Skip to content
Cloud Security · Assessment

Your cloud security
before the audit —
systematically assessed, audit-ready documented.

Many cloud environments grow faster than security controls can keep up. We analyze your configuration, permissions, and architecture decisions — and deliver an audit-ready findings report with prioritized actions for your TISAX, DORA, or NIS2 requirements. Your dedicated contacts know your environment — no project manager who first needs to get up to speed.

Request an assessment What we assess

What a Cloud Security Assessment covers

We analyze all security-relevant layers of your cloud environment — systematically, not by sample.

Identities

Roles, MFA, Conditional Access

Network

Ports, Firewall, Segmentation

Data

Encryption, Backup, Access

Scan

Monitoring

Logs, SIEM, Alerting

Compliance

Secure Score, CIS, NIS2

Architecture

Structural risks, Design

Who this assessment is for

The assessment is designed for automotive suppliers with TISAX requirements, FinTech companies under DORA and BaFin supervision, and regulated organizations that want to know where they truly stand in their cloud security posture.

TISAX Preparation

You are facing a TISAX assessment or re-assessment and need a reliable baseline of your Microsoft Azure and M365 environment — before the external auditor arrives.

DORA and NIS2 Requirements

DORA requires demonstrated ICT risk controls, NIS2 a documented security posture. Our assessment provides the foundation for both — with a prioritized action catalog.

After an incident

There has been a security incident and you want to understand how it happened and what needs to change — with a written findings report that is also usable for insurers and authorities.

New target architecture

You want to prepare your cloud environment for a new target architecture — and need to account for TISAX, DORA, or NIS2 requirements from the start. We deliver a clear assessment of the current state as an audit-ready basis for decisions.

The assessment is not an audit — it is a foundation for informed decisions.

What we assess

The assessment covers all security-relevant layers — not just configuration, but also access models, processes, and architecture decisions.

Identities and Access Rights

User accounts, service accounts, privileged roles, Conditional Access policies, MFA enforcement

Network and Perimeter

Network segmentation, open ports, firewall rules, VPN configuration, DNS settings

Data Storage and Transfer

Encryption at rest and in transit, backup configuration, access protection at storage level

Monitoring and Logging

Activation of diagnostic logs, SIEM integration, alerting on critical events

Compliance Posture

Comparison against Microsoft Secure Score, CIS Benchmarks, and industry-specific requirements

Architecture Decisions

Identification of structural risks that cannot be resolved through individual measures

Our approach

Three phases — with clear expectations at every step and without unnecessary project complexity.

  1. 01

    Kickoff and Scope Definition

    1 week
    • Define systems and environments in scope
    • Identify regulatory requirements
    • Capture your most important questions
    • Define the assessment framework together
  2. 02

    Technical Analysis

    2–3 weeks
    • Read-only access or configuration exports
    • No deployment, no agents
    • No interference with production systems
    • Systematic review across all layers
  3. 03

    Findings and Action Plan

    1 week
    • Written findings report
    • Prioritized action list by risk
    • Implementation effort per measure
    • Joint closing session

Approximately 4–5 weeks to a complete findings report

Each phase builds on the previous one and delivers standalone value.

What you receive

After the assessment, you have a sound foundation for your next steps.

Findings Report

Complete report documenting all identified vulnerabilities and their risk classification

Action Plan

Prioritized recommendations with estimated implementation effort

Closing Session

Presentation of results and answers to open questions

Decision Basis

Sound foundation for your next target architecture or certification preparation

For automotive suppliers, we offer a TISAX Readiness Assessment as an entry point that directly reviews the relevant controls from the VDA ISA. You work with dedicated contacts who know your environment. We also support you in implementing the identified measures — as part of our Security Architecture service.

Free & no obligation

Request an assessment

Tell us briefly what you want assessed — we'll get back to you within one business day with a proposal for next steps. Personal, reliable, no detours.

Get in touch

No obligation. No sales pitch. Just clarity.