# What is the Cloud scan? ### Intro Stoïk Protect's Cloud scan monitors and analyzes the part of the insured company's infrastructure located in the Cloud. Conversely, this scan does not include storage solutions such as OneDrive, SharePoint, or Google Drive, which you may already have. This scan is updated daily, without any action required from you. ### How does it work? The Cloud scan uses two open-source tools: Scout Suite and CloudSploit, and is available for the leading cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). It allows you to analyze elements of your cloud configuration deemed critical from a cybersecurity perspective, including: * User access methods and rights: verify that user rights and authentication methods are properly hardened. * Password policy: audit the password policy and ensure it is not overly permissive. * Database exposure: validate that databases are not publicly exposed on the internet and analyze access rights. * Firewall rules: audit access rules to the cloud infrastructure. * Backup policy: verify that backups are performed regularly. {% hint style="info" %} It is non-instrusive, since Stoïk Protect: * Only has read access to the cloud infrastructure configuration, enabling technical auditing * Does not access data stored in the cloud, such as company data or emails, nor can it modify the infrastructure. {% endhint %} ### Entra ID The Cloud scan analyzes Active Directories located in the cloud (also known as Entra IDs). When only Office 365 via Entra ID is scanned, the analysis focuses on aspects related to your mailbox, such as detecting users who have not enabled two-factor authentication. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stoik.io/prevention-tools/what-is-the-cloud-scan.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.