Cloud Security Posture Management (CSPM) is a category defined by Gartner to address the growing needs of public cloud IaaS and PaaS services to address the challenges of misconfiguration. According to Gartner, nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. A single misconfiguration can expose hundreds of thousands of systems or highly sensitive data to the public internet.
In fact, many of the “data breaches” that are written about in the news are often a cloud storage bucket containing sensitive data that is accidentally exposed to the internet. For example, in a recent Facebook data breach, two unsecured AWS S3 buckets accidentally exposed 540 million Facebook member records. The exposed data revealed among other things, the comments, Facebook IDs, and much more of the private sentiments of the owners of the Facebook accounts. This is just an example of one type of misconfiguration. Others include the lack of encryption on data or overly permissive user permissions or network access rules.
Why are misconfigurations so prevalent? Misconfigurations are possible due to at least four factors.
All of these factors are compounded by the lack of visibility into cloud infrastructure. Many enterprises have no idea what type and how many cloud resources are running and how they are configured. As a result, serious cloud misconfigurations often go undetected for days, weeks, or even longer.
Why is CSPM Important?
Because cloud infrastructure is constantly changing, CSPM tools and solutions continuously monitor cloud environments and identify gaps between stated security policies and actual security posture. The goal is to reduce the possibility of a data breach and minimize the damage in the event an attack was successful in gaining access to your cloud environment. These tools and processes should be extended into the development process to identify and remediate cloud risks. According to Gartner, this will reduce cloud-related security incidents due to misconfigurations by 80%.
Some of the benefits of CSPM include:
- Continuous visibility into multiple cloud environments of policy violations.
- Optional ability to perform automated remediation of misconfigurations.
- Leverage of prebuilt compliance libraries of common standards or best practices such as CIS Foundations Benchmarks, SOC 2, PCI, NIST 800-53, or HIPAA.
CSPM offerings in the market today are typically focused on addressing the following types of policy violations:
- Lack of encryption on databases or data storage.
- Lack of encryption on application traffic, especially that which involves sensitive data.
- Improper encryption key management such as not rotating keys regularly.
- Overly liberal account permissions.
- No multi-factor authentication enabled on critical system accounts.
- Misconfigured network connectivity, particularly overly permissive access rules or resources directly accessible from the internet.
- Data storage exposed directly to the internet.
- Logging is not turned on to monitor critical activities such as network flows, database access, or privileged user activity.
In modern cloud operations, security must be integral to the software development process rather than bolted on after the fact as a security analysis function. To learn more about how Fugue can help you gain full visibility into your cloud security posture and stay in continuous compliance, visit fugue.co.