Oct 14, 2019
6 Minutes
Cloud Security Posture Management (CSPM) helps to mitigate and minimize cloud data security breaches. CSPM solutions automatically assess cloud environments against best practices and compliance standards and help remediate issues, often through automation. CSPM tools verify that cloud configurations follow security best practices and compliance standards such as CIS, Azure and GCP benchmarks and PCI, or HIPAA frameworks. As companies are increasingly moving to the cloud, CSPM is becoming a necessary aspect of security.
CSPM tools are designed to connect to the cloud infrastructure and analyze data about the cloud assets, the networks they belong to, user permissions, and tags. When you add a cloud account to a CSPM, data from the cloud environment’s flow, configuration and audit logs are ingested, stored, and analyzed. Typically, you can then interact with this data to configure policies, investigate and resolve alerts, and to forward alert notifications. Relevant data can be sent to third-party tools or systems for further analysis.
CSPM tools play a pivotal role in helping organizations stay compliant with primary mandates or frameworks and enable organizations to address accidental risk, such as:
CSPM tools provide continuous monitoring and assessment of compliance and risk across enterprise cloud services. The primary use cases for security and risk management teams include:
The move to the cloud hasn’t solved the problems that existed in the pre-cloud era. Vulnerabilities, misconfigurations, and compromised assets are still very much an issue. However, the cloud brings with it better ways to handle those problems.
CSPM cannot be complete without addressing the intentional threats and the capability to provide a true evaluation of where an organization stands. Security policies that define how security teams deal with asset visualization, inventory and management, incident response, and internal training and education were originally built for on-premise environments, and do not support the cloud environment security posture in a cloud-native way.
Cloud Security Posture Management means managing the posture of your entire cloud deployment, throughout the technology stack. To live up to their name, CSPM solutions need to be supplemented with deeper defense and threat detection capabilities to truly address all aspects of security and compliance for your workloads in the cloud. To help achieve this, consider services and tools that enable the following four value-added capabilities:
To properly address security posture in the cloud, you need a macro view of risk and the level of drift from established policies. Let’s have a look at the following common use cases:
In order to improve your security posture in the cloud, a centralized view of all your assets and servers in one place is essential in order not to miss critical misconfigurations, policy violations, and mistakes.
At the end of the day, security teams are overwhelmed by the avalanche of alerts, and fixing security holes comes down to context that enables prioritization. Manual integrations of multiple data points are simply not feasible.
To determine your security posture in the cloud you need a good understanding of what’s going on, and the ability to contextualize the findings.
For example, if you are using one tool to detect whether a machine is running a vulnerable web server and another tool to determine the machine location, then you need to manually assess the alert using data derived from two separate tools. As a result, you may find ten vulnerable web servers, and start patching them right away. The issue is that only one of them is Internet-facing, and your valuable resources will be wasted on issues that are not the highest priority.
To strengthen your remediation capabilities, it is simply not enough that security solutions alert to potential areas of risk or threat. Your team must have an easy and automated way to prioritize those alerts and assess threats in context.
The Total Cost of Ownership (TCO) is another important piece of the puzzle. When considering the various solutions for assessing your security in the cloud, ask yourself:
Since CSPM solutions provide key capabilities for DevOps, Security, IT, and GRC teams alike, you need tools that contribute to the required collaboration necessary to achieve security and compliance outcomes in the future without wasting precious resources.
As we discussed above, cloud security differs from what we are used to with on-prem environments. The same issues have both a different meaning and a different mitigation strategy on-prem and in the cloud.
For example, if you have 20 spot instances running the same image that have a vulnerability or misconfiguration, will you see it as 1 issue or 20 unrelated issues? A proper CSPM solution must be able to understand that they are all copies of the same image.
Mitigation strategies must also be adapted and relevant in the cloud. Many times in the cloud you ‘refresh’ images rather than fix them, leaving your organization exposed. But cloud best practice isn’t just to patch transform your images, but to recreate them from scratch using newer versions. Make sure that the products you are using are compatible with the cloud way of doing things, and can provide adequate recommendations for action.
In conclusion, here’s a helpful table that summarizes the different cloud security solutions.