Engineering
Security
What is a Cloud Security Posture Management (CSPM) platform?
Many data breaches come from misconfigurations in cloud infrastructure, such as Public S3 Buckets or Over-Permissive access to sensitive data (on-screen: PII, client lists, transactions, etc.).
This is an even higher risk in complicated cloud deployments or multi-cloud environments, as teams (that are usually already spread too thin) have to maintain access control, firewalls, and VPNs, as well as monitor software and library versions to ensure they have the latest security patches deployed at all times.
Cloud Security Posture Management (CSPM) helps these teams reduce both the workload and cognitive load of maintaining a cloud estate.
What is Cloud Security Posture Management (CSPM)? #
A Cloud Security Posture Management platform is a collection of Tools and Analytics designed to ensure Security and Compliance within your cloud infrastructure.
The goal of your CSPM platform is to provide automated Visibility, Evidence, and Reporting.
By collecting all of the available security data into one easy-to-query database, a CSPM simplifies the prioritization and remediation of issues, which reduces the risk of human error and the overall workload involved.
The core of a CSPM platform is a database that acts as the central hub for all available security information - from DAST (Dynamic Application Security Testing) platforms like StackHawk, to Infrastructure Security Scanners like Snyk’s Infrastructure As Code scanner, to cloud platform threat detection services like AWS’s GuardDuty and Inspector services.
ELT (Extract-Load-Transform) solutions like CloudQuery are essential for collating all the data from these different sources and populating the database - as they remove the effort required to maintain integrations with all the disparate sources.
The next major component of a CSPM platform is the dashboards which are responsible for making the core database more accessible while highlighting the key concerns.
Finally is the alerting solution, which triggers notifications to the relevant team members if an issue gets a risk evaluation that’s above a certain threshold.
How do CSPMs help Platform Engineers, DevOps, DevSecOps, and CISOs? #
CSPMs are essential when handling sensitive data such as PII (Personally Identifiable Information), Payment Card Information, or, frankly, any non-public/privileged data. As they will surface all known risks, enabling you to triage and mitigate them before they are exploited.
When coupled with a Cloud Asset Inventory, a CSPM can significantly improve Time-To-Fix for security-related tickets while reducing the number of unreported issues - preventing breaches before they happen.
A good CSPM can also enable more efficient root-cause analysis and postmortems when issues are discovered (or exploited).
Where can you get a CSPM? #
While some public cloud providers offer some dashboards, these are generally quite limited. With providers that have a wide array of products, you are likely to see drastically differing levels of coverage per product by their internal tooling. External platforms or purpose-built self-hosted ones have thus become the gold standard - especially in multi-cloud environments where unifying the available information from each platform is essential.
We’ll be releasing a new tutorial on creating a CSPM using CloudQuery, Postgres, and Grafana in the new year. So make sure you keep an eye out for it by subscribing to the CloudQuery YouTube channel and enabling notifications by clicking the bell icon!
This article is also available as a video on YouTube, Cloud Security Posture Management: What is CSPM and Why should you care?
Ready to get started with CloudQuery? You can try out CloudQuery locally with our quick start guide or explore the CloudQuery Platform (currently in beta) for a more scalable solution.
Got feedback or suggestions? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Written by Tim Armstrong
Tim is a developer advocate and software engineer with experience in creating content and tutorials for programming, application security, networking and devops.