Cloud Security Posture Management (CSPM)
Cloud Security Posture Management (CSPM) is a market segment for IT security tools that are designed to identify misconfiguration issues and compliance risks in the cloud. An important purpose of CSPM programming is to continuously monitor cloud infrastructure for gaps in security policy enforcement.
Gartner, the IT research and advisory firm that coined the term, describes CSPM as a new category of security products that can help automate security and provide compliance assurance in the cloud. CSPM tools work by examining and comparing a cloud environment against a defined set of best practices and known security risks. Some CSPM tools will alert the cloud customer when there is a need to remediate a security risk, while other more sophisticated CSPM tools will use robotic process automation (RPA) to remediate issues automatically.
CSPM is typically used by organizations that have adopted a cloud-first strategy and want to extend their security best practices to hybrid cloud and multi-cloud environments. While CSPM is often associated with Infrastructure as a Service (IaaS) cloud services, the technology can also be used to minimize configuration mistakes and reduce compliance risks in Software as a Service (SaaS) and Platform as a Service (PaaS) cloud environments.
Key capabilities of CSPM
The key features of the most popular enterprise Cloud Security Posture Management tools include the ability to:
- detect and perhaps automatically remediate cloud misconfigurations;
- maintain an inventory of best practices for different cloud configurations and services;
- map current configuration statuses to a security control framework or regulatory standard;
- work with IaaS, SaaS and PaaS platforms in containerized, hybrid cloud and multi-cloud environments; and
- monitor storage buckets, encryption and account permissions for misconfigurations and compliance risks.
Why using CSPM is important
CSPM tools play an important role in securing a cloud environment by reducing the possibility of data breaches.
According to Gartner, misconfiguration of the cloud environment is one of the more common mistakes in the cloud that can lead to a data breach -- and use of a CSPM tool can reduce cloud-based security incidents due to misconfigurations by 80%.
How CSPM works
Cloud Security Posture Management tools are designed to detect and remediate issues caused by cloud misconfigurations. A specific CSPM tool may only be able to use defined best practices according to a specific cloud environment or service, however, so it is important to know what tools can be used in each specific environment. For example, some tools may be limited to being able to detect misconfigurations in an AWS or Azure environment.
Some CSPM tools can automatically remediate issues by combining real-time continuous monitoring with automation features that can detect and correct issues, such as improper account permissions. Continuous compliance can also be configured according to a number of standards, including HIPAA.
Other CSPM tools can be used in tandem with Cloud Access Security Broker (CASB) tools. CASB is a software tool or service that can safeguard the flow of data between on-premises IT infrastructure and a cloud provider's infrastructure.
Additional benefits of enterprise CSPM
In addition to monitoring for compliance, CSPM tools can also make risk visualization, incident response and DevOps integration easier by providing greater visibility across multiple cloud partners. Additional benefits of implementing CSPM in the enterprise include the ability to:
- continuously monitor cloud environments in real time for threat detection;
- assess data risk in real time;
- detect policy violations across multiple cloud providers;
- automate provisioning; and
- detect and automatically remediate
Why misconfigurations occur and how to prevent them
Misconfigurations are most often caused by customer mismanagement of multiple connected resources. With cloud-based services, there can be a lot of moving pieces to keep track of and manage. Misconfigurations of the environment can be easily made, especially with API-driven approaches to integration. Misconfiguration opens an organization to the possibility of a data breach, because it only takes a few misconfigurations in the cloud to leave an organization vulnerable to attack.
Many times, a misconfiguration is created merely due to a lack of visibility. If an organization lacks an understanding of which resources interact with one another, then a misconfiguration of cloud resources becomes more likely.
One of the more common misconfigurations is accidentally granting public access to storage buckets or containers within the cloud that can be assigned individually to storage classes. When access to storage buckets is left open, the buckets are vulnerable to attack from anyone who knows where to look.
Since its conception, Cloud Security Posture Management vendors have changed from just being able to detect and notify users of misconfigurations, to now being able to automatically remediate them as well. Three examples of CSPM vendors include Zscaler CSPM, Orca Security and Trend Micro Cloud Conformity.
- Zscaler CSPM is a CSPM tool that works with AWS, Azure, Google Cloud Platform, SaaS, IaaS and PaaS platforms. The tool can automatically identify and remediate misconfigurations. In 2020 the company Zscaler announced its intention to acquire Cloudneeti to add CSPM to its platform.
- Orca Security is a startup and CSPM tool that works on AWS, Azure and Google Cloud services. Orca Security combines CSPM and cloud workload protection platform (CWPP) capabilities. The goal is to provide visibility and analysis in a multi-cloud environment.
- Trend Micro acquired Cloud Conformity in a $70 million deal in order to be able to offer CSPM in the tool Cloud One Conformity. Cloud One Conformity works with AWS and Azure Cloud environments, with the goal of maintaining security, governance and compliance in public clouds.