Tuesday 2nd April 2024
Writer: Gennaro Migliaccio, Co-Authors: Giuseppe Damiano, Peter Hall, Editor: Daniela Miccardi
_______________________
Cloud Security Posture Management (CSPM) has been around for a while and has taken leaps and bounds since we first reviewed this security control.
The overall objective of CSPM is to proactively safeguard cloud environments by providing continuous monitoring and assessment of cloud-based resources to ensure they adhere to security best practices and known compliance frameworks. Whilst the first examples of CSPM focused mainly on infrastructure configuration, today’s CSPM tools allow for more extensive and granular reviews by including components such as microservices, PaaS Services, Identity roles, and vulnerabilities.
For this reason the term CSPM today has evolved into CNAPP (Cloud Native Application Protection Platform) or CWAPP (Cloud Workload Application Protection Platform).
How does CSPM work?
The basic premise of CSPM is to connect into a Public Cloud Environment and continuously scan and assess its configuration against security best practices and industry frameworks.
The benefit is to provide you with continuous insights into the overall security posture of the cloud environment, highlight any gaps or issues and provide options to remediate them.
The availability of CSPM solutions has increased exponentially over the past years, and even the major cloud providers today offer a CSPM feature. While this abundance might be confusing for some organisations, this is where it is important to choose the one that’s best and most fitting to them.
Why use CSPM?
There are several compelling reasons to use CSPM across your cloud environments, some of which are listed below:
This is by no means an exhaustive list, but hopefully conveys the top 3 points as to why CSPM is important and why everyone should use it.
The bigger picture
One of the misconceptions we have come across a few times is that CSPM can act as a replacement for other security tools, mainly Vulnerability Management. CSPM is not designed to replace other security measures in place, in fact it’s designed to work alongside other tools and fill in the gaps by assessing and monitoring the cloud tenant level.
Six main integrations we have seen with CSPM are:
1. Integration with CI/CD pipelines, assessing Infrastructure as Code templates for common misconfigurations before they are pushed into an environment (Dev, Non-Prod or Production) solves the issues before they happen (sometimes referred to as a “Shift-Left” Security).
2. Integration/Cross Reference with Vulnerability Management, looking at both vulnerabilities from the app and service level along with the overall configuration at the cloud level.
3. Identity Entitlement Management (of Users and Machines) is another facet of Cloud Security where strong integration (or visibility) plays an important role (after all attackers use Privileges to commit breaches)
4. Integration with Data Security Posture Management (including Data Classification) tools is another important principle (after all attackers are after sensitive data)
5. Integration into SIEM, Ticketing Systems and Messaging solutions to monitor and alert upon configurations that fall outside of best practices (because speed of remediation is key).
6. Integration with other Web Application Vulnerability Scanning and API Vulnerability Scanning capabilities (because almost very application is Web based)
The above list contains a few examples and is not exhaustive.
As we mentioned earlier, the term CSPM today is folded into the term CNAPP (Cloud Native Application Protection Platform) or CWAPP (Cloud Workload Application Protection Platform). It is safe to say that the more integration (or visibility) a vendor provides in their CNAPP platform the more consolidation a customer can achieve.
Given that CSPM (and CNAPP) solutions potentially connect into multiple clouds, there is also scope for integrations into Asset Management and Inventory Systems.
Based on the above, CSPM (and CNAPP) is something that should be considered and planned into your Security Strategy.
Where can I get started?
A customer's environment and their objectives around Security will determine which CSPM (or CNAPP) vendor or solution is best.
Customers using multiple public cloud vendors will struggle the most unless they have a consolidated CSPM solution.
Customers with multiple teams supporting Digital Transformation (but with a small Security Operations team) tend to feel the most pain if they don’t have the visibility they need.
Customers hosting revenue generating applications or sensitive data need these tools to implement common Information Security policies (for example least privilege access control)
Customer who promotes their Cyber Essentials and Cyber Essentials Plus credentials (most FTSE 250) need to make sure their Cloud environment meet the Vulnerability Management patching requirements that underpin Cyber Essentials.
Customers that consistently receive negative comments relating to their Penetration Testing results
Summary
Hopefully this article serves as an introduction to provide insight into CSPM (and CNAPP).
This technology is now mature as it has been around for a while and chances are you have had some form of exposure to it, but it’s important to keep up to date with how CSPM has evolved as well as how you can derive value out of such a powerful, yet underrated solution.
Thank you for reading.
If you have any questions, or would like to learn more about any of the topics covered in this blog, please email our friendly team via [email protected].
Want to keep informed? Sign up to our Newsletter