Cloud security architecture review for AWS, Aliyun, Tencent Cloud, Azure, and GCP — plus Kubernetes hardening, IaC review, and multi-cloud posture
We assess the security properties of your cloud system as designed and as deployed, against your specific threat model. Architecture review for cloud-native SaaS, IoT backends, AI/ML platforms, and multi-cloud enterprise environments. Bilingual EN + 中文 reporting; 60-day remediation re-check on Standard+ engagements.
“The cloud findings that matter most are architectural — trust-boundary violations, identity-model gaps, multi-tenant isolation breaks. They live in the design, not in the application code, which is why CSPM and conventional penetration testing miss them. Architecture review surfaces these findings because the assessment scope starts at the layer the findings actually live in.” — Gleb Z., CTO, Melina Security
Who this is for
- Cloud-native B2B SaaS teams with multi-tenant isolation, identity, and data-flow architectures that need adversarial review
- IoT backend teams running device-to-cloud architectures across AWS IoT, Azure IoT Hub, Aliyun IoT, or custom platforms
- AI/ML platform vendors running training and inference infrastructure with shared multi-customer access
- Enterprises with multi-cloud deployments where security posture varies meaningfully across cloud accounts
- DevSecOps and Platform Engineering teams building Kubernetes-based developer platforms that need a security review before production scale-out
- Compliance leads preparing for ISO 27001, SOC 2 Type 2, MLPS Level 2/3, or FedRAMP — architecture review is the structural evidence behind compliance attestations
What we cover
End-to-end across the cloud stack. Scope is set during discovery and scoping; typical engagements include multiple of the following:
Architecture review
- Trust boundary identification — where authority delegations cross security perimeters
- Data flow analysis — what data goes where, how, and under what authentication
- Multi-tenant isolation analysis — for SaaS with shared infrastructure
- Identity model review — IAM roles, service principals, federation, OIDC integration patterns
- Cryptographic boundary review — where keys live, rotation cycles, KMS / HSM integration
- Threat modeling (STRIDE / PASTA) anchored to the system’s actual architecture
Kubernetes security
- RBAC review (role bindings, service account permissions, namespace isolation)
- Network policies (ingress, egress, lateral movement controls)
- Admission controllers (PodSecurityPolicy / Pod Security Standards, OPA Gatekeeper, Kyverno)
- Pod security (capabilities, runAsNonRoot, read-only root filesystem, seccomp profiles)
- Image supply chain (registry security, image signing, SBOM-backed admission)
- Secrets management (in-cluster vs external secret store, rotation, audit trail)
- Container runtime (gVisor / Kata / runc, escape primitives)
- Cluster control plane (etcd encryption, API server audit, kubeconfig handling)
Cloud provider deep-dives
- AWS: IAM Access Analyzer, Organizations posture, Control Tower, GuardDuty / Security Hub integration, Lambda execution model, EKS security, S3 / KMS / Secrets Manager design
- Aliyun: RAM (Resource Access Management), ActionTrail, Container Service for Kubernetes (ACK), KMS, OSS / Tablestore security model — including MLPS-aligned configurations for China-resident workloads
- Tencent Cloud: CAM, TKE, CloudAudit, Cloud HSM
- Azure: Entra ID (Azure AD), Conditional Access, AKS, Key Vault, Sentinel integration
- GCP: IAM Conditions, Org Policies, GKE Autopilot vs Standard, KMS, Workload Identity
- Multi-cloud: consistent identity, secret distribution, audit aggregation, posture parity
Infrastructure-as-Code review
- Terraform / Pulumi / CloudFormation / Aliyun ROS modules
- IaC supply chain (module registry, version pinning, signing)
- Drift detection (IaC-defined vs live cloud state)
- CI/CD security (PR review controls, plan-apply separation, state-file protection)
- Secrets handling in IaC (provider credentials, application secrets, cross-stack references)
Specific architectures
- Zero-trust architecture review (per the planned Zero-Trust Architecture solution, P2)
- Service mesh (Istio / Linkerd / Consul) security review
- Serverless architectures (AWS Lambda / Aliyun Function Compute / Cloud Functions) — cold-start, IAM, event-source attack surface
- Data lake security (S3 / OSS bucket policies, Glue / DataWorks IAM, query engine access controls)
How we approach this
Melina’s six-step methodology applies with adjusted emphasis:
- Discovery Call — understand the cloud architecture, the workload type, the threat model, the cloud providers in scope.
- Scoping & Proposal — concrete in/out-of-scope (which accounts, which services, which IaC repos).
- Threat Modeling — STRIDE adapted for cloud; trust boundaries mapped to cloud-account boundaries.
- Testing & Exploitation — exploit-validated findings; for read-only architecture reviews, “exploit” means demonstrated attack path against your live posture, not destructive testing.
- Reporting — bilingual EN+ZH with executive summary + posture summary table for multi-cloud engagements.
- Remediation Re-check — 60-day verification on Standard+.
Deliverables
- Bilingual EN+ZH report — executive + technical layers
- Threat model artifact — data flow + trust boundary diagrams, kept as a re-usable engineering reference
- Per-finding artifacts — reproduction or evidence, severity rating, remediation guidance, time-to-fix estimate
- Posture summary table (multi-cloud engagements) — findings mapped across cloud accounts
- Optional IaC PR set — for high-priority findings, we can deliver suggested IaC fixes as draft PRs against your repos
- 60-day re-check on Standard+ engagements
- Optional knowledge-transfer workshop — 2-hour deep-dive with engineering team
For security firms reselling this capability
Cloud architecture review is one of the most-requested scopes through Melina’s Partnership program — security firms whose own teams lack cloud-specialist depth often engage Melina at wholesale to deliver this work to their end clients.
Selected research
- Prompt-Injection Defense Architecture — Field Guidance — Gleb Z. (relevant for AI/ML platforms running on cloud infrastructure)
- LLM Application Attack Surface — A Structured Taxonomy — Gleb Z. (relevant for cloud-hosted LLM services)
- IoT Supply-Chain Vulnerabilities — Methodology and Procurement Guidance — Tatiana K. (relevant for cloud-managed IoT fleets)
- See Research for the full set.
Related services, industries, and solutions
Related Melina services:
- AI & ML System Security — for AI/ML platforms running on cloud
- Mobile & Application Security — for application-layer security alongside cloud architecture
- Governance, Risk & Compliance — for compliance-driven architecture work
Industries:
- Cloud-Native SaaS (P1.5)
- AI/ML Product Teams (P1.5)
- IoT Manufacturers (P1.5) — for device-to-cloud architectures
Solutions:
- ISO 27001 & SOC 2 Readiness (P1.5)
- MLPS Readiness — for Aliyun / Tencent Cloud architectures
- Pre-Launch Product Security (P1.5)
- Supply-Chain Security (P1.5) — for SBOM / IaC supply-chain work
- Zero-Trust Architecture (P2)
What buyers ask us first
Three questions surface in nearly every initial discovery call with a cloud or platform team:
“Do we need architecture review if we already have CSPM and penetration testing?” Often yes — CSPM and pentest cover different ground than architecture review. CSPM detects known-misconfiguration drift in deployed posture; pentest finds exploitable conditions at the application layer. Architecture review surfaces the trust-model and authorization-boundary issues that produce the highest-impact findings in cloud-native systems. Most mature programs run all three with clear delineation of which question each answers.
“What level of access produces a substantive engagement?” Read-only access to architecture documentation, IAM policy exports, network topology, and IaC repos is typically sufficient for the initial assessment. Read-only cluster access for Kubernetes scope. Production access is required only for findings validation rather than for the assessment itself, which lets us run engagements with stronger separation-of-duties than write-access engagements typically allow.
“How does Chinese-cloud architecture review differ from AWS / Azure / GCP review?” The structural patterns are similar; the specific services and the regulatory overlay differ. Aliyun / Tencent Cloud architectures usually involve MLPS-compliant configurations, mainland-China region selection for data-residency reasons, and Chinese-cloud-specific identity and audit services (RAM, CAM, ActionTrail, CloudAudit). The assessment methodology is consistent; the per-service configuration depth shifts to the provider in scope.
Frequently asked questions
(Visible Q&A blocks; matching FAQPage JSON-LD emitted in <head>.)
What’s the difference between a cloud architecture review and a Kubernetes security audit?
An architecture review evaluates the security properties of your cloud system as designed — trust boundaries, data flows, identity model, multi-tenant isolation. A Kubernetes security audit goes deep on K8s-specific concerns: RBAC, network policies, admission controllers, pod security, container runtime, image supply chain. Architecture review is the right starting point if you don’t know where the gaps are; K8s audit is right if you have a specific K8s deployment to harden. Most engagements combine both.
Do you assess Aliyun and Tencent Cloud, or only AWS / Azure / GCP?
Both. Melina’s Shenzhen base means we work with Chinese cloud providers as often as international ones. Engagements for China-resident customers default to Aliyun or Tencent Cloud; international customers default to AWS, Azure, or GCP. Multi-cloud engagements (AWS for international + Aliyun for China) are explicitly supported.
Do you review Infrastructure-as-Code?
Yes. IaC review is part of architecture review for IaC-driven deployments. We focus on what static IaC scanners miss: cross-module trust assumptions, drift between IaC-defined posture and live cloud state, secrets handling in CI/CD, and runtime implications of IaC choices.
How does this differ from CSPM?
CSPM is continuous automated posture monitoring against known misconfigurations. Architecture review is one-time human assessment against your specific threat model. CSPM tells you “this S3 bucket is public”; architecture review tells you “your IAM design lets this service principal escalate to root regardless of bucket configuration.” Both have value; they answer different questions.
What’s the deliverable?
Bilingual EN+ZH report: executive summary, threat model with data flow + trust boundary diagrams, per-finding technical breakdown, remediation guidance, and 60-day re-check appointment. Multi-cloud engagements include a posture-summary table across cloud accounts.
Can you review pre-production environments and IaC before they ship?
Yes — pre-production review is often higher-leverage than post-production audit because findings can change architecture rather than require remediation. We review IaC PRs in repos, assess staging environments, and review design documents.
Do you offer this as a partner channel?
Yes — via the Partnerships program, cloud architecture review is one of the most-requested wholesale scopes.
Authorized testing disclaimer
All techniques described are performed under authorized rules of engagement with the system owner. Unauthorized access to systems is illegal.
Ready to start?
Request Assessment → — a discovery call with Gleb takes 30 minutes and clarifies scope, timeline, and starting-from pricing in one session.