicit ones and rotate long-lived access keys for short-lived STS tokens.
- Remove `*` from production policies
- Enforce MFA on root and admin
- Use SSO + permission sets
2. Close public exposure
Scan every account for public S3, open security groups and unauthenticated endpoints. Use CSPM to catch drift continuously.
3. Encrypt everything
KMS-managed encryption at rest, TLS 1.2+ in transit, and customer-managed keys for sensitive workloads.
4. Centralize logging & detection
Stream CloudTrail / Azure Activity / GCP Audit into a SIEM. Build detections for IAM changes, console logins from new geos and resource deletions.
5. Practice the breach
Run tabletop exercises and red-team drills against the cloud. If you've never tested response, you don't have response.
Tools mentioned
Cloud security is a hygiene problem before it's a tooling problem. Get these five right and you remove 80% of the common attack paths.