Login
Sonrai Security website logo for identity and data governance and cloud security

The Evolution of Cloud Security Posture Management

Author: Eric Kedrosky | Date: November 25, 2020
Read Time: 4 minutes
CSPM

The constant threat of cybercrime and data breaches is causing more businesses to embrace cloud security posture management (CSPM) as a proactive defensive solution.

But what exactly is CSPM and how can it help your business? Beyond that, what should you look for in a CSPM solution? 

Keep reading to find out.

What is CSPM?

CSPM is a methodology that can help protect cloud environments from attacks and misconfigurations. 

According to Gartner, nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. In fact, 99 percent of cloud security issues will be the customer’s fault through 2025, according to the research firm. 

Gartner defines CSPM as a continuous process of cloud security and improvement and adaptation, which reduces the likelihood of successful attacks.

A Brief History of CSPM

The cloud migration boom led to a data security crisis, as businesses quickly realized that they needed advanced mechanisms and processes to protect their digital environments and secure their data. 

Early CSPM solutions enabled businesses to identify their cloud environments, monitor for changes, and leverage policy visibility to ensure consistent enforcement across multiple cloud providers.

First-generation CSPM platforms scanned cloud instances for misconfigurations and improper settings. They also scanned databases and storage buckets for misconfigurations and provided auditing and reporting for compliance mandates. 

In addition, early CSPM solutions provided performance on risk assessments versus frameworks and external standards like the ISO, NIST, GDPR, and more. They were also able to verify that operational activities could be performed as expected while automating processes and remediating issues as needed.

Early CSPM services conducted  these activities on a continuous basis, while providing automation capabilities to correct issues without human intervention or delay. 

Early CSPM solutions, however, had one major shortcoming: they lacked context.

Adding Context to CSPM

Context is most often determined by how a piece of compute — like an identity or data point — is invoked.

Based on learned function context, your cloud environment can enforce granular access controls to web apps, VMs, APIs, and apps based on a user’s identity and context of the request — without the need for a traditional VPN. 

Based on the least privilege security model, context-aware access enables your organization to provide simpler access for your users, enforce granular controls, and use a single platform for both your cloud and on-premises applications and infrastructure resources. 

Today’s CSPM with context include the features of basic CSPMs as listed above, while also:

  • Verifying user identity and validating context before allowing access to apps, APIs, and more;
  • Reducing complexity and costs by leveraging a unified access management platform and a single set of policies;
  • Spending less effort and time to configure and enforce access policies; and
  • Adding context to improve your organization’s security posture as more workloads move to the cloud.

Today’s CSPM approach enforces granular access control based on a user's identity and the context of the request. However, they have another shortcoming by excluding non-human identities. This is a major problem when considering the rapid proliferation of non-human identities in the modern enterprise (e.g., bots).

Introducing Intelligent CSPM

The next step in the evolution of this technology is intelligent CSPM, which includes data and identity security. This involves using first-generation CSPM tooling with non-human identities and intelligence, including data automation and remediation.

So, why is intelligent CSPM necessary?

Many organizations today are still lacking key identity-related security controls. Meanwhile, the few companies that have started applying proper access controls are typically focusing on human users as opposed to non-human users. 

Non-human identities are identities that act on behalf of a person. For example, they can be pieces of code, such as AWS Lambda functions, or pieces of compute, such as Azure VMs or other public cloud services. 

Regardless of how you define them, they are extremely useful and often represent the vast majority of identities found in cloud deployments. They do, however, present some unique challenges that are only solved with intelligent CSPM.

With intelligent CSPM, organizations can continuously identify and monitor every possible relationship between identities and data that exists across the public cloud. Further, identifying security and compliance issues can help you improve the visibility and control of your cloud.

What to Look for in a CSPM Solution

The right CSPM platform should automate the process of assessing your cloud against hundreds of configuration and security best practices. It should also identify critical risks in your environment in both human and non-human identities. 

These checks may include basic policies, like ensuring each account sends its logs to a secure log repository, requiring all admin users to log in with multi-factor authentication, and making sure no administrative identities are open to the public.

With intelligent CSPM, more complicated best practices can be assessed as well, including looking for excessive account permissions, making sure access to storage buckets only comes from authorized identities, and finding stale access keys that haven’t been used in 90 days.

Running a cloud at scale requires you to quickly and reliably identify when your cloud deviates from security policies. It also enables you to provide an instant notification within the tools you use to manage operations, including tools from HashiCorp, Slack, and Jira.

Sonrai Dig to the Rescue

Sonrai was recently named as a leader in Gartner’s CSPM Innovation Insight Report, as a provider that’s helping businesses implement cutting-edge intelligent CSPM projects. 

To learn more about how Sonrai's CSPM can help your business implement intelligent CSPM solutions to protect your organization from attacks and misconfigurations, drop us a line today.

You Might Also Like

How to Determine Your Blast Radius

Since you’re reading these words, chances are you have some reservations about cloud security. You may even be co

Read More

IAM: A Critical Element of Corporate Risk Literacy

Risk is relative. What one person perceives is a significant risk may be observed simply as irritation to another.

Read More

A Brief History of Identity Management

Powerful identity and access management (IAM) models of public cloud providers like AWS, Microsoft Azure, and Googl

Read More
© 2020 Sonraí Security. All rights reserved | Privacy Policy
Sonrai Security cloud security platform, products and services are covered by U.S. Patent No. 10,728,307, together with other domestic and international patents pending. All rights are reserved.
magnifier