The first step in any server security audit is to have a clear and updated inventory and documentation of your server assets. This includes hardware, software, network, users, roles, permissions ...

When Love’s team audits security for its virtual server environment, it doesn’t introduce new steps so much as extend the ones it already has for physical servers, Love says.