A Quick Look Into Cloud Security Posture Management (CSPM)

The cloud security solutions market is growing rapidly, and there are many types of solutions to support your specific business needs. But figuring out the right tool—let alone the right type of tool—can be difficult. Gartner has five security archetypes that fall under the broader cloud security management platform umbrella.  This article gives a quick look into the CSPM archetype:

1. Cloud Access Security Broker (CASB)
2. Cloud Workload Protection Platform (CWPP)
3. Cloud Security Posture Management (CSPM)
4. Cloud Infrastructure Entitlement Management (CIEM)
5. Cloud-Native Application Protection Platform (CNAPP)

What is cloud security posture management (CSPM)?

CSPM solutions, like DivvyCloud by Rapid7, continuously manage cloud security risk. They detect, log, report, and provide automation to address issues. These issues can range from cloud service configurations to security settings and are typically related to governance, compliance, and security for cloud resources.

CSPM tools focuses on four key areas:

1. Identity, security, and compliance
2. Monitoring and analytics
3. Inventory and classification of assets
4. Cost management and resource organization

When should you use cloud security posture management (CSPM) tools?

CSPM tools are most effective when used in multi-cloud infrastructure-as-a-service (IaaS) environments. They can also protect IaaS elements of mixed deployments.

Benefits and limitations of CSPM tools

Benefits

• Provide unparalleled visibility into an organization’s cloud assets and their respective configurations.
• Provide valuable context by mapping interdependencies between cloud infrastructure, services, and abstraction layers to fully understand the source and scope of risk.
• Enforce the protection of data by ensuring native and other data security controls are in place.
• Identify workload issues and potential attack surfaces/exposures by detecting configuration issues/deviation from best practices. They interoperate with native monitoring and alerting to provide effective incident identification and escalation.
• By integrating with identity platforms or native cloud identity, CPSMs help provide privileged access control to IaaS cloud administration.

Limitations

Most CSPM limitations are connected to their interconnections with native CSP security controls. For example, CSPMs:

• Do not apply security at the data, operating system, or application layers or provide additional data security controls. However, they will enforce native data and application controls.
• Do not typically perform vulnerability scanning directly; rather, they rely on native tools and other third-party product outputs.

For a deeper dive into Gartner’s cloud security archetypes, read: A Practical Guide to Gartner’s Cloud Security Archetypes.