Note: This is the fifth in a six-part series on public cloud security. You can follow the entire series here.
CSPM – Cloud Security Posture Management (CSPM) solutions are the latest wave in the quest to protect cloud workloads and keep customers secure. CSPM solutions evaluate cloud infrastructure and identify misconfigurations or violations to an organizations’ “best practices.” By doing so, they identify issues that could lead to data breaches or leakage, as well as play a role in compliance.
CSPM looks at the problem differently than other solutions (though there is overlap). CSPM starts with a set of known “best practices” – some of the solutions in the market leverage published benchmarks like the CIS Benchmarks – and turn them into configuration rules that can be applied against current configurations. CSPM has the ability to identify misconfigurations at any point in an organization’s infrastructure and alert security professionals to the issue as well as the recommended solution.
Many CSPM products focus on alerting and are closely integrated with native cloud services like AWS Guard Duty and Security Hub, and Microsoft Azure Security Graph API. Only a subset of CSPM solutions currently work with Azure, and a smaller subset still offers remediation tools.
In addition to identifying misconfigurations which can lead to vulnerabilities, because CSPM solutions approach this task from a set of benchmarks or best practices, they also factor in organizations’ ability to demonstrate compliance. In a post-GDPR world, compliance has gained significantly for nearly all organizations as it impacts not only customers in EMEA but companies doing business with any customers in EMEA.CSPM solutions impact an organizations’ ability to demonstrate compliance, which has great significance in a post-GDPR world.Click To Tweet
CSPM solutions also offer the promise of extensibility. The rulesets they leverage can be enhanced, and the vendors offering CSPM solutions are actively working with other standards organizations to include rules that would help ensure IT compliance in other areas, such as PCI-DSS. CSPM solutions are also quickly embracing multi-cloud environments. Most larger organizations have deployments in two, three, or even four (or more!) cloud infrastructures. CSPM solutions can be agnostic in this regard: some can apply their configuration rules across a multi-cloud ecosystem, further aiding organizations in managing properly configured and compliant IT infrastructures.
Barracuda Cloud Security Guardian
Rich is the Director of Public Cloud Product Marketing at Barracuda. He joined the team as part of the acquisition of C2C Systems in 2014. Rich is one of Barracuda’s public cloud experts – he works directly with the cloud ecosystems and has been quoted in eBooks from Microsoft on public cloud security. He is also a frequent contributor to Barracuda’s own cloud blogs. For our cloud motions, he helps develop strategies and execution with our partners and sales teams.
You can email Rich at email@example.com.