Cloud Auditing Best Practices
Perform Security and IT Audits across AWS, Azure, and GCP by building effective cloud auditing plans
Shinesa Cambric
Michael Ratemo
BIRMINGHAM—MUMBAI
Cloud Auditing Best Practices
Copyright © 2023 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Portfolio Manager: Mohd Riyan Khan
Publishing Product Manager: Prachi Sawant
Senior Editor: Divya Vijayan
Technical Editor: Rajat Sharma
Copy Editor: Safis Editing
Project Coordinator: Ashwin Kharwa
Proofreader: Safis Editing
Indexer: Hemangini Bari
Production Designer: Shyam Sundar Korumilli
Marketing Coordinator: Ankita Bhonsle
Senior Marketing Coordinator: Marylou De Mello
First published: January 2023
Production reference: 1151222
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-80324-377-1
To all the women in technology that continue to press forward and do hard things – you have unknowingly served as mentors, role models, and trailblazers. To Jasmine, Nia, Shawn, and Shani for constantly encouraging me to let my little light shine and being proud of me no matter what I do.
– Shinesa Cambric
To the ones who believed in my potential and planted the seed leading me to pursue the current path. To my mentees and mentors – you helped me discover my passion for educating others. To my family, professional peers, Jacky A., James S., Steve S., and others who pushed and encouraged me to write this book.
– Michael Ratemo
Contributors
About the authors
Shinesa Cambric (CCSP, CISSP, CISA, CISM, CDPSE) is a cloud security, compliance, and identity architect with expertise in the design and implementation of security architecture and controls. Her experience includes designing IAM and governance solutions, building insider threat programs, and providing subject matter expertise on the intersection of governance, risk, and compliance with IT and application security. She is a certification content advisor for CertNexus and CompTIA, her work has been included in global forums, such as RSAC and DevOps.com, and she is a contributing author to the books 97 Things Every Information Security Professional Should Know and Shifting Security Left. Shinesa volunteers, provides subject matter expertise, and mentors with several organizations, including Cloud Security Alliance, fwd:cloudsec, Women in Cyber Security (WiCys), Information Systems Security Association (ISSA), as a training lead with the Women’s Society of Cyberjutsu, and as a board member with non-profit group Cloud Girls.
I am extremely blessed to have an opportunity to follow that voice that put a dream in my heart and then provided a pathway for me to act. In my eyes, this was nothing short of miraculous.
I want to give special thanks to Prachi Sawant at Packt for connecting with me, believing in my idea, and constant support. You are amazing!
Thank you to my co-author, Michael Ratemo, for taking this journey with me. I reached out and you didn’t hesitate to come on board and make history. I know the personal sacrifices this took and it means a lot.
Huge thanks to Evan Wolfe and Mani Keerthi for your feedback and even more so for your continued friendship and support. I wish everyone were so fortunate to have people like you in their corner.
Finally, a huge thank you to my family and friends for your continued love and support!
Michael Ratemo (CISSP, CISA, CISM, GCSA, CCSK, CIA) is a cybersecurity leader and Principal Consultant at Cyber Security Simplified. He speaks security in a language businesses can understand and has built a career creating effective security strategies that are customized to protect organizations. He is skilled in elevating the effectiveness of an organization’s security programs, to help drive business value and mitigate risks across large and complex environments. In addition, Michael is the author of the LinkedIn Learning Course, Building and Auditing a Cyber Security Program. Michael holds a BS in Computer Science and engineering from the University of Texas at Arlington, and an MBA from the University of North Texas.
I want to thank Shinesa Cambric, my amazing co-author, for sharing the vision to create this book. Having an idea and turning it into reality is not as easy as it sounds. Throughout our professional experiences, we noted a gap in how cloud audits were being performed, hence we sought to create a solution to fill this need. Even though the process of writing the book was demanding, it provided a very enriching experience.
In addition, I want to thank members of the Packt team, who provided unique insight into the content of the book. Special thanks to Prachi Sawant, Publishing Product Manager at Packt, for your encouragement and guidance every step of the way.
Finally, to everyone at the Cloud Security Alliance (CSA), and specifically, Rick Blue, Global Director, and training partners at Cloud Security Alliance. I am tremendously grateful for your support and incredible inspiration.
About the reviewers
Evan Wolfe (CISSP) is a cybersecurity professional with over 10 years of experience working in information technology, with a primary focus on cloud engineering and security. Evan has been an instructor for Dallas College, where he taught courses on AWS, developing applications in the cloud, and Kubernetes. He received his bachelor’s degree in Computer Information Technology from California State University, Northridge and is currently pursuing his master’s degree in cybersecurity from Georgia Institute of Technology. Currently he is focused on leading cloud security initiatives through software engineering, data analytics, automation, and security testing.
Mani Keerthi Nagothu is a cybersecurity professional with global work experience. Her expertise is in cybersecurity strategy, incident response, risk management, security awareness, and training. She has been a speaker at various conferences including (ISC)2 Security Congress, InfoSec World, Cloud Security Alliance, and many more. She is passionate about sharing knowledge with others and spends her time in cybersecurity research and latest trends in the industry.