Starting today, SecTests includes dedicated cloud posture management on Pro and Enterprise plans. Connect your AWS, GCP, or Azure accounts and get continuous validation of your cloud security configurations against compliance framework requirements.
Why cloud posture management
Compliance frameworks like SOC 2 and ISO 27001 require organizations to maintain secure configurations across their cloud infrastructure. But cloud environments change constantly: new services get provisioned, IAM roles get modified, and storage policies drift. Point-in-time audits cannot keep up with the pace of change in modern cloud environments.
We built a cloud posture engine that understands compliance requirements from the ground up. It connects directly to your cloud provider APIs, validates configurations against framework controls, and generates audit-ready evidence automatically.
What it validates
The cloud posture module covers SOC 2, ISO 27001, PCI DSS, and HIPAA controls mapped to cloud configurations:
- IAM & Access Policies: validates least-privilege principles, identifies overly permissive roles, checks MFA enforcement, and flags unused credentials
- Encryption Configuration: verifies encryption at rest for storage and databases, validates TLS settings, and monitors key rotation schedules
- Network Security: checks security group rules, validates network segmentation, and flags publicly accessible resources that should be private
- Logging & Monitoring: confirms audit logging is enabled, validates log retention policies, and checks that alerting is configured for critical events
- Data Protection: validates backup configurations, checks data classification settings, and monitors storage bucket policies
- Resource Configuration: flags untagged resources, validates naming conventions, and checks that resources comply with organizational policies
How to get started
There are two ways to connect your cloud accounts:
Option 1: Read-only IAM role. Go to your account settings and follow the guided setup to create a read-only IAM role in your cloud provider. SecTests uses this role to read configurations without any write access to your infrastructure.
Option 2: Service account credentials. Provide service account credentials with read-only permissions. This works well for organizations with strict IAM policies that prefer to manage access directly.
Once connected, cloud posture checks run on the same schedule as your other compliance validations. Results appear in the same dashboard with framework control mapping and evidence packages.
Integration with your compliance workflow
Cloud posture checks integrate with your existing compliance workflow. Add the --cloud flag to your CLI command to include cloud validation in your pipeline checks:
sectests validate --cloud aws --framework soc2 --fail-on critical
The check runs alongside your standard compliance validations. If a critical policy violation is detected, the CLI exits with a non-zero code and your pipeline stops.
Pricing
Cloud posture management is included in Pro and Enterprise plans at no additional cost. Each cloud account counts as one monitored asset toward your plan limit. Community plan users can upgrade to Pro for a 14-day free trial.
We have been validating this with early-access customers for three months. The module has already caught IAM policy drift and encryption configuration gaps in organizations that passed their most recent SOC 2 audit. If your team runs on cloud infrastructure, this is coverage you need.