Cloud Security
Workflows

SHADOW IT DISCOVERY — WEEKLY SCAN ════════════════════════════════════════════════════════ CORP DOMAINS QUERIED: 14,891 unique domains APPROVED SaaS: 234 services on approved list SHADOW IT DETECTED: 67 unauthorized services HIGH RISK — Immediate Action Required (8 services): quickfile-share.io — File Sharing SaaS Users: 23 | Data uploaded: ~4.2GB | First seen: 12 days ago /security: Not present | /compliance: Not present Domain Age: 187 days | PageRank: 1.8 /pricing: Free tier, no enterprise features | /login: Basic auth only IAB: Technology | Countries: Singapore RISK: No encryption, no SOC2, no GDPR compliance, PII exposure ai-assistant-pro.com — AI/LLM Tool Users: 41 | Queries: ~12,000/week | First seen: 34 days ago /security: Basic security page, no certifications /compliance: Not present | /legal: Data retention unclear Domain Age: 289 days | PageRank: 2.4 /pricing: Enterprise tier available but not purchased Personas: Developers, product managers RISK: Proprietary code/data being sent to unvetted AI service team-kanban-board.app — Project Management Users: 15 | First seen: 8 days ago /security: Not present | /compliance: Not present Domain Age: 94 days | PageRank: 0.9 RISK: Project data, timelines, and internal communications exposed

REMEDIATION — AUTOMATED ACTIONS ════════════════════════════════════════════════════ BLOCKED (8 high-risk services): → Prisma Access URL filtering updated — immediate block → 79 affected users notified with approved alternatives → IT tickets created for data recovery assessment MONITORED (23 medium-risk services): → SSL decryption enabled for traffic inspection → Data Loss Prevention (DLP) policies applied → Vendor security assessment requests auto-generated ALLOWED WITH CONTROLS (36 low-risk services): → Added to shadow IT inventory for next review cycle → Basic DLP controls applied → Usage tracking enabled for cost optimization

VENDOR SECURITY POSTURE — 234 APPROVED SaaS VENDORS ════════════════════════════════════════════════════════════ HEALTHY (198 vendors — 84.6%): /security: Present and current | /compliance: Certs valid Leadership: Stable | Hiring: Active | PageRank: Stable/improving DEGRADING (28 vendors — 12.0%): dataflow-analytics.com (Business Intelligence tool) /security: SOC2 badge removed 14 days ago /compliance: GDPR page content reduced significantly /leadership: CISO position vacant for 60+ days /careers: -45% job postings vs last quarter PageRank: 5.2 → 4.1 (30-day trend) ASSESSMENT: Security posture degrading — review required crm-cloudpro.io (CRM Platform) /security: Penetration test date changed from annual to "periodic" /press: Announced layoffs affecting 30% of engineering /support: Response times doubled per user complaints on /blog ASSESSMENT: Operational risk increasing — contingency planning needed CRITICAL (8 vendors — 3.4%): secure-msg-platform.com (Enterprise Messaging) /security: Page removed entirely /compliance: ISO 27001 cert expired, not renewed /leadership: CEO + CTO departed within 30 days /press: Silent for 90 days (previously weekly) PageRank: 4.8 → 2.1 (90-day decline) ASSESSMENT: CRITICAL — Begin immediate vendor transition

API GATEWAY ANALYSIS — 847 UNIQUE CALLER DOMAINS ════════════════════════════════════════════════════════ AUTHORIZED PARTNERS (312 domains): All verified: PageRank >3, Domain Age >2yrs, /api docs present Example: partner-integrations.com — PR: 5.4, Age: 4.1yrs SUSPICIOUS CALLERS (14 domains): data-harvest-bot.xyz API calls: 47,000/hour | Domain Age: 4 days | PageRank: 0.0 /api: Not present (no legitimate API docs) Countries: China | Web Filtering: Bot Networks VERDICT: Data scraping bot — Rate limit + block + revoke API key credential-test-service.com API calls: 12,000/hour (login endpoint) | Domain Age: 11 days PageRank: 0.0 | Countries: Russia Web Filtering: Malware / Hacking Tools VERDICT: Credential stuffing attack — Block + alert security

DATA SOVEREIGNTY AUDIT — 234 CLOUD SERVICES ════════════════════════════════════════════════════════ REQUIREMENT: EU data must stay in EU (GDPR), US health data US-only (HIPAA) COMPLIANT (189 services — 80.8%): /compliance: GDPR section present | /legal: DPA available Countries: Hosting in approved jurisdictions NON-COMPLIANT (12 services — 5.1%): analytics-platform-pro.com /compliance: No GDPR section | /legal: No DPA available Countries: Hosting in India, no EU data center option Used by: EU marketing team (42 users, processing EU customer data) VIOLATION: EU personal data processed outside EU without adequacy hr-onboarding-saas.io /compliance: GDPR mentioned but no Article 28 DPA Countries: US-only hosting, no EU region Used by: EU HR team (8 users, processing employee PII) VIOLATION: Employee PII transferred to US without SCCs NEEDS REVIEW (33 services — 14.1%): /compliance present but outdated or incomplete

MULTI-CLOUD FOOTPRINT — ENTERPRISE DISCOVERY ════════════════════════════════════════════════════════ KNOWN INFRASTRUCTURE: AWS: 847 resources | Azure: 412 resources | GCP: 189 resources Total: 1,448 known cloud resources DISCOVERED (UNKNOWN) INFRASTRUCTURE: AWS: +34 resources | Azure: +12 resources | GCP: +8 resources HIGH RISK DISCOVERIES: dev-staging-api.company-internal.com → AWS us-east-1 /api: Exposed API with no authentication /docs: Swagger UI publicly accessible IAB: Technology | PageRank: 0.3 | Domain Age: 89 days RISK: Internal API exposed to internet — credentials in docs backup-data-eu.s3-website.amazonaws.com /products: S3 directory listing enabled Countries: EU (Ireland) | Contains: Database backups RISK: Customer data backups publicly accessible test-env-2024.azurewebsites.net /login: Old authentication portal — 2024 codebase Domain Age: 487 days (orphaned test environment) RISK: Unpatched, unmonitored test environment with live data

SaaS SPRAWL ANALYSIS — ENTERPRISE-WIDE ════════════════════════════════════════════════════════ TOTAL SaaS SERVICES: 301 (approved + shadow IT) DUPLICATE FUNCTION GROUPS: 14 DUPLICATE GROUP: Project Management (7 tools) asana.com — 89 users | /pricing: Enterprise $30/user/mo monday.com — 45 users | /pricing: Enterprise $24/user/mo clickup.com — 23 users | /pricing: Business $12/user/mo notion.so — 67 users | /pricing: Team $10/user/mo linear.app — 34 users | /pricing: Business $8/user/mo team-kanban-board.app — 15 users (shadow IT) | No /security page trello.com — 12 users | /pricing: Free tier only Overlap: 285 total users across 7 tools doing similar tasks EST. ANNUAL WASTE: $189,000 in duplicate subscriptions RECOMMENDATION: Consolidate to 1-2 tools, save $140K+/year

VENDOR CHANGE ALERTS — FEBRUARY 2026 ════════════════════════════════════════════════════════ CRITICAL CHANGE: securecloud-backup.com (Enterprise backup service, 2.4PB data) /press: "Acquired by DataVault Holdings" — Feb 8, 2026 /legal: T&Cs updated — new data sharing clauses /leadership: Entire C-suite replaced by acquirer's team /compliance: SOC2 and HIPAA pages "under review" /investors: Page removed (now private company) IMPACT: Data ownership, compliance certs, and T&Cs all changing ACTION: Legal review of new T&Cs, contingency backup plan needed MONITOR: devops-pipeline-cloud.io (CI/CD platform) /leadership: CTO and VP Engineering departed same week /careers: -40% engineering positions in 30 days /investors: Series C extension announced (cash concerns?) ASSESSMENT: Possible financial distress — monitor weekly

CLOUD WORKLOAD COMMUNICATION MAP ════════════════════════════════════════════════════ WORKLOADS ANALYZED: 1,448 cloud resources EXTERNAL DOMAINS CONTACTED: 3,891 unique domains EXPECTED COMMUNICATIONS (3,812 — 98.0%): Package registries, API partners, CDNs, monitoring services All domains: PageRank >2, Age >1yr, legitimate Web Filtering categories ANOMALOUS COMMUNICATIONS (79 — 2.0%): Production DB cluster → telemetry-export.xyz Domain Age: 7 days | Country: Russia | PageRank: 0.0 /api: Accepts POST requests with JSON payloads Web Filtering: Malware CRITICAL: Possible data exfiltration from production database API Gateway → stats-collector-free.com Domain Age: 34 days | Country: Ukraine | PageRank: 0.1 /products: Free analytics service SUSPICIOUS: Unauthorized analytics SDK in API gateway

CLOUD SECURITY BENCHMARK — CYBERSECURITY INDUSTRY ════════════════════════════════════════════════════════ Company /security /compliance Certs Listed PR Score Palo Alto Networks YES YES SOC2,ISO,FedRAMP 8.9 98 CrowdStrike YES YES SOC2,ISO,HIPAA 8.7 96 Fortinet YES YES SOC2,ISO,CC 8.4 94 Zscaler YES YES SOC2,ISO,FedRAMP 7.9 92 SentinelOne YES Partial SOC2,ISO 7.2 85 Wiz YES Partial SOC2 6.8 82 YOUR POSITION: Top 15% of cybersecurity vendors Strength: FedRAMP certification (only 34% of peers have this) Gap: Bug bounty program page missing (67% of peers have this)

MIGRATION RISK ASSESSMENT — ON-PREM TO CLOUD ════════════════════════════════════════════════════════ PROJECT: Legacy SIEM migration to cloud-native platform VENDORS EVALUATED: 4 VENDOR ASSESSMENT: google.com/chronicle (Google Chronicle SIEM) /security: Comprehensive — Google infrastructure /compliance: FedRAMP High, SOC2, ISO 27001, HIPAA /partners: 234 integration partners listed /case-studies: 18 enterprise security case studies Countries: Global data center presence MIGRATION RISK: LOW — Established, compliant platform elastic.co (Elastic Security) /security: Detailed trust center /compliance: SOC2, ISO 27001 /partners: 178 integration partners /case-studies: 12 security-focused case studies MIGRATION RISK: LOW — Open source foundation, strong community next-gen-siem-startup.io (Startup SIEM) /security: Basic — SOC2 "in progress" /compliance: No FedRAMP, limited certs /partners: 12 integrations (limited) /case-studies: 2 case studies, both small companies Domain Age: 412 days | PageRank: 2.8 Personas: SMB security teams MIGRATION RISK: MEDIUM — Young company, limited enterprise proof