Bytes Blog: Understanding Cloud Security Posture Management

Tuesday 2nd April 2024

Writer: Gennaro Migliaccio, Co-Authors: Giuseppe Damiano, Peter Hall, Editor: Daniela Miccardi 

_______________________

Cloud Security Posture Management (CSPM) has been around for a while and has taken leaps and bounds since we first reviewed this security control. 

The overall objective of CSPM is to proactively safeguard cloud environments by providing continuous monitoring and assessment of cloud-based resources to ensure they adhere to security best practices and known compliance frameworks. Whilst the first examples of CSPM focused mainly on infrastructure configuration, today’s CSPM tools allow for more extensive and granular reviews by including components such as microservices, PaaS Services, Identity roles, and vulnerabilities.

For this reason the term CSPM today has evolved into CNAPP (Cloud Native Application Protection Platform) or CWAPP (Cloud Workload Application Protection Platform).

How does CSPM work? 

The basic premise of CSPM is to connect into a Public Cloud Environment and continuously scan and assess its configuration against security best practices and industry frameworks.  

The benefit is  to provide you with continuous insights into the overall security posture of the cloud environment, highlight any gaps or issues and provide options to remediate them.
The availability of CSPM solutions has increased exponentially over the past years, and even the major cloud providers today offer a CSPM feature. While this abundance might be confusing for some organisations, this is where it is important to choose the one that’s best and most fitting to them.

Why use CSPM?

There are several compelling reasons to use CSPM across your cloud environments, some of which are listed below: 

  • Risk Mitigation – One of the main reasons of CSPM is providing continuous and proactive identification of security risks associated with misconfigurations. Today’s cloud environments are growing in complexity, and given how easy it is to provision resources, it’s very easy to imagine how mistakes can be made in its configuration, a risk which is increased by the constant need to change and evolve these environments. By continuously monitoring your services configuration, publicly accessible resources, secrets management and compliance you will mitigate the risk of security incidents caused by overexposure or insufficient protection.  
  • Compliance & Governance – Whilst not the most exciting topic, compliance requirements are still at the forefront of many organisations’ focus. The introduction of multiple cloud environments makes it harder to assess this diverse infrastructure against many industry standards. CSPM solutions can help maintain compliance by continuously monitoring for changes that could deviate away from a particular framework or represent actual violations. 
  • Enhancing Visibility – CSPM provides organisations with better overall visibility into all cloud assets, even in distributed or decentralised environments. Seeing as almost all CSPM platforms now (even native ones) can span across multiple cloud providers, they give us the ability to monitor and manage security posture consistently across multi-cloud environments. This increase in visibility allows us to identify and address security gaps effectively. 

This is by no means an exhaustive list, but hopefully conveys the top 3 points as to why CSPM is important and why everyone should use it.

The bigger picture

One of the misconceptions we have come across a few times is that CSPM can act as a replacement for other security tools, mainly Vulnerability Management. CSPM is not designed to replace other security measures in place, in fact it’s designed to work alongside other tools and fill in the gaps by assessing and monitoring the cloud tenant level.
Six main integrations we have seen with CSPM are: 

1. Integration with CI/CD pipelines, assessing Infrastructure as Code templates for common misconfigurations before they are pushed into an environment (Dev, Non-Prod or Production) solves the issues before they happen (sometimes referred to as a “Shift-Left” Security). 
2. Integration/Cross Reference with Vulnerability Management, looking at both vulnerabilities from the app and service level along with the overall configuration at the cloud level.     
3. Identity Entitlement Management (of Users and Machines) is another facet of Cloud Security where strong integration (or visibility) plays an important role (after all attackers use Privileges to commit breaches) 
4. Integration with Data Security Posture Management (including Data Classification) tools is another important principle (after all attackers are after sensitive data) 
5. Integration into SIEM, Ticketing Systems and Messaging solutions to monitor and alert upon configurations that fall outside of best practices (because speed of remediation is key).     
6. Integration with other Web Application Vulnerability Scanning and API Vulnerability Scanning capabilities (because almost very application is Web based)

The above list contains a few examples and is not exhaustive. 

As we mentioned earlier, the term CSPM today is folded into the term CNAPP (Cloud Native Application Protection Platform) or CWAPP (Cloud Workload Application Protection Platform).  It is safe to say that the more integration (or visibility) a vendor provides in their CNAPP platform the more consolidation a customer can achieve.  

Given that CSPM (and CNAPP) solutions potentially connect into multiple clouds, there is also scope for integrations into Asset Management and Inventory Systems. 

Based on the above, CSPM (and CNAPP) is something that should be considered and planned into your Security Strategy. 

Where can I get started? 

A customer's environment and their objectives around Security will determine which CSPM (or CNAPP) vendor or solution is best.     

Customers using multiple public cloud vendors will struggle the most unless they have a consolidated CSPM solution.

Customers with multiple teams supporting Digital Transformation (but with a small Security Operations team) tend to feel the most pain if they don’t have the visibility they need.

Customers hosting revenue generating applications or sensitive data need these tools to implement common Information Security policies (for example least privilege access control) 

Customer who promotes their Cyber Essentials and Cyber Essentials Plus credentials (most FTSE 250) need to make sure their Cloud environment meet the Vulnerability Management patching requirements that underpin Cyber Essentials. 

Customers that consistently receive negative comments relating to their Penetration Testing results 

Summary

Hopefully this article serves as an introduction to provide insight into CSPM (and CNAPP).
This technology is now mature as it has been around for a while and chances are you have had some form of exposure to it, but it’s important to keep up to date with how CSPM has evolved as well as how you can derive value out of such a powerful, yet underrated solution. 

Thank you for reading. 

If you have any questions, or would like to learn more about any of the topics covered in this blog, please email our friendly team via [email protected].


Want to keep informed? Sign up to our Newsletter

Connect