A Guide to Evaluating Cloud Security Posture Management Tools

Back in 2017, surveys said that 83% of all enterprise workloads ran in the cloud, and that the average enterprise used 1,427 distinct cloud services and experienced about 23 cloud-related threats per month. Five years and a pandemic later, these numbers have exploded. With such a dramatic increase in cloud adoption, and given the challenges of the shared responsibility model of the cloud, how can security teams achieve a high level of security inside the organization?

‍

This is where cloud security posture management (CSPM) tools come in. In this article, you’ll get an overview of CSPM, its scope, and the essential capabilities that security teams should look for in cloud security posture management tools.

‍

What Is Cloud Security Posture Management?

‍

Your organization’s cloud security posture is the combined security state of all your cloud resources resulting from your business priorities, security policies, management practices, daily operations, and employee activities.

‍

CSPM refers to actively managing your cloud security posture in a way that reduces the security risks to your cloud infrastructure by following security best practices.

‍

Cloud Services Covered by CSPM

‍

Cloud computing consists of three layers of services:

‍

• Software-as-a-Service (SaaS): SaaS offerings are the cloud applications that provide end-to-end functionality to help your employees do their tasks. They typically have web-based and mobile user interfaces for your employees to interact with. For example, Google Workspace and Box are SaaS apps.
• Platform-as-a-Service (PaaS): PaaS offerings are cloud-based software components that provide essential functionality for SaaS apps. A database like Microsoft Azure SQL Database or a customer relationship management platform like Salesforce are examples of PaaS. End users rarely interact with them directly.
• Infrastructure-as-a-Service (IaaS): IaaS offerings provide low-level infrastructures like servers, networking, and storage required by SaaS and PaaS services. Amazon Elastic Compute Cloud and Google Cloud Platform’s Compute Engine are two examples.

‍

For a typical SaaS customer, CSPM covers the SaaS apps they’re using and any cloud resources they manage directly.

‍

CSPM usually doesn’t include the underlying PaaS and IaaS used by a SaaS because their security is managed by the SaaS provider. However, there are SaaS apps that let customers configure some PaaS and IaaS details. For example, a video rendering SaaS may allow animators to customize the rendering servers. In such cases, the customer’s CSPM should include the security posture of the PaaS or IaaS being used.

‍

CSPM Solutions

‍

CSPM solutions are software systems that enable an organization to assess and improve its cloud security posture. Let’s explore the key features that capable cloud security posture management tools should have.

‍

14 Key Capabilities You Should Look for in CSPM Tools

What factors should you consider when evaluating the effectiveness of a CSPM tool? The 14 capabilities described below are must-haves for cloud security posture management.

‍

1. Multi-cloud and hybrid cloud support

‍

For high availability and disaster recovery, you may be using multiple public cloud providers. Some organizations, for data protection and standards compliance, prefer hybrid clouds that store some data on-premises and seamlessly integrate their local networks and storage with public clouds.

‍

Each model brings its own set of security vulnerabilities and threats. A good CSPM tool should:

‍

• Have excellent knowledge about the security aspects of all these possibilities
• Understand the services and nuances of each cloud
• Integrate with the application programming interfaces (APIs) of all services
• Provide deep visibility into multi-cloud environments at any time

‍

2. Continuous monitoring of highly dynamic cloud environments

‍

The pay-per-use pricing models of public clouds encourage highly dynamic environments where cloud resources like Kubernetes containers or serverless functions are created on-demand and deleted quickly, sometimes within seconds.

‍

But even such short-lived resources may have misconfigurations or vulnerabilities that can be exploited by awaiting malware.

‍

To counter this, cloud security posture management tools should:

‍

• Continuously monitor all cloud access in real time using technologies like cloud access security brokers (CASB) and cloud workload protection platforms (CWPP)
• Look for hints of security problems in the logs and events published by cloud services

‍

3. Automated asset discovery

Estimating the attack surface (i.e., the extent and list of all cloud resources that face security threats) is an important part of security posture management. But how many cloud resources exist? 

‍

A 2017 cloud survey showed that even back then, an average enterprise used 1,427 different cloud services, and the average employee worked with 36 cloud services. With such a variety of cloud services in use, it’s practically impossible to manually survey all cloud assets.

‍

So, a capable cloud security posture management tool should:

‍

• Automatically discover all cloud resources in use, using APIs
• Detect the use of shadow IT services (i.e., cloud services that are not officially approved by an organization but are popular among employees)
• Monitor asset lists and detect changes
• Help security personnel visualize and search assets to get a lay of the land

‍

4. In-depth knowledge of SaaS security

‍

Every SaaS application comes with a unique set of features, concepts, and security best practices. Effective cloud security posture management tools should either be proficient in such details or integrate robustly with cloud-native services that specialize in SaaS security.

‍

5. Data security assurance

Data security concerns like data breaches, unauthorized access, and the sharing of sensitive data are some of the top cloud security challenges for organizations. A good cloud security posture management tool should enable the implementation of data security best practices. 

6. Cloud misconfiguration detection and prevention

‍

Misconfiguration of cloud services remains the biggest threat to cloud security. But we should realize that for an average SaaS user, every configuration setting looks innocent. It’s only the complex, opaque interactions of a SaaS with other systems that transform an innocent-looking setting into a serious security misconfiguration. The average user can’t be expected to understand such interactions and anticipate their security consequences.

‍

An effective cloud security posture management tool should:

‍

• Have in-depth knowledge of SaaS configuration settings and their consequences
• Warn and prevent users from enabling dangerous settings in real time
• Detect risky configuration changes and alert security teams

‍

7. Threat detection and prevention

‍

Inconspicuous features like service accounts can be misused by threat actors. Such misuse gets reported and shared through vulnerability and threat intelligence databases. Capable cloud security posture management tools should:

‍

• Fetch up-to-date information about the latest vulnerabilities and threats 
• Enable security teams to detect them
• Enrich security incidents with data from threat intelligence databases
• Integrate vulnerability detection directly into the DevOps or DevSecOps workflows of software development customers

‍

8. Incident response support

The incident response process activated by a security incident involves detection, investigation, remediation, and recovery steps. Cloud security posture management tools should help security teams execute each of these steps on the cloud services they’re monitoring.

‍

9. Remediation automation

‍

Faced with 11,000 alerts per day on average, security teams require automation to avoid alert fatigue and weed out false positives (i.e., alerts that don’t turn out to be security threats). Cloud security posture management tools should:

‍

• Provide automated remediation for security issues
• Automatically detect and correct misconfigurations
• Support client-side monitoring of cloud activities for automated detection of threats

‍

10. Cybersecurity framework conformance

‍

To help organizations achieve a highly secure cloud posture, experts have created comprehensive guidelines like the NIST Cybersecurity Framework and the CIS Critical Security Controls. Cloud security posture management tools should enable your organization to implement these guidelines for every cloud resource and track the implementation using relevant metrics.

‍

11. Compliance monitoring

‍

Many organizations have to comply with security standards set by government regulations or industry practices, like:

‍

• The Health Insurance Portability and Accountability Act (HIPAA)
• The Payment Card Industry Data Security Standard (PCI DSS)
• The General Data Protection Regulation (GDPR)
• Service Organization Controls 2 (SOC 2)

‍

Cloud security posture management tools should:

‍

• Help the organization stay in continuous compliance with each applicable standard for every cloud resource
• Flag possible policy violations to avoid financial penalties
• Track compliance using metrics
• Generate compliance reports for security audits

‍

12. Integration with existing security and communication systems

‍

For the convenience of your security teams, cloud security posture management tools should integrate with your existing security tools by:

‍

• Sending cloud security events to your security incident and event management (SIEM) system
• Supporting your cloud security orchestration, automation, and response (SOAR) system
• Supplying data to your extended detection and response (XDR) system

‍

Any security alerts and reports should be sent to your existing communication systems like Slack, PagerDuty, or email.

‍

13. Visualizations and actionable findings

Actionable findings, risk assessment reports, and visualization dashboards help your employees understand and improve your cloud security posture without wasting time. Good CSPM tools should have all usability features.

‍

14. Built-in security

‍

Last but not least, a good cloud security posture management tool should ensure that its presence doesn't weaken the security of your organization. CSPM security solutions get extensive administrative access to every cloud resource. In the wrong hands, a CSPM tool can, ironically, become the greatest threat to your cloud security, and possibly even to your business.

‍

To avoid that, good CSPM tools should stringently follow these security best practices:

‍

• Use multifactor authentication for all users
• Follow the principles of least privilege
• Provide limited access to cloud resources only on demand
• Implement scheduled revocation of access permissions
• Log authentication and administrator actions

‍

ThreatKey as a Cloud Security Posture Management Tool

‍

You’ve heard about the 14 key capabilities that a cloud security posture management tool needs to be effective. ThreatKey is a cloud security posture management tool that specializes in SaaS security and provides features like:

‍

• Security for popular SaaS apps: ThreatKey monitors popular SaaS apps like Amazon Web Services, Google Workspace, Microsoft 365, Salesforce, Box, GitHub, Okta, and Slack.
• Automated asset discovery: ThreatKey automatically discovers all the resources created in these apps and generates asset reports.
• Misconfiguration detection and remediation: Built by SaaS security experts, ThreatKey has in-depth knowledge about the security consequences of every configuration change and keeps an eye on all your SaaS apps for such changes. It provides actionable insights and supports automatic remediation for risky changes.
• Continuous monitoring of SaaS logs: ThreatKey continuously monitors SaaS logs for signs of threats and intrusions.

‍

ThreatKey provides invaluable improvements to your cloud security posture. Try ThreatKey for free.

‍