CSPM – Cloud Security Posture Management (CSPM) solutions are the latest wave in the quest to protect cloud workloads and keep customers secure. CSPM solutions evaluate cloud infrastructure and identify misconfigurations or violations to an organizations’ “best practices.” By doing so, they identify issues that could lead to data breaches or leakage, as well as play a role in compliance.
CSPM looks at the problem differently than other solutions (though there is overlap). CSPM starts with a set of known “best practices” – some of the solutions in the market leverage published benchmarks like the CIS Benchmarks – and turn them into configuration rules that can be applied against current configurations. CSPM has the ability to identify misconfigurations at any point in an organization’s infrastructure and alert security professionals to the issue as well as the recommended solution.
Many CSPM products focus on alerting and are closely integrated with native cloud services like AWS Guard Duty and Security Hub, and Microsoft Azure Security Graph API. Only a subset of CSPM solutions currently work with Azure, and a smaller subset still offers remediation tools.
In addition to identifying misconfigurations that can lead to vulnerabilities, because CSPM solutions approach this task from a set of benchmarks or best practices, they also factor in organizations’ ability to demonstrate compliance. In a post-GDPR world, compliance has gained significantly for nearly all organizations as it impacts not only customers in EMEA but companies doing business with any customers in EMEA.
CSPM solutions also offer the promise of extensibility. The rulesets they leverage can be enhanced, and the vendors offering CSPM solutions are actively working with other standards organizations to include rules that would help ensure IT compliance in other areas, such as PCI-DSS. CSPM solutions are also quickly embracing multi-cloud environments. Most larger organizations have deployments in two, three, or even four (or more!) cloud infrastructures. CSPM solutions can be agnostic in this regard: some can apply their configuration rules across a multi-cloud ecosystem, further aiding organizations in managing properly configured and compliant IT infrastructures.
Rich est directeur marketing pour les produits de cloud public chez Barracuda. Il a rejoint l'équipe dans le cadre de l'acquisition de C2C Systems en 2014. Rich est l'un des experts du cloud public de Barracuda. Il travaille directement sur les écosystèmes cloud et est cité dans des ebooks de Microsoft sur la sécurisation du cloud public. Il est également contributeur régulier des blogs thématiques sur le cloud de Barracuda. Dans le cadre de notre travail sur le cloud, il aide au développement de stratégies et à leur exécution avec nos partenaires et nos équipes commerciales.
CSPM looks at the problem differently than other solutions (though there is overlap). CSPM starts with a set of known “best practices” – some of the solutions in the market leverage published benchmarks like the CIS Benchmarks – and turn them into configuration rules that can be applied against current configurations. CSPM has the ability to identify misconfigurations at any point in an organization’s infrastructure and alert security professionals to the issue as well as the recommended solution.
