For example, it was enough for a bad configuration of Amazon S3 storage for a specialized recruitment firm to disclose, without its knowledge, the personal information and the level of security clearance of thousands of candidates in the US private military sector.
A complex and ever-changing cloud ecosystem
Companies often use not one but multiple clouds. They typically work with a variety of vendors, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). This leads to the dispersion of resources across multiple instances, which complicates inventory and tracking tasks compared to on-premises hosting. It is also difficult to keep up with the rapid evolution of the underlying technologies: in March 2021 alone, the GCP release notes were almost daily.
To be able to control the security of this ecosystem, it is therefore necessary to have visibility on all these clouds. It is also necessary to be able to follow the impact of all the SaaS applications used by the different departments of the company: check the right settings during the implementation and with each evolution! That’s why it’s very useful to be able to rely on a single, unified tool like CSPM, because according to Gartner, “by 2025, 99% of cloud security breaches will be related to a client-side error.”
CSPM simplifies centralized cloud management
Used in addition to secure cloud access gateways (CASBs) and cloud processing protection platforms (CWPP), cloud security posture management (CSPM) tools verify that your configurations comply with best practices: they improve compliance with cybersecurity standards such as CIS Benchmarks™ but they also contribute to your industry compliance (PCI, HIPAA) and regulatory (GDPR, etc.).
Their operation is based on the continuous monitoring of the compliance of the configurations of the deployments in the cloud. The CSPM sets limits on allowed settings or behavior in the cloud. As a result, there are fewer configuration defects and uniform application of best practices, even in the case of complex systems.
In addition to the centralized management of cloud environments, CSPM tools have the advantage of integrating the notion of remediation. This ability to act in addition to detecting is comparable to that of EDR (Endpoint Detection & Response). Where the antivirus only detected (partial) problems on the terminals, the EDR has the ability to analyze and act or react.
How to set up a CSPM solution?
Like the CWPP offering analyzed here by Gartner, the CSPM market is very rich and active. The first step is therefore to select your partner carefully. This choice is all the more important as the responsibility is often shared between hosts and service providers. It is also necessary to check the functional redundancies beforehand.
Then, it is recommended to adopt a well-framed “project” approach that brings together security specialists but also and above all cloud players (CISO and his teams, cloud architects, DevOps experts, etc.). For Benjamin Leroux, Marketing Director Advens, “You have to go step by step, starting with a pilot perimeter: for example, a large group will test a combination of AWS and GCP on a geographical area or a function of the company before extending it to other markets or services.” Security features can then be added and integrated into existing solutions. Thus, CSPM alerts will go back to the SOC for better supervision, for example.
The CSPM is therefore an example of technology that it is good to let be managed by a trusted third party. The latter will be constantly aware of new security issues thanks to a specialized watch. It is also easier for a dedicated, trained and available service provider to process the amount of information reported by such a solution.