The dynamic growth of cloud services makes maintaining a consistent level of security across complex IT environments an increasing challenge for organizations. Security Compass is OChK’s new, free, and proprietary tool that streamlines the process of identifying configuration gaps, allowing organizations to quickly eliminate misconfigurations in Google Cloud, Google Workspace, Microsoft Azure, and Microsoft 365 environments.
Year after year, we observe that the scale of cybersecurity challenges continues to grow. According to a report by CERT Polska, the number of registered incidents in 2025 rose by as much as 152% compared to 2024. Particularly concerning is the evolution of malware-related threats (up 81% y/y) and ransomware attacks, which increased by 21% y/y—meaning, in practice, an attempted ransom demand occurs on average every other day.
An increasing number of these incidents directly affect cloud infrastructure, whose dynamic nature and constant deployment of new services make it difficult to maintain ongoing oversight of environmental integrity. However, incident analysis shows that advanced hacking techniques are not the only culprits. A much more frequent source of problems are configuration errors, such as improperly assigned permissions, lack of active encryption, or excessive access to resources. In extensive Google Cloud or Microsoft Azure ecosystems, these gaps are extremely difficult to identify without systematic and automated configuration verification.
Configuration Assessment as a Risk Management Standard
The response to these challenges is a comprehensive cloud configuration security assessment. It allows for an objective verification of settings in key areas—from identity and access management to network and data protection and regulatory compliance. Systematic control is becoming an essential element of building an organization's digital resilience, especially in the context of rising legal requirements. Additionally, the recently signed amendment to the Act on the National Cybersecurity System (uKSC), implementing the NIS2 Directive, significantly expands obligations in the field of risk management and system protection.
"Organizations often lack full visibility of all assets in distributed cloud environments, which means configuration errors remain undetected until an incident occurs. In an era of rigorous regulatory requirements, such oversights generate risks that go far beyond the purely technical area. To offer our clients an effective tool for mitigating these threats, we built Security Compass from scratch. This proprietary OChK solution was created to enable efficient gap identification and an assessment of their real impact on business continuity. The tool not only pinpoints problems but, above all, prioritizes them, allowing IT teams to focus on eliminating the most critical risks first," comments Mateusz Mazur, Cloud Architect at OChK.
How Does Security Compass Work? Key Features and Scope of Analysis
Security Compass is a free tool for comprehensive cloud configuration security assessment, based on leading risk management standards and market best practices. The solution provides broad visibility into key security areas—such as identity and access, data protection, network security, and threat detection—within Google and Microsoft cloud environments.
- Full picture of hidden risks: The tool allows for an independent and detailed assessment of security configurations. It identifies vulnerabilities before they translate into the risk of data loss, incident costs, or regulatory penalties. It also helps eliminate unauthorized configurations (shadow IT) and verifies compliance (e.g., data storage outside the EEA).
- Immediate result and prioritization: You receive a report on the overall security assessment and detected vulnerabilities immediately after completing the questionnaire. This fast diagnosis allows you to quickly evaluate configuration strengths and decide on the next steps to minimize threats.
- Practical step-by-step recommendations: The results go beyond just pointing out problems. You learn how to eliminate configuration errors step by step, which significantly reduces reaction time and helps avoid costly mistakes or unplanned operational expenses.
- Security without complex integrations: You don't waste time on complicated and time-consuming integrations. The tool does not burden your resources, and all submitted data is encrypted, ensuring the confidentiality of the process.
By utilizing Security Compass, organizations can react more quickly to irregularities, build more informed and secure cloud environments, and use the generated reports as a ready-made aid in preparing for internal and external audits.
More information about our proprietary tool can be found on the Security Compass landing page.
