Generic high level Cloud security risk assessment checklist

UnixGuy

I find myself this week with a bit of free time so I want to improve my tools and checklists (for consulting purposes)

I want to create a generic checklist for cloud security, like a list of questions and answers to cross check if the cloud instance followed basic security sanity.

Is there a generic list that you use or a standard that you implement?

I'm also interested in the common mistakes that people make when it comes to cloud security...what kind of things people usually tend to miss? common mistakes/misconfigurations etc?

I know it's a broad question..I'd love to hear from all the cloud gurus, I'm sure you'll have some great tips

scasc

Hey Unix Guy, How are you keeping? CSA, on their website as part of the CCSKv4, have a pretty nice checklist mapped to the major standards too regarding cloud deployments. You can obtain a copy from the website for free. In the UK, we have a mapping to NCSC (Gov) cloud security 14 principles which is pretty good too - you can easily find on Google. A number of common mistakes found - for starters lack of understanding of the shared responsibility model!

UnixGuy

@scasc with the goods as always! Thanks, that's exactly what I'm looking for

I'm good, just working from home, life goes on

how you holding up?

scasc

Hey - good to hear all is well. Same here, with COVID flying about everyone been asked to work remotely so trying to manage with the kids all around. Hopefully the checklists will help, let me know if there is anything else I can help with.