We’ve written about cloud security posture management (CSPM) before, briefly discussing some of the benefits this service can provide. But we’ve watched these services quickly evolve, even over the last few months, and we want to take a further look at the tools that comprise CSPM, the value they add to cloud security and compliance programs in their current state, and what Armor sees as the future of CSPM.
By taking a harder look, we hope to inspire a big picture understanding about cyber-risk (it’s not always what you think) and what is required to secure your organization’s sensitive data in the cloud.
Cyber-Risks: The Accidental & The Intentional
Let’s put cyber-risk into the context of accidental and intentional risk. Your cloud security program is likely watching for only one, the intentional. Intentional threats are attacks from external sources that are actively seeking to steal your data for monetary or other gain (i.e., hackers). Accidental risk is the result of user error when interacting with cloud workload or security configurations and settings. For example, mistakenly leaving an Amazon Web Services (AWS) S3 bucket open and inadvertently exposing data to public access. CSPM tools are specifically designed to protect against the accidental.
CSPM Tools Offer Protection from Accidental Cyber-Risk
In our view, CSPM tools make tremendous sense. Their value is in risk management and they complement your existing security and compliance controls. By continuously scanning all configurations and settings for alignment with policy and compliance mandates, and automatically remediating those experiencing drift, CSPM tools cover the accidental while your cybersecurity team battles the intentional—leaving no front unsecured.
What Do CSPM Tools Do?
CSPM services provide a useful and compelling function for managing settings and configurations at the cloud infrastructure-as-a-service (IaaS) management control plane. CSPM services:
- Identify your cloud environment footprint and monitor for the creation of new instances or buckets (i.e., shadow IT)
- Provide policy visibility and ensure consistent enforcement across multiple cloud providers
- Scan your compute instances for misconfigurations and improper settings that could leave them vulnerable to exploitation
- Scan your storage buckets for misconfigurations that could make data accessible to the public
- Audit for adherence to appropriate compliance mandates
- Perform risk assessments vs. frameworks and external standards such as the International Organization for Standardization (ISO) and National Institute of Standards and Technology (NIST)
- Verify that operational activities are being performed as expected (for example, key rotations)
- Automatically remediate or remediation at the click of a button—no human intervention necessary
Innovation & Expansion in CSPM Services
We continue to see that organizations that focus solely on CSPM are seeking areas to improve and working hard to bring innovations to the market. They are looking to enhance their core offerings and develop new, connected offerings. Some advancements underway include a next generation of automated remediation and improved reporting including a risk-prioritized view of issues identified by the CSPM that require human intervention. Other capabilities we see emerging include further policy enforcement features and automated provisioning.
As a business, CSPMs are enjoying a growth period as other providers rush to incorporate it into their platforms.
What’s the Future of CSPM?
We can’t predict the future, but we can tell you what our experience is telling us about the future of CSPM. Things to watch for:
- More partnerships with other vendors; we believe security-as-a-service (SECaaS) providers, managed detection and response (MDR) and managed security services providers (MSSPs) will expand their portfolios to include CSPM services
- Expanded capabilities as CSPM providers break out of their space with new, connected offerings
- Increased acquisitions of pure-play CSPM providers by larger organizations
CSPM integrated with your other security and compliance controls can not only assess security and compliance drift but it can automatically—or with minimal human intervention—remediate and correct misalignment between your cloud configurations and settings and mandated security and compliance policy, returning your environment to acceptable levels of risk.
Armor & CSPM
In order to solve the risks associated with how your employees and vendors are using and configuring the cloud, Armor has partnered with RedLock®, a continuous cloud security and compliance posture management solution from Palo Alto Networks, to launch: Armor Automated Security and Compliance—RedLock.. With RedLock, Armor can help clients resolve misconfiguration mishaps (e.g., leaving cloud storage open to the world, exposing an application to the public internet, not enforcing IAM rules, etc.) that might leave their environment vulnerable to breach. Armor Anywhere takes this service a step further by providing protection from intentional attacks launched by threat actors (e.g., intrusion detection, file integrity monitoring, malware protection). Combined, the Armor Automated Security and Compliance protects against accidental and intentional threats to your cloud environments.