Know what is exposed in your cloud before it becomes a breach.
A focused AWS or Azure security review that identifies high-risk misconfigurations, access issues, logging gaps, and practical improvements.
Starting Price
USD $5,000 / CAD $6,500
Typical Timeline
7 to 15 business days
Engagement Snapshot
Best For
Businesses using AWS or Azure without full confidence that their environment is secure
Primary Outcome
A prioritized cloud security baseline and remediation roadmap
Standard Scope
One cloud provider, up to 5 accounts or subscriptions
Key Exclusions
No hands-on remediation, cloud migration, or production changes
The Problem
Cloud environments change quickly and small misconfigurations create large exposures.
Cloud environments can change quickly, and small misconfigurations can create major exposure. Overly permissive IAM roles, publicly accessible storage buckets, missing logging, unencrypted data, and gaps in backup coverage are among the most common issues found in AWS and Azure environments. This review provides a structured look at your cloud environment and identifies the highest-risk findings with practical remediation guidance.
What You Get
Defined deliverables
- check_circleCloud security baseline report
- check_circleRisk-ranked findings
- check_circleIAM and privilege recommendations
- check_circleNetwork exposure review
- check_circleStorage and public access review
- check_circleLogging and monitoring recommendations
- check_circlePrioritized remediation backlog
What Is Included
Standard scope
- checkOne cloud provider, AWS or Azure
- checkUp to 5 accounts, subscriptions, or equivalent cloud scopes
- checkReview of IAM, networking, storage, logging, encryption, backup posture, and high-risk misconfigurations
- checkUp to 3 stakeholder interviews
- checkOne final report and one findings presentation
What Is Not Included
Scope exclusions
- removeHands-on remediation
- removeCloud migration
- removeFull architecture redesign
- removeCost optimization review unless separately scoped
- removeKubernetes or container security unless separately scoped
- removeProduction changes
- removeOngoing cloud operations
The Process
How this engagement works
Fit Call
We confirm the cloud provider, account structure, and specific security concerns.
Scope Confirmation
Accounts, access method, assumptions, deliverables, and timeline are confirmed.
Access
Read-only access is granted or configuration exports are provided for the agreed accounts.
Cloud Review
IAM, networking, storage, logging, encryption, and backup posture are reviewed and findings are prioritized.
Findings Handoff
Report and remediation backlog are delivered. Walkthrough call covers findings and next steps.
Who This Is For
For businesses running cloud infrastructure without a formal security review
This review is a strong fit for businesses that use AWS or Azure for production workloads, data storage, or business applications, but have not had a structured security review of their cloud environment. It is particularly relevant for organizations where the cloud environment has grown organically, where different teams have added resources over time, or where the original setup was done without security as a primary concern.
It also works well before a compliance review, after a cloud migration, when onboarding a new cloud team, or when you want a senior second opinion on your current cloud security posture.
Pricing note: Pricing shown is starting pricing for standard-scope engagements. Final pricing depends on environment size, number of systems, complexity, urgency, and any requested work outside the standard scope.
These starter engagements are intentionally scoped to produce useful outcomes without turning into open-ended consulting projects. If your environment is larger, more complex, or requires hands-on implementation, SullySoft can provide a separate estimate before any additional work begins.
Cloud Security Baseline Review
Starting at USD $5,000 / CAD $6,500 • 7 to 15 business days
Book a 30-minute fit call to confirm the scope and get started.
Book a 30-Minute Fit Call