Cloud Security Posture Management: Why You Need It Now
Blog Article Published: 10/01/2019
By Samantha Nguyen, Product Manager, Bitglass
Gartner recommends that security and risk management leaders invest in CSPM (cloud security posture management) processes and tools to avoid misconfigurations that can lead to data leakage. Although it is a relatively new class of tools, this recommendation comes with reason; CSPM allows for just what its name implies: the management of cloud security (i.e. misconfiguration handling).
Emerging and perpetual changes in the cloud make it arduous to keep track of whether or not your data is stored appropriately. As the cloud grows, the need to track and protect against misconfigurations grows in parallel. CSPM allows for monitoring and can be done through a method of automation; queries are run periodically (frequency is dependent on the CSPM tool) and features can allow for automatic alerting to security admins who can appease the problem as soon as it arises.
Events, such as having threat detection on SQL databases misconfigured (CIS v1.0-4.2.3), can leave blatant windows in your cloud open and ready for data breaches. In a recent Capital One breach, upwards of 100 million customers had their information compromised – including their SSNs, credit scores, and addresses, with the data being stored in AWS S3 buckets. The data was able to be exploited due to a “configuration vulnerability,” which is just what CSPM is built to protect against.
New features being developed by leading CASBs, sanctions a broader scope of coverage for CSPM and protecting the information in your cloud from any of these misconfigurations. Because the cloud environment expands across a plethora of areas, CSPM allows organizations to consolidate all potential misconfigurations to a transparent platform to relay information from. Using CSPM allows for the capability to view compliances with frameworks, such as CIS v1.1, HIPAA, or SOC 2; this in turn strengthens confidence in your organization’s product and cloud data security.