Questions to ask to understand a company's cloud environment

cloud environment questionnaire.md

Cloud Environment Questionnaire

1. IT Security Regulations?

ex: SOC2, NIST 800-53, ISO 27001, PCI DSS (credit cards), HITRUST / HIPAA (healthcare), FIPS / FedRAMP (US Gov), GDPR (EU)

2. Cloud Provider(s)?

ex: AWS, Microsoft Azure, Google GCP, on-prem VMware

3. Compute Environment(s)?

ex: AWS EC2 VMs, AWS ECS (Docker), AWS EKS (Kubernetes K8S), Azure VM, Azure AKS (K8S), GCP VM, GCP GKE (K8S)

4. Auto-Scaling Service(s)?

ex: AWS ASG, Azure AutoScale, GCP MIG

5. OSes and versions?

ex: Windows Server 2022, Redhat 9 (RHEL), CentOS, Amazon Linux 2, Ubuntu 22.04 LTS, Debian 11, Arch Linux

6. Inventory Management?

ex: VMware CloudHealth, CloudQuery, NCCGroup / aws-inventory, DuoSecurity / cloudmapper, custom system, TBD?

7. Cost Management?

ex: VMware CloudHealth, AWS Trusted Advisor, CloudDyn, Cloudcheckr, custom system, TBD?

8. Access Management?

ex: HasiCorp Boundary, Okta, LastPass, DuoSecurity, TBD?

9. Git Provider?

ex: Github Enterprise SaaS, Github Enterprise on-prem, Gitlab SaaS, Gitlab on-prem, CircleCI, TravisCI, Atlassian Bitbucket

10. CI/CD Pipeline?

ex: Jenkins, Github Actions, Gitlab Pipelines, Atlassian Bamboo

11. Configuration Management?

ex: Ansible, Salt, Puppet, Chef

12. Secrets Management?

ex: HashiCorp Vault, Thycotic Secret Server, CyberArk Secrets Manager, AWS Secrets Manager, Ansible Vault, Puppet Hiera, Chef Data Bags, TBD?

13. Cloud Deployment Management?

ex: HashiCorp Terraform, AWS CloudFormation, Azure Resource Manager, GCP Deployment Manager, TBD?

14. Metrics Monitoring?

ex: SignalFX, DataDog, New Relic, Nagios

15. Log Monitoring?

ex: Splunk, ElasticSearch, AWS CloudWatch, AWS Athena, DataDog, New Relic, SumoLogic

16. Security Logging?

ex: Splunk, ElasticSearch, AWS Security Manager, AWS Athena, DataDog, New Relic, SumoLogic, Panther

17. Alerting?

ex: PagerDuty, OpsGenie, VictorOps