Definition
Many organisations rely on public cloud infrastructure to run their organisations. But far too much of it is misconfigured or mismanaged. The result: costly and damaging data breaches.
That’s where cloud security posture management (CSPM) can help. CSPM is the strategy and software used to manage cloud resources. It alerts IT teams of misconfigurations and reveals vulnerabilities that attackers could exploit.
Cloud platforms are generally very secure. But IT teams may misjudge potential threats. Some may simply neglect to properly configure their cloud-based resources. Faulty configurations have caused some of the biggest cloud data breaches to date.
CSPM ensures that cloud resources are:
- Audited.
- Organised.
- Properly configured.
- Maintained.
- Secured.
- Complaint with laws and legal guidelines.
Identity, Security, and Compliance
Regulated businesses need to follow industry rules and meet compliance standards. That means they must choose a cloud solution that adheres to such guidelines. Not doing to can lead to hefty fines for violations.
Off-boarding IT resources to a cloud infrastructure can be done in a compliant manner. Doing to requires it to first be configured properly. Beyond that, the cloud platform must integrate with the right identity-management, data-security, auditing and monitoring tools. Doing all of these can be a challenge for IT and security teams unfamiliar with the way cloud hosts work.
At the very core of compliance and data security is identity management. This staple is critical to giving users the access they need to do their jobs without putting data at risk. Beyond managing access, the organisation must audit and monitor data activity. These are a required as part of every modern compliance standard. Most cloud providers have tools that integrate directly with the identity management controls organisations already use.
Audit controls can reveal who requested access. But watching what those users do is also a part of compliance. Monitoring tools can spot risky access requests that are often signs of network and account compromise. They can also notify administrators that access controls are poorly configured.
Most cloud providers say that their offerings are compliant. But it’s the responsibility of the organisation to ensure this is the case before they transfer data. Many of the IT requirements laid out by compliance regulations involve CSPM strategies to protect data and monitor for compromise.
Monitoring and Analytics
Any on-premises internal network should have monitoring and analytics. But public cloud infrastructure has an even bigger attack surface; the chances of misconfigurations are much higher. That’s why organisations must pay more attention to monitoring tools and analytics. These tools can help IT and security teams better understand the way infrastructure is used and the access requests made to each resource.
Most big-name cloud providers offer advanced monitoring tools. Many even include artificial intelligence (AI) to detect suspicious traffic patterns. If an IT team misconfigures access to a digital resource, monitoring tools can uncover the issue.
Suppose a resource has only a few users assigned access. If many access requests suddenly occur during off-peak hours, monitoring tools can detect this behaviour and alert IT or security team.
Monitoring and analytics work together to inform IT teams on the way cloud resources are used. Analytic reports display:
- Peak hours of use.
- Bandwidth usage.
- What resources are used and not used.
- Which resources cost the organisation the most money to continue using.
Inventory and Classification
Large enterprise networks can have thousands of devices across several geographies. Inventory management tools map out the network infrastructure and whether connected devices are updated and approved. Inventory auditing and classification of infrastructure give IT and security teams a full overview. They can see not just attached network devices but how important they are.
Classifying components is essential. This step enables IT staff to prioritise what to protect—or recover should something go wrong. For instance, the main production database server is probably more critical a than a backup reporting server.
Cost Management and Resource Organisation
For larger organisations, resource usage can get out of control if it isn’t well tracked and managed. If IT retires a server, the server can be deprovisioned in the cloud, saving the company money on IT resources.
If an organisation only has a few assets, keeping track of where budget money is allocated is easy. But when hundreds of cloud resources are provisioned across different departments, old assets may be forgotten and neglected.
These “zombie” resources can cost upwards of thousands of dollars in wasted infrastructure. Worse, they can create cybersecurity issues from unpatched systems and deprecated software. These resources should be organised in a way that keeps them from becoming the source of a critical corporate compromise.
CSPM works to organise resources better so that no infrastructure goes unpatched, whether it’s router firmware or an operating system update on a critical server. This could be in the form of tools that perform asset tracking management or strategies that help IT staff audit resources. Cloud providers have reporting features that make it easier to track assets so that they are not forgotten and unmaintained.
Misconfiguration Detection
Misconfiguration detection is probably the most important component of CSPM. Gartner estimates that 90% of organisations that fail to configure cloud resources properly will expose sensitive data to the public. And 99% of these data breaches will be the fault of the cloud customer due to poorly managed or configured resources. Since the rise of cloud computing, some of the biggest data breaches have been cloud storage misconfigurations on Amazon Web Services (AWS).
IT teams that set up cloud resources also need a strategy for the way they are maintained, configured and provisioned. CSPM provides guidelines on the way resources should be secured and monitored.
Compliance standards also give administrators guidelines to secure cloud resources. CSPM offers monitoring services that detect whether any resources are misconfigured—and therefore might expose sensitive data—before attackers find the data.
Searching for a CSPM Solution
Finding CSPM tools that can fully support corporate resources can be tricky. A corporation may be small when it first sets up a cloud provider. But it will likely need a solution that can scale as its needs grow.
Here are things to consider when looking for the right solution:
- Strategies and solutions should be easy to set up and integrate into existing cloud resources. Solutions and strategies should be flexible enough to fit into currently provisioned resources without sacrificing performance or security. That includes any future resources to be added later.
- Applications can be updated across all cloud assets. While the cloud provider maintains the hardware, organisations are responsible for updating any software they install. Some organisations choose to work with a managed service provider (MSP) to keep up with updates and patches.
- Scalability is critical for growing organisations. If a CSPM solution is customised for a few resources and can’t scale across all infrastructure, it can lead to IT chaos and lost assets. Cloud providers segment resources by geography, so solutions must also scale across the globe.
- Understand that cloud security must support resources on the internet and differs from local on-premises support. On a local network, internal resources are generally cut off from the public internet. With cloud resources, they are inherently available to the public internet unless configured otherwise. Cloud resources must constantly be monitored for configuration issue.
Configurations are the responsibility of corporate administrators. Administrators must understand that proper configuration is not the cloud provider's responsibility. An MSP can help properly configure all cloud resources, including monitoring applications, to help administrators detect issues.
What Is CASB (Cloud Access Security Broker)?
Learn what cloud access security broker (CASB) is and its definition. Find out how it helps organisations gain visibility and control over app usage and sensitive data in the cloud.
What Is Cloud Security?
Learn about cloud security. Proofpoint shares what it is, how it works and why it's important. Read more about protecting against cloud security issues and threats.
Proofpoint Named a Challenger in the 2020 Gartner Magic Quadrant for CASBs
Proofpoint was recognised in Gartner’s Magic Quadrant for Cloud Access Security Brokers for the third year running.
Webinar: How to Stop Cloud Threats by Leveraging CASB With a People-Centric Cybersecurity
Once your organisation migrates to the cloud, protecting your people and the data they create becomes more challenging and critical than ever.
Webinar: How to Protect and Govern Your Cloud with Proofpoint CASB
Join us for a live demo of Proofpoint Cloud Access Security Broker (CASB) and other cloud security products.
Live Demo: Achieve People-Centric Security with a CASB Innovator
Proofpoint provides the only CASB solution to meet the needs of security people serious about cloud threats, data loss and time-to-value.