Do you have two-factor authentication (2FA) enabled for all your cloud account users?

Does your organization encrypt all sensitive data and traffic?

How often do you patch your production systems?

How frequently do you conduct cloud services security awareness training in your organization?

Do we have a way to monitor and detect security incidents continuously?

Is there a standard process for provisioning access to cloud services that include managing and storing the identity of all personnel who have access to the cloud environment, including their level of access?

Do you have a solution to check for compliance and/or misconfiguration in your cloud accounts?

For cloud services, do you have a standard document on how to create and manage separate environments for production and test processes?

Does your organization incorporate privacy-by-design in your IT systems?

Has the organization considered and addressed backup, recovery, archiving, and decommissioning of data stored in a cloud environment?

Does your network architecture diagram clearly identify high-risk cloud environments and data flows that may have legal and compliance impacts?

Do you think your organization is effectively implementing a cloud security strategy?

Do you think your organization is aware of the security risks of cloud computing that it needs to prepare for while migrating to the cloud?

Do you have a solution for managing your cloud inventory?