Cloud Security Framework Audit Methods
Increases in cloud computing capacity, as well as decreases in the cost of processing, are moving at a fast pace. These patterns make it incumbent upon organizations to keep pace with changes in technology that significantly influence security. Cloud security auditing depends upon the environment, and the rapid growth of cloud computing is an important new context in world economics. The small price of entry, bandwidth, and processing power capability means that individuals and organizations of all sizes have more capacity and agility to exercise shifts in computation and to disrupt industry in cyberspace than more traditional domains of business economics worldwide. An analysis of prevalent cloud security issues and the utilization of cloud audit methods can mitigate security concerns. This verification methodology indicates how to use frameworks to review cloud service providers (CSPs).
36922 (PDF, 2.45MB)
27 Apr 2016Related Content
Identifying Security Vulnerabilities in Kubernetes Environments
Research PaperThis research aims to develop a practical methodology for identifying security misconfigurations in Kubernetes environments, across both Infrastructure-as-Code (IaC) and live cluster states.
- 14 May 2026
Marketing or Added Value? The Truth About Purpose-Built Detection and Response for Containers
Research PaperWith the rise of Cloud Detection and Response (CDR), this paper dives deeper into the added value and gaps of these solutions compared to the traditional pillar, Endpoint Detection and Response (EDR).
- 5 Dec 2025
ZTA Unpacked: The Critical Technical Components of Zero Trust Architecture
Research PaperThis paper demystifies the technical foundation of Zero Trust Architecture (ZTA) and outlines the key technologies that drive modern, mature implementations.
- 15 Aug 2025
- Greg Scheidel
Navigating the Challenges of Securing Hybrid Environments
Research PaperThis paper explores ways to bring clarity and control back to your hybrid security strategy—with practical guidance on Zero Trust, unified monitoring, and the evolving role of AI in modern defense.
- 24 Jul 2025
- Matt Bromiley
Securing Azure with PIM: A Just-in-Time Access Study
Research PaperThis study assesses Azure Privileged Identity Management (PIM) and its Just-in-Time access model within a controlled Azure environment, simulating enterprise scenarios across Azure Subscription Roles.
- 11 Jul 2025
Resiliency and Business Continuity in the Cloud Era
Research PaperIn this white paper, Dave Shackleford unpacks today’s evolving cloud threat landscape.
- 21 May 2025
- Dave Shackleford
Out-of-Band Defense: Securing VPNs from Password-Spray Attacks with Cloud Automation
Research PaperThis research examines an out-of-band solution to detect and block password-spray attacks on Remote Access VPN services, addressing vulnerabilities like Cisco’s CVE-2024-20481 amid rising threats post-COVID-19.
- 12 May 2025
- SANS Institute
Securing the Future with Microsoft Defender for Cloud: Best Practices and Insights
Research PaperIn this paper, you’ll learn how to enhance your cloud security posture through actionable insights and use cases involving Microsoft Defender for Cloud.
- 26 Mar 2025
- Dave Shackleford
The Flavor of Clouds: Are Some Cloud Platforms More Attractive to Attackers?
Research PaperSignificant financial loss and sensitive data exposure continue to be a significant risk for entities that host systems in the cloud.
- 17 Feb 2025
Detecting Azure Hybrid Machine Attack Paths with Graph Theory
Research PaperThis research extends the data collected by the security tool BloodHound to uncover hidden connections between on-premises devices and their cloud identities within an Azure environment.
- 7 Jan 2025
The Cost of Container Runtime Security
Research PaperContainerization has fundamentally changed how applications are developed, deployed, and managed....
- 5 Dec 2024
Never Trust, Always Verify: Analysis of Zero Trust Best Practices for Conditional Access
Research PaperThis study examines the effectiveness of Microsoft Entra's Conditional Access policies in thwarting...
- 26 Sep 2024
Memory Safety and Beyond: Unveiling the Missing Piece in Golang
Research PaperThis study examines Go's default HTTP implementation while undergoing certain Denial of Service...
- 2 Aug 2024
Active Directory: Tactical Containment to Curb Domain Dominance
Research PaperMore than two decades after Microsoft released Active Directory, the identity platform remains in...
- 22 Apr 2024
Evaluating Detection Time Delta in Amazon GuardDuty
Research PaperUnderstanding the effectiveness of security solutions like Amazon GuardDuty is essential for...
- 30 Nov 2023
Apples to Oranges: Understanding the Changing Attack Surface for Applications Migrated from Self- Hosted to SaaS
Research PaperWhy would you defend two instances of the same application differently? Self-hosted applications...
- 15 Sep 2023
Kubernetes: Stealing Service Account Tokens to Obtain Cluster-Admin
Research PaperKubernetes security is a complex subject that relies on well-designed Role-Based Access Control...
- 14 Jun 2023
Is Your Cloud Environment Secure? How Do You Know?
Research PaperThe adoption and utilization of cloud environments continue to proliferate for businesses of all...
- 8 Dec 2022
Enterprise Observable Security: A Holistic Approach Using Azure
Research PaperThe information security industry has been plagued with many technical and social challenges that...
- 5 Oct 2022
2021 Ransomware Case Study: Identifying High Priority Security Controls for Public Institutions
Research PaperThree quarters through 2021 and malicious cyber actors appear to be taking full advantage of the...
- 1 Dec 2021