Multi-Account Cloud Security Audit

Here is one of my recent IT consulting missions where I helped a cybersecurity-focused company assess and improve the security posture of multiple cloud environments by performing a detailed audit and delivering a professional PDF report.

Client: Altivor Systems (Cybersecurity & Infrastructure)
Consultant: Samuel Ndala – Cloud & Security Consultant
Duration: 5 days
Delivery Date: February 19, 2024
Project Type: Multi-Cloud Security Assessment & Documentation

Project Summary

Altivor Systems manages several cloud environments (AWS, Azure, GCP) across different departments. The goal of this mission was to identify misconfigurations, access control risks, exposed assets, and compliance gaps by auditing all accounts and generating a structured security report.

Objectives

Perform a security audit across AWS, Azure, and GCP accounts
Detect IAM risks, exposed services, misconfigured storage buckets
Check for compliance violations (encryption, MFA, logging)
Deliver a custom PDF report with screenshots, recommendations, and action plan
Provide a summary visual for management-level stakeholders

Cloud Architecture Overview

Security Assessment Process

✅ Collected metadata from AWS Config, Azure Policy, and GCP Security Command Center
✅ Scanned IAM permissions and storage buckets
✅ Detected open S3 buckets, inactive users, excessive roles
✅ Reviewed encryption, backup settings, and MFA enforcement
✅ Created a structured PDF report with technical findings & action plan

Delivered Assets

📄 A detailed PDF report with findings, screenshots & remediation steps
✅ Excel sheet summarizing critical / high / medium / low risks
🔐 IAM policy review with suggestions per platform
🧠 Action plan to fix top 5 risks in 7 days

Final Result

Altivor Systems gained complete visibility over their cloud security gaps, and immediately resolved all high-severity issues within 72 hours following the recommendations.

Tech Stack

Platforms Audited: AWS, Azure, GCP
Tools Used: AWS Config, IAM Access Analyzer, Azure Defender, GCP SCC
Languages: CLI, Bash, Terraform for audit setup
Delivery Format: PDF report + remediation roadmap + CSV risk matrix

Conclusion

This report demonstrates the importance of periodic cloud security audits, especially in organizations operating in multi-cloud environments. The structured report enabled the client to prioritize real threats and establish a repeatable audit strategy.

Popular Projects

Create a Real-Time Data Stream with Kinesis

Deploy a Containerized App to Azure Kubernetes Service (AKS)

Create and test a Pub/Sub queue with a subscriber

Host a Static Website on Google Cloud Storage

What is Cloud Computing ?

Cloud computing delivers computing resources (servers, storage, databases, networking, and software) over the internet, allowing businesses to scale and pay only for what they use, eliminating the need for physical infrastructure.

AWS: The most popular cloud platform, offering scalable compute, storage, AI/ML, and networking services.
Azure: A strong enterprise cloud with hybrid capabilities and deep Microsoft product integration.
Google Cloud (GCP): Known for data analytics, machine learning, and open-source support.

LINKS