Chat with your cloud in Turbot Pipes →
HomeHomeHow We Prevent: The Five Practices1. Discover

1. Discover

You can't expand what you can't see. Before adding new preventive controls, you need comprehensive visibility into what prevention already exists across your cloud estate. Most organizations have more prevention than expected—just scattered and invisible across repositories, accounts, and tools.

Discovery creates a unified view of preventive controls across all four layers (Build, Access, Config, Runtime), revealing where coverage exists, where gaps create risk, and what opportunities exist for systematic expansion.

Start here: Build visibility

  1. Inventory your prevention tools List every tool that provides preventive controls: IaC scanners, organization policies, account defaults, runtime remediation, CI/CD security gates, and custom automation. You can't discover what you don't know to look for.

  2. Map coverage by layer For each prevention layer, document what controls exist and where they apply. Build layer: which repos have scanning? Access layer: which accounts have organization policies? Config layer: which accounts have secure defaults? Runtime layer: which accounts have auto-remediation?

  3. Document policy details For each preventive control, capture what it prevents, where it applies, how it enforces, what exceptions exist, and who owns it. Prevention that isn't documented is prevention that can't be maintained, expanded, or measured.

Then strengthen: Make prevention visible

  1. Identify coverage gaps Compare prevention coverage against detection findings, compliance requirements, and high-risk services. Where do misconfigurations appear repeatedly despite being preventable? Which accounts lack preventive controls? What critical services remain unprotected?

  2. Quantify your baseline Calculate metrics that show current prevention posture: percentage of accounts with organization policies, percentage of repositories with IaC scanning, number of preventive controls by layer, coverage of high-risk services. Baselines enable measuring improvement over time.

  3. Create cross-functional ownership Prevention controls scatter across security, cloud operations, platform engineering, and application teams. Organize discovery through collaborative working groups where each team documents controls they own, creating shared visibility rather than siloed knowledge.

Ongoing improvement: Maintain visibility

  1. Treat discovery as continuous Cloud environments change constantly. New controls get deployed, existing ones get modified. Implement automated tracking of policy changes and schedule quarterly reviews to keep documentation current. Real-time prevention visibility requires ongoing maintenance.

  2. Use PSPM platforms for automation Manual discovery across hundreds of accounts and multiple clouds doesn't scale. PSPM platforms automate discovery, maintain real-time prevention visibility, and create unified dashboards showing coverage across all layers and clouds.

  3. Connect discovery to action Discovery reveals prevention posture but shouldn't end there. Use discovery insights to identify quick wins (high-value controls that deploy easily), strategic investments (complex controls worth the effort), and fill-in opportunities (easy additions during slack time).

Discovery provides the foundation for all other prevention practices. Organizations that skip discovery often deploy duplicate controls, miss opportunities to extend existing prevention, break workflows that depend on undocumented exceptions, and struggle to measure improvement without baseline metrics. The investment in understanding your current state prevents mistakes and accelerates all subsequent prevention work.