Cloud Security Posture Manager (CSPM)
Cloud environments are complex, flexible, adaptable environments that allow developers to build and deploy solutions quickly for their businesses. The benefits of the cloud are awe-inspiring, but with those benefits comes our inability to keep up with and secure our environments properly. Visibility into a dynamic environment is crucial, but our current security tools are insufficient for the task. We need a Cloud Security Posture Manager (CSPM).
Why we need Cloud Security Posture Manager (CSPM)
Continuous monitoring and remediation are essential today. With Continuous Integration/Continuous Deployment (CI/CD), it is no longer possible (if it ever was) to manually monitor cloud deployments. For example
- MGM Resorts had a misconfigured cloud server in February of 2020 that leaked more than 10.6 million hotel guests’ personal data, including names, addresses, and phone numbers. The guests included some of their employees, government officials, and some celebrities.
- Century link in September of 2019 found they had a cloud network misconfiguration that publicly exposed a MongoDB for months which allowed 2.8 million customers’ personal data.
- Capital One leaked over 100 million customers’ personal data in 2019. This occurred because a former employee hacked into a misconfigured firewall that had a role (****WAF-Role) that was granted ‘list buckets’ and ‘sync’ commands to S3 buckets.
There is a shared responsibility model for security within the cloud. Most misconfigurations occur within the responsibilities of the cloud customer, as these three examples demonstrate. Unfortunately, most customers rely on the cloud provider to securely configure their applications and devices (depending on cloud deployment). The provider secures the underlying structures: physical servers, routers, switches, operations systems, and such. They create default configurations for their products, but as they have always been, default configurations are often not secure enough for your implementation.
What is CSPM
The simple answer is that it allows you to manage your cloud posture; though, what does that mean? CSPM provides:
- Discovery and visibility into dynamic clouds
- Automatic discovery upon deployment
- Find misconfigurations
- Find policies, accounts, roles
- Provides guided remediation, sometimes automatic, often based on industry best practices like Secure Controls Framework (SCF).
- Continuous compliance monitoring (HIPAA, SOX, GDPR, CPAA).
- DevSecOps has a single source of truth about deployments and security.
- Targeted threat detection to assist DevSecOps to prevent alert fatigue .
- Integration with SIEM for greater threat analysis and detection.
Another simple way to explain CSPM is that it is an automated tool for information security. It will work to determine misconfigurations and issues and then either automatically remediate them or tell you how. In their 2020 Cost of a Data Breach Report, IBM shows that one of the most productive and cost-efficient things to do is automate security within our businesses.