* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Cloud Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/)
* [DevSecOps](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/category/devsecops/)
* A Cloud Security Checklis...

# A Cloud Security Checklist: Assessing Cloud Threats

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-security-checklist%2F)  
[](https://twitter.com/share?text=A+Cloud+Security+Checklist%3A+Assessing+Cloud+Threats&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-security-checklist%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcloud-security-checklist%2F&title=A+Cloud+Security+Checklist%3A+Assessing+Cloud+Threats&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/cloud-security-checklist/&ts=markdown)  
\[\](mailto:?subject=A Cloud Security Checklist: Assessing Cloud Threats)  
Link copied  
By [Chris Tozzi](https://www.paloaltonetworks.com/blog/author/chris-tozzi/?ts=markdown "Posts by Chris Tozzi")  
Sep 16, 2020  
6 minutes  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[Security Automation](https://www.paloaltonetworks.com/blog/tag/security-automation/?ts=markdown)  
[Shared Responsibility Model](https://www.paloaltonetworks.com/blog/tag/shared-responsibility-model/?ts=markdown)

If you're like [94% of enterprises](https://hostingtribunal.com/blog/cloud-adoption-statistics/#gref), you are using the cloud in one way or another. But if you're also like [84% of organizations](https://redlock.io/blog/13-cloud-security-statistics-to-know-in-2019-with-9-best-practices), you are struggling to apply traditional security tools to your cloud based environment. Maybe you're also among the [93%](https://www.infosecurity-magazine.com/news/93-of-orgs-worry-about-cloud/) of companies that lack visibility into their cloud data, or the [24%](https://redlock.io/blog/13-cloud-security-statistics-to-know-in-2019-with-9-best-practices) who are running cloud workloads that are missing critical security patches.

I could go on, but you get the point: companies that have moved to the cloud don't always do a good job of securing the workloads they run there. For that reason, it's worth stepping back and assessing how well you're meeting cloud security threats. Whether you're just starting out on your cloud journey or were building cloud-native apps before it became the cool thing to do, chances are you're overlooking potential cloud security vulnerabilities or risks.

With that reality in mind, here's a cloud security checklist that companies of all types can use to assess the state of their security strategy.

## **Build Your Cloud Security Checklist from Questions**

The first step in building your cloud security checklist is asking various stakeholders who can inform you of what's working and what's not. Groups to query include:

* **Your developers** : They'll be able to tell you about shortcuts they may be taking in building and deploying code to the cloud that could compromise security. They will also be aware of any pain-points that make it hard to follow best practices when working with cloud software, such as issues integrating on-premises access-control systems with those that work for cloud workloads.
* **Your vendors** : Vendors who supply tools and services that support your cloud workloads will know which security practices they recommend for consuming their resources.
* **Your users** : Users can inform you of security issues or risks that impact them when they use your applications. Although surveying every user directly may not be feasible, consider sending surveys to those with whom you have a strong relationship (like long-time customers). You can also ask support staff about user complaints involving security problems in order to identify relevant trends.

## **Share Your Responsibility**

The concept of shared responsibility -- meaning you are responsible for securing some parts of your cloud solution stack while your cloud providers secure others -- is part and parcel of cloud security. But it is often misunderstood; indeed, 73% of organizations [report being unclear](https://www.paloaltonetworks.com/state-of-cloud-native-security) about where their responsibility starts and their cloud providers' ends.

![The shared responsibility model for the cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/Shared-Responsibility-Model.png)
The shared responsibility model for the cloud.

So, as part of your cloud security assessment, evaluate your current strategy for meeting [shared responsibility requirements](https://www.paloaltonetworks.com/blog/2020/04/cloud-3-myths-about-security-in-the-cloud/) and determine whether it leaves any parts of your workloads or infrastructure unsecured.

## **Automate, Automate, Automate**

By now, pretty much everyone knows why automation is so critical and beneficial. (We can thank the DevOps folks for preaching that gospel to us so aggressively over the past decade.) But the challenge arises in putting automation into practice -- especially in the cloud, where automation routines that you developed for on-premises workloads don't always work.

That's why it's worth taking a look at the extent to which your current cloud security operations are automated and finding ways to automate more. Vulnerability scanning and alerting are good places to start with cloud security automation. Automated policy-based audits of cloud configurations may help unveil security issues, too.

## **Build a Response Plan**

Having an efficient process in place for finding security problems in the cloud is of little use if you don't also have a plan for responding to them. As you review your cloud security posture, identify any major security risks for which you don't yet have an incident management plan or playbook in place. Developing one should be included in your cloud security checklist.

![Detailed investigative information in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/Detailed-investigative-info.png)
Detailed investigative information in Prisma Cloud.

What will you do if you discover an Amazon Simple Storage Service (S3) bucket that you inadvertently exposed publicly? How will you respond if an app gets [DDoS'd](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack)? What if you need to recover databases in response to a ransomware attack? These are examples of fairly common cloud security incidents to which you should be prepared to respond.

## **Make Friends**

DevSecOps may be a buzzword, but the concept behind it is powerful. Make sure DevOps and SecOps teams have [shared goals](https://www.paloaltonetworks.com/blog/2020/06/cloud-devsecops-culture/), and try to build a [cooperative culture](https://www.paloaltonetworks.com/blog/2020/02/cloud-3t-shift-left-security/). Eliminate blame and find solutions. Identify metrics that each group can assess to determine how effectively they are achieving security goals. Make sure all stakeholders have visibility into the security state of your cloud, and that there are open communication channels that engineers can use to trigger a response when they notice a potential security problem.

![The image breaks down the components of DevSecOps as a Culture, defined as frequent engagement and collaboration building a culture of trust. A DevSecOps culture includes attention to workplace culture, but also a commitment to transparency and the introduction of shared goals and metrics.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/DevSecOps-as-a-Culture-1.jpg)
A model for DevSecOps culture.

## **Shift Left**

Speaking of buzzwords, "[shift left](https://www.paloaltonetworks.com/blog/2019/07/4-practical-steps-shift-left-security/)" is another one, but it also has real value. You can shift cloud security (and, indeed, all aspects of security) left by building security checkpoints into your software development lifecycle as early as possible and repeating them frequently throughout the CI/CD pipeline -- up to and after deployment.

Along similar lines, strive to ensure that you can roll back to an earlier release quickly if you identify a security issue with a production app. Ideally, that will never happen, but it may, and you should be prepared to fix it with as little disruption to users as possible.

## **Get the Right Tools**

People and processes will go a long way toward helping you secure your cloud workloads, but you also need the right tools. The final item on your cloud security checklist should be to evaluate your current toolset and determine whether it is still meeting your cloud security needs.

![A screenshot showing how users of Prisma Cloud can see a specific CVE spanning each compute type in a single window with an improved risk tree.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/09/cve_details-1.png)
Detailed CVE information in Prisma Cloud

The best [cloud native security platforms](https://www.paloaltonetworks.com/prisma/cloud) envelop the entire CI/CD lifecycle and integrate with all stages of the DevOps workflow. They offer visibility and protection across the entire stack, anywhere it exists. Automated detection and response, CI/CD scanning, and policy and compliance governance should be baked into your cloud security toolset.

## **Improving Your Cloud Security Checklist**

Your cloud security checklist should be tailored to your needs, of course. There's no one-size-fits-all checklist that is exhaustive, and the considerations you assess will vary depending on factors such as whether you use one cloud or multiple clouds, and whether you have a hybrid strategy or have migrated everything to the cloud. Nonetheless, the checklist points above are a good starting point for evaluating how secure your cloud workloads are at present, and how you can improve them continuously over time.

*Most importantly, do your best to avoid the more persistent myths about cloud security. Check out our webinar [3 Myths of Cloud Native Security](http://register.paloaltonetworks.com/3mythsofcloudnativesecurity) to learn a few that come up frequently.*

*** ** * ** ***

## Related Blogs

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/cloud-security/category/research/?ts=markdown)

[#### An Inside Look into ASPM: Five Findings from New Industry Research](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/aspm-research-omdia/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### A Day in the Life with Your AgentiX Automation Engineer Agent](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/a-day-in-the-life-with-your-agentix-automation-engineer-agent/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Cortex AgentiX: A Behind-the-Scenes Perspective](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/cortex-agentix-a-behind-the-scenes-perspective/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Introducing the Cortex MCP Server](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/introducing-the-cortex-mcp-server/)  
[#### Discover the Power of Next-Gen Automation in XSIAM 3.x](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/discover-the-power-of-next-gen-automation-in-xsiam-3-x/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Stopping Cross-Domain Attacks with Cortex XDL + Cortex XSIAM](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/stopping-cross-domain-attacks-with-cortex-xdl-cortex-xsiam/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language