Blog

The Evolution of Cloud Security Posture Management CSPM

Table of Contents

With the constant threat of data breaches and the ephemeral and fast-paced nature of the cloud, it only makes sense to want to secure your cloud at the most foundational level. Organizations have turned to CSPM solutions to lock down their platforms.

But what exactly is CSPM and how can it help your business? Beyond that, what should you look for in a CSPM solution?

Keep reading to find out.

What is CSPM?

According to Gartner, the research firm responsible for coining the acronym, CSPM is a security product class that helps automate security and provide compliance assurance in the cloud. CSPM tools work by examining and comparing a cloud environment against a defined set of best practices and known security risks

Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. In fact, 99 percent of cloud security issues will be the customer’s fault through 2025, according to the research firm.

For a more in-depth description of CSPM tools explore our blog.

A Brief History of CSPM

The cloud migration boom led to a data security crisis, as businesses quickly realized that they needed advanced mechanisms and processes to protect their new digital environments and secure their data.

Early CSPM solutions enabled businesses to identify their cloud environments, monitor for changes, and leverage policy visibility to ensure consistent enforcement across multiple cloud providers.

First-generation CSPM platforms scanned cloud instances for misconfigurations and improper settings. They also scanned databases and storage buckets for misconfigurations and provided auditing and reporting for compliance mandates.

In addition, early CSPM solutions provided performance on risk assessments versus frameworks and external standards like the ISO, NIST, GDPR, and more. They were also able to verify that operational activities could be performed as expected while automating processes and remediating issues as needed.

Early CSPM services conducted these activities on a continuous basis, while providing automation capabilities to correct issues without human intervention or delay.

All of this sounds great, but since then business needs and cloud complexities have grown and teams find themselves bogged down by endless alerts. First-generation CSPM isn’t cutting it anymore and it comes with one major shortcoming: a lack of context.

Adding Context to CSPM

Traditional or limited CSPM solutions are largely built with on-prem concepts, that is, with a focus on network controls and software vulnerabilities. These priorities do not translate to the cloud, in fact, they fundamentally misunderstand the nature of the cloud.

The cloud is an amorphous and dynamic space – the network perimeter is gone. Instead, the closest thing compromising a perimeter is identity. As a result, identity and the data accessible must be the context considered when examining platform configurations and risks.

Context is most often determined by how a piece of compute — like an identity or data point — is invoked. Previous CSPM tools separated risk out by type – an attempt at context, but risk types like identity, data, or workload concerns do not function in isolation. Considering how these pillars of cloud security influence each other and connect offers better context and prioritization.

Cloud Security Posture Management with context includes the following advantages:

Verifying user identity and validating context before allowing access to apps, APIs, and more;
Reducing complexity and costs by leveraging a unified access management platform and a single set of policies;
Spending less effort and time to configure and enforce access policies; and
Adding context to improve your organization’s security posture as more workloads move to the cloud.

In sum, these evolved CSPM solutions better enforce granular access control based on an identity and the context of the request. However, shortcomings still persist – and one major concern Sonrai notices is around the lack of consideration around non-person identities. Non-person identities are proliferating and becoming a staple in cloud operations. Developers can and are creating new non-person identities like roles, service accounts, virtual machines, etc. to help in application development, and they do so with ease and little oversight.

Gartner Predicts that by 2023, 75% of cloud security failures will result from inadequate management of identities, access, and privileges. That’s an increase from 2020 when the number was 50%. Enterprise respondents to a Sonrai research study had an average of 7,750 identities in their environment. With non-person identities outnumbering person identities, you’re quickly looking at 3,500+ NPIs to secure. On top of all this, Sonrai research detects on average 17 new permissions a day in our customer’s clouds.

The big takeaway: there’s a proliferation of all kinds of identities, especially machine ones, and they’re overpermissioned and accessing your data. Your platform security posture and workload vulnerability management must consider identity and data information to better prioritize risks.

Introducing Next-Generation CSPM

The next step in the evolution of this technology is intelligent CSPM cloud security that provides data and identity context to better prioritize risks, automation and workflows, and remediation capabilities.

With intelligent CSPM, organizations can continuously identify and monitor every possible relationship between identities and data that exists across the public cloud. Further, identifying security and compliance issues can help you improve the visibility and control of your cloud.

Next-Gen Cloud Security Posture Management Capabilities

Advanced Continuous Monitoring and Detection

The core function of cloud security posture management is assessing your cloud against a secure baseline of configurations and best practices to detect drift and misconfigurations. Relying on periodic monitoring, snapshots and APIs alone does not cut it. Your cloud needs to be locked down 24/7. Platform misconfigurations are one of the leading causes of data breaches and data exposure, like this Shanghai Police incident.

While traditional CSPM tools should detect the following risks and violations…

Lack of encryption on databases or data storage.
Lack of encryption on application traffic, especially that which involves sensitive data.
Improper encryption key management such as not rotating keys regularly.
Excessive account permissions.
No multi-factor authentication MFA enabled on critical accounts.
Misconfigured network connectivity, particularly overly permissive resources directly accessible from the internet.
Data storage is exposed directly to the internet.
Logging is not turned on to monitor critical activities such as network flows, database access, or privileged user activity.
Compliance drift.

…A more integrated CSPM solution with access to critical data and identity insights will take things up a notch. Detection expands into flagging risks relating to person and non-person identities and data best practices.

With intelligent CSPM, more complicated best practices can be assessed, including looking for excessive permissions, making sure access to storage buckets only comes from authorized identities, and finding stale access keys that haven’t been used in 90 days. The key factor is a CSPM platform with visibility into datastores, VMs, identities, databases, key vaults, and more, so you know what’s in your cloud, where it is, and who or what is accessing it. Traditional solutions just can’t offer this level of context.

Workflow, Prioritization & Remediation

Detecting security risks and misconfigurations is just one half of the bill. What’s next? Operationalizing alert triaging and then remediating the risks.

Workflow

Organizing your cloud by environment and respective sensitivity allows for more intelligent workflows. An intelligent workflow ensures security alerts are sent to the right teams or individuals responsible for remediation so the Customer PII Application team isn’t being sent a Sandbox Developer’s issue.

Prioritization

All that visibility into data, identity, access, and workloads enables next-generation CSPM to prioritize what’s most urgent and offer actionable checks. Additionally, because your team is set up in intelligent workflows based on sensitivity, you can prioritize which ‘lanes’ need strict policies and which don’t.

Remediation

Because of the intelligent workflows, your teams can rely on getting timely alerts for risks they need to remediate, but next-level cloud security posture management leverages automation to provide a library of remediation options so bots can take care of the work before you need to.

Are You Ready for Advanced CSPM?

Sonrai Dig’s differentiator is bringing identity and data to the center of your cloud security strategy. This deep visibility into all your data, identities, and entitlements strengthens traditional CSPM checks by offering actionable and prioritized alerts.

Oldworld CSPM was built considering on-prem concepts centered around networks. Today, identity is our perimeter – your CSPM solution should account for that.

If you’re ready to upgrade your security posture checks, explore our solution, or better yet, download our detailed CSPM Buyer’s Guide.