Cloud Security Posture Management (CSPM)

What is it?
CSPM solutions continuously manage cloud security risk. They detect, log, report, and provide automation to address issues. These issues can range from cloud service configurations to security settings and are typically related to governance, compliance, and security for cloud resources.

CSPM tools focus on four key areas:

• Identity, security, and compliance.
• Monitoring and analytics.
• Inventory and classification of assets.
• Cost management and resource organization.

In what context is it best used?
CSPM tools are most effective when used in multi-cloud IaaS environments. They can also protect IaaS elements of mixed deployments.

Benefits and limitations

Benefits

• Provide unparalleled visibility into an organization’s cloud assets and their respective configurations.
• Provide valuable context by mapping interdependencies between cloud infrastructure, services, and abstraction layers to fully understand the source and scope of risk.
• Enforce the protection of data by assuring that native and other data security controls are in place.
• Identify workload issues and potential attack surfaces/exposures by detecting configuration issues/deviation from best practices. They interoperate with native monitoring and alerting to provide effective incident identification and escalation.
• By integrating with identity platforms or native cloud identity, CPSMs help provide privileged access control to IaaS cloud administration.

Limitations
Most CSPM limitations are connected to their interconnections with native CSP security controls.

For example, CSPMs:

• Do not apply security at the data, operating system or application layers or provide additional data security controls. However, they will enforce native data and application controls.
• Do not typically perform vulnerability scanning directly; rather, they rely on native tools and other third-party product outputs.