February 18, 2021 By David Bisson 4 min read

Starting off on the right foot in digital defense today means having good Cloud Security Posture Management (CSPM). Although it can be challenging to adopt, this set of strategies and tools manages and orchestrates cloud security in ways other tactics don’t. It shows gaps might arise between organizations’ stated cloud defense policies, their actual posture or their overall defenses in the cloud. Let’s take a look at why this is important and how it can be used in the real world.

What Does Cloud Security Posture Management Protect Against?

Seven in 10 organizations experienced cloud computing security incidents some time in 2019, Solutions Review reports. Part of the reason these events keep occurring is that organizations aren’t getting their cloud security right. Most successful attacks on cloud services are the result of misconfigurations and mistakes, Gartner notes. The research firm went on to forecast that 99% of such attacks through 2025 would be the customer’s fault.

These findings highlight the need for groups to better protect themselves in the cloud. That begins with turning to Cloud Security Posture Management tools.

A Real World Example

You can’t shore up your posture if you don’t understand how security works in the cloud. After all, it’s not like classical perimeter defense where the enterprise has complete control over their infrastructure. They can’t manage everything in-house, because they’re using infrastructure that’s owned by someone else. That landscape could be potentially serving other clients.

The Amazon Web Services (AWS) shared responsibility model illustrates the difference between traditional and cloud security well. Cloud defense is shared between a cloud service provider (CSP) and a customer. For its part, the CSP keeps an eye on defense of the cloud by protecting the hardware, software, networking, facilities and other infrastructure that runs the services offered within the cloud. At the same time, the customer must shore up defenses in the cloud by safeguarding customer data, putting identity and access management (IAM) measurements in place, configuring their firewalls and protecting network traffic, depending on the type of cloud deployment model they use.

Barriers to CSPM Entry and How To Overcome Them

It’s this security in the cloud where CSPM provides the most meaningful benefit. You can use CSPM to spot and visualize risks to your cloud security. To do this, you need to understand the risks and threats confronting you in the cloud. CSPM requires that your team monitor for misconfigurations, vulnerabilities and risks to align their cloud security policies and postures.

This puts them face-to-face with some common computing security issues.

Whose Job Is It?

First, many don’t understand the shared responsibility model. In a 2020 study, only eight percent of respondents say they fully understood it with respect to their cloud deployments. This is a problem. If defense teams don’t understand what they need to do, there’s a chance they could leave themselves open. They could also fail to look into the types of options provided by their CSP. This might lead to doubling up on some of the things your cloud can already do.

Be Realistic About Your Users

Some don’t take what users are actually doing into account. Remember, users connect to the cloud using a lot of different devices, networks and locations. In this dynamic and dispersed environment, someone could compromise a real user’s account and then abuse that access to move to other parts of the network — and never be spotted.

Expect More From Vendors

Lastly, many don’t have high enough standards for their integrated vendors. As part of their ongoing move into the digital world, your enterprise might decide to streamline some or all of their supply chains. Many do this by adding third-party vendors into the cloud. Such a decision could make business more effective and productive. But it could also open up a new attack vector through which malicious actors could gain access to your cloud environments.

Having an understanding of those and other cloud security threats is only the beginning. It’s then up to you to use that knowledge in the context of Cloud Security Posture Management to make sure you’re keeping up with relevant regulatory standards and frameworks, adding security into DevOps procedures and responding to potential incidents.

How to Strengthen Your Cloud Security Posture

To strengthen your cloud security posture, you need to first find out where you stand. You can do this by undergoing a security maturity assessment. This exercise will provide a risk baseline to use going forward.

From there, tackle the risks and threats you’ve encountered from the examples above. Here are some ways to do that:

Assuming the enterprise has already migrated to the cloud, you can talk with the CSP about all of the security options that they have available and what’s expected of you under their cloud deployment model. You can then remove any products that might be doing the same thing the CSP can do.

An enterprise can also consider using the principle of least privilege across their entire infrastructure and not just their cloud environments. You could boost this even further by adding more access controls and watching user behavior for strange movements. All of this can take place within the context of a zero trust network.

Finally, hold vendors to account for their own defensive postures. You can do this by mandating vendors to complete service-level agreements that specify the types of security measures they must implement in order to continue to do business with you.

The Beginning of a New Era

Only by knowing your cloud security postures can you find the right tools and make the right investments that will protect your organization against cloud-based threats. It’s important to realize that security postures in the cloud are always changing and cloud-based threats are always evolving. That’s why organizations should consider assessing their postures often with Cloud Security Posture Management and approaching the task of strengthening their cloud security postures as an ongoing process.

More from Cloud Security

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today