Overview
Cloud environments change constantly. Every new resource, permission change, public endpoint or configuration update expands your organisation’s attack surface. Our cloud security scans help you uncover and prioritise security risks in your AWS, Microsoft Azure and Google Cloud environments without needing agents or manual configuration.
Instead of relying on point-in-time checks, we run continuous scanning that tracks changes and alerts you when new vulnerabilities appear, so your security team can act quickly.
The number of cloud environments you can connect for cloud security scans depends on your plan:
Cloud = 3 environments total
Pro = 10 environments total
Enterprise = Unlimited environments
These limits apply across all cloud providers combined, not per provider.
What cloud security scans do
Cloud security scans are automated vulnerability assessments for cloud infrastructure and services. They analyse your environment for:
Known vulnerabilities in cloud assets and services.
Misconfigured resources that could expose data or services.
Insecure permissions or overly broad public access.
Shared responsibility gaps where cloud platform defaults leave your systems exposed.
These scans give you a clear list of issues, risk severity and suggested actions, allowing you to fix problems before attackers can exploit them.
AWS
If you use Amazon Web Services (AWS), our integration enables automated cloud security scanning across your account.
To set up AWS cloud security scans:
Log in to the portal and go to Targets > Add target > Cloud asset sync > AWS.
Use the CloudFormation template we provide to create a role in your AWS account with the necessary scan permissions.
Enter the Role ARN back in the portal and configure your scan settings.
Once connected, scans will start immediately and run at regular intervals.
With this connection:
New public assets from AWS are added automatically as scan targets.
Scans are triggered when changes occur.
You get daily visibility into AWS security and risk.
Microsoft Azure
Connect your Microsoft Azure subscription to enable cloud security scans for Azure resources.
To configure Azure scanning:
Register an application in Azure AD for our scan service.
Assign the app Reader access at the required scope (e.g., Tenant Root Management Group).
Grant appropriate Graph API permissions.
Add the credentials in our portal and enable scanning.
After setup:
We scan Azure workloads, virtual machines, and services for misconfigurations and vulnerabilities.
Results are reported back into your security dashboard with actionable guidance.
Google Cloud
To enable cloud security scans on Google Cloud:
Connect your Google Cloud account through the portal.
Authorise access so we can synchronise your cloud targets.
Confirm which projects and resources you want scanned.
Once connected, we can:
Discover publicly exposed cloud assets.
Run security scans against those assets automatically.
Provide continuous visibility as your environment evolves.
Continuous and automated scanning
Cloud security scans are designed to be continuous and automated, running every 24 hours. They minimise the gap between when a new vulnerability is published and when your systems are tested for it.
Cloud environments are dynamic. Traditional quarterly or one-off scans miss most misconfigurations and exposures in fast-moving systems. Continuous scanning delivers:
Better threat visibility across cloud workloads.
Actionable results that relate directly to your cloud inventory.
Reduced risk through early detection and prioritised fixes.
Related Articles