← Back to Engineering Blog
🗓️ Jan 15, 2025 ⏱️ 1 min read

Uncovering Hidden Tech Debt: Cloud Landing Zone Security Audits

How we conducted comprehensive security audits across multi-tenant Azure landing zones to eliminate legacy tech debt.

🎙️ Listen to Article READY
AI Audio Synthesis Narrator
Share Post:

“Technical debt in the cloud doesn’t look like dusty servers—it looks like orphaned Public IPs, legacy TLS 1.0 endpoints, and unencrypted storage accounts.”

At Kyndryl, we conducted enterprise cloud audits to uncover hidden security vulnerabilities and technical debt across complex Azure landing zones.


Key Audit Candidates

  • Orphaned Public IPs: Unattached public IP addresses costing monthly fees while providing potential attack surfaces.
  • Deprecated TLS Protocols: Legacy web apps using TLS 1.0/1.1 instead of TLS 1.2+.
  • Over-Privileged Identity Roles: Service Principals with Contributor rights granted across entire subscriptions.
# # Azure CLI Query for Unattached Public IPs
az network public-ip list --query "[?ipConfiguration==null].{ResourceGroup:resourceGroup, Name:name, IPAddress:ipAddress}" --output table

The Verdict

Key Takeaway

Schedule Regular Technical Debt Remediation Cycles.

Do not treat cloud landing zones as static environments. Run automated compliance scans regularly to eliminate orphaned resources and patch security drift.

SKS

Sachin Kumar Sharma

Associate Director (Infrastructure & Cloud Architecture Strategy) | 20+ Yrs Exp

Architecting resilient multi-cloud enterprise landing zones, SDN overlay fabrics, DevSecFinOps automation pipelines, and autonomous Agentic AI platforms.