#cloud-security

Implement automated security and compliance controls for cloud infrastructure using policy-as-code and security scanning tools. Security frameworks: 1. CIS Controls: 18 critical security controls, automated implementation and monitoring. 2. NIST Cybersecurity Framework: identify, protect, detect, respond, recover phases. 3. SOC 2 Type II: security, availability, processing integrity, confidentiality, privacy. 4. Compliance automation: PCI DSS for payment processing, HIPAA for healthcare data. Policy as Code: 1. Open Policy Agent (OPA): Rego language for policy definition, admission controllers. 2. AWS Config Rules: automated compliance checking, remediation actions. 3. Azure Policy: resource compliance, deny non-compliant deployments. Security scanning: 1. Static analysis: SonarQube, Checkmarx for code vulnerabilities, 15-minute scan cycles. 2. Dynamic analysis: OWASP ZAP, Burp Suite for runtime vulnerability detection. 3. Container scanning: Twistlock, Aqua Security for image vulnerabilities. 4. Infrastructure scanning: Prowler, Scout Suite for cloud misconfigurations. Incident response: 1. SIEM integration: Splunk, Elastic Security for log correlation and threat detection. 2. Automated remediation: Lambda functions, Azure Functions for immediate response. 3. Forensics: CloudTrail analysis, audit log retention (7 years minimum). Identity management: SSO integration, MFA enforcement, privilege escalation monitoring, access reviews quarterly.