Devs love to say, “If it wasn’t logged, it didn’t happen.” Attackers love that too. Because in most clouds, logging is optional — and optional usually means “off.”

Best Practice #4: Logging & Detection That Doesn’t Exist

The Problem:
No logs = no incident. At least, that’s what management believes… right up until the ransom note includes your CEO’s vacation selfies from a public bucket.

Quick Fix:

• AWS: Org-level CloudTrail, GuardDuty, VPC Flow Logs, S3 access logging (on the important buckets, not all).

• Azure: Defender for Cloud, Activity Logs → Log Analytics, NSG Flow Logs.

• GCP: Security Command Center, VPC Flow Logs, Data Access logs.

Sanity Check: Search your logs for:

• Failed IAM logins

• API calls from “odd” geos

• Surprise PutBucketPolicy at 3AM

If you can’t find those in <5 minutes, your “monitoring” is just vibes.

Want More?

This is just 1 of 3 tips in this part. Paid readers also get:

• Best Practice #5: Secrets in code & CI pipelines (how attackers find creds faster than your interns find Stack Overflow answers).

• Best Practice #6: Guardrails you set once so devs can’t YOLO their way into a breach.

👉 [Upgrade to Root Access Tier] for the full playbook.

JJ – Chief Packet Pusher