- August 27, 2020
- 4 minute read
The rapid adoption of cloud services, along with an increasing number of cloud infrastructure and platform services, has created an explosion in complexity and unmanaged risk. While IaaS providers deliver basic configuration and risk assessment capabilities, they only address their own services, which doesn’t account for the hybrid and multi-cloud capabilities that most enterprises require. And although the underlying cloud provider infrastructure is secure, most enterprises don’t have the processes, tooling maturity or scale to use the cloud securely.
In this article we’ll discuss cloud security posture management best practices.
The cloud has fundamentally changed the way organizations build, operate, and manage applications. The uniqueness of cloud requires security teams to rethink classic security concepts and adopt approaches that better address dynamic and distributed cloud infrastructure.
Unfortunately, many security teams have yet to rethink how existing security practices within their organization are ill-fitted for the cloud world. Practices such as asset management, incident response, and internal training/education, which were originally built for on-premises environments, are now outdated and unable to support proper security posture for cloud infrastructure.
According to Gartner, by 2020, 95% of cloud security issues will be the result of misconfiguration and you can see that businesses face tremendous challenges ahead. As organizations look to migrate applications and data to the cloud, they are realizing that many of their IT staff lack cloud security expertise. The cloud represents a fundamentally different approach to computing and the security differences between the cloud and traditional on-premise infrastructures are night and day, and many IT staff lack cloud security expertise to ensure their new infrastructures are properly protected.
As the cloud grows, so too does the playing field of participants. Between infrastructure management (IaaS, PaaS, fPaaS, SaaS, Raas) security, CI/CD, and trying to navigate all of the nuances in between, it’s difficult to keep track of what each category of tooling includes. Within the cloud security space alone there are CASBs – Cloud Security Access Brokers, CWPPs – Cloud Workload Protection Platforms, and CSPM – Cloud Security Posture Management.
At the very top of the pyramid of cloud services are CMPT, or Cloud Management Platform and Tools. This is a huge umbrella of categories and as a subset is a CMP or Cloud Management Platform that includes numerous categories.
According to Gartner, CASB, CSPM and CWPP tools offer an overlapping set of capabilities to address cloud risks, but no single group performs all the features of any one of the others. CSPM concentrates on security assessment and compliance monitoring, primarily across the IaaS cloud stack.
Cloud Security Posture Management (CSPM) automatically assess your cloud environment against best practice and security violations to provide the steps required to remediate them – often through automation.
With the widespread adoption of IaaS, data breaches through mismanagement of IaaS usage are becoming a commonplace. Nearly all successful attacks on cloud services resulted from customer misconfigurations. The main use is to verify that cloud configurations are following security best practices such as CIS AWS/Azure/GCP benchmark.
Most common CSPM solutions:
Typical CSPM services conduct these activities on a continuous basis and can include automation capabilities to correct issues without human intervention or delay.
Automate compliance and align with cloud standards
Assessing your security and compliance in the cloud requires your approach to take into consideration the dynamic nature of cloud objects and benchmark against rules specific to the cloud provider and service type
Prioritize security violations by quantifying risk
The amount of violation alerts security owners receive everyday can be overwhelming.
Enforce security checks in Dev pipelines
The lifespan of many objects in the cloud can be extremely short-lived. How do you enforce security in the cloud when your applications are constantly spinning up and down new resources every other minute? Even if your applications are not dynamic, figuring out security gaps late in production can be extremely expensive.
The uniqueness of cloud requires security teams to rethink classic security concepts and adopt approaches that better address dynamic and distributed cloud infrastructure. Cloud Security Posture Management (CSPM) automatically assess your cloud environment against best practice and security violations to provide the steps required to remediate them – often through automation.
If you have any questions about how we can help you optimize your cloud costs and performance, contact us today to help you out with your performance and security needs.