Cloud Security¶
Audit your SaaS identity providers against CIS benchmarks.
Supported providers¶
Google Workspace¶
- Benchmark: CIS Google Workspace Foundations v1.2.0 (86 checks)
- Auth: Google Admin SDK Service Account with Domain-Wide Delegation
- Scope: L1 controls only (L2 requires add-ons)
Microsoft 365¶
- Benchmark: CIS Microsoft 365 Foundations v6.0.0 L1 (86 checks)
- Auth: Microsoft Graph client_credentials (Entra ID app registration)
- Scope: L1 controls
Setup¶
- Navigate to Cloud Security in sidebar (available for paid plans)
- Choose provider
- Follow the setup wizard:
- GWS: upload Service Account JSON + enter admin email
- M365: enter tenant ID, client ID, client secret
What's audited¶
- Identity and access (MFA, password policy, admin accounts)
- Data protection (DLP, sharing restrictions, retention)
- Email security (SPF/DKIM/DMARC, anti-phishing, quarantine)
- Device compliance (mobile management, conditional access)
- Audit logs and monitoring
- Third-party app permissions
- Marketplace / app gallery restrictions
Caching¶
Results cached in DB for 24 hours. Manual refresh available in UI.