What is CSPM?
What is CSPM?
Cloud Security Posture Management or commonly referenced as CSPM is a key security control for organizations who are on a cloud-first strategy and focused on migrating their data and applications to cloud. Most of the successful attacks on cloud environments are due to misconfiguration and mismanagement.
By 2021, 50% of enterprises will unknowingly and mistakenly have some IaaS storage services, network segments, applications or APIs directly exposed to the public internet.1
1Gartner Research – Innovation Insight for Cloud Security Posture Management, 25 January 2019
Why do you need CSPM?
Whilst the cloud-first strategy provides speed, agility, increased levels of productivity and flexibility, it also brings the challenges of being exposed to heightened cyber security threats as the cloud environments are available on the internet, and the highest of all threats are data breaches.
The are many options available to configure the components in a cloud environment to support business acceleration but also provides the opportunity for misconfigurations. Some common ones are,
- Security policies which govern the configurations are overly permissible
- Access to data storage is not required nor encrypted
- Access paths from networks are not secured
- APIs drive the operations of cloud which are easily misconfigured and mismanaged due to the numerous multi-cloud resources often needed to operate the application
Traditional on-premises security technologies such as firewalls and intrusion detection and prevention systems work well where a perimeter is clearly defined which does not bode well in a cloud environment where the ideology of a perimeter does not exist. Other challenges to the traditional on-premises solutions are,
- Cloud configuration changes happen at speed and scale which the manual processes established with on-premises tools are unable to keep up
- With a multi-cloud environment, a centralized view of the constant change against a baseline of secure practice is not available
- Finally, and most poignantly, the perimeter as we know has near enough dissolved with access to cloud resources is available from anywhere
What does CSPM do for you?
CSPM provides non-stop visibility, monitoring, reporting and remediation of cloud infrastructure and application security posture.
Key must have features of a CSPM:
| VISIBILITY | ● Centralized view of all your cloud environments ● API driven for speed and accuracy ● Coverage of cloud models (SaaS, PaaS, IaaS) |
| GOVERNANCE | ● Security policies based on industry best practices (NIST, CIS, CSA) couple with regulatory and business operations compliance ● Continuous monitoring for misconfiguration and non-compliance |
| REPORTING | ● Real-time reporting on configuration deviation and control failures |
| REMEDIATION | ● Step by step guided remediation to speed up response time |
How do you consume CSPM?
With each of the above requirements for CSPM, understanding your current baseline will drive the selection of correct technology and security partner for the deployment of CSPM. Data to establish are,
- Breakdown of your current subscriptions across IaaS/PaaS (AWS, Azure GCP), and SaaS (M365, Google Workspace, Box) cloud environments
- Application interactions between the cloud environments, both user to system and system to system (typically API calls)
- Regulatory and business compliance requirements
- Training and support needed for your security operations team
- Technology provider integration with your cloud environments
- Choose a CSPM solution which is SaaS delivered
- A business case on involving an implementation partner who can help accelerate the effort
In closing, CSPM is a crucial step toward securing your organization’s presence to progress business workload migration into cloud. CSPM supports security teams to provide the feedback to developers to embed a security by design mantra into their development process. Operating in cloud environments places security on everyone’s responsibilities and CSPM helps make this process easier.
