What is Cloud Security Posture Management (CSPM)

Cloud Security Posture Management solutions continuously manage cloud security risk. It detects, logs, reports, and provides automation to address issues. These issues can range from cloud service configurations to security settings and are typically related to governance, compliance, and security for cloud resources.

Solving Cloud Security Issues

An enterprise CSPM tool, like DivvyCloud, is designed to effectively manage the perpetual shift of cloud infrastructure. By combining continuous real-time monitoring and a range of automation (including automated remediation) a CSPM, along with the right cultural approach and processes, can enable an organization to solve cloud security issues around governance of multi-cloud, compliance based on a range of standards (CIS, NIST, HIPPA, etc), and security concerns tied to common misconfiguration issues.

If you’re interested in reading more we wrote a blog on understanding the term CSPM here, or you can check out other information on our resources page.

Gartner routinely recommends
CSPM tools as elemental to
cloud security by stating:

“Nearly all successful attacks on cloud services are the result of
customer misconfiguration, mismanagement and mistakes. Security
and risk management leaders should invest in cloud security posture
management processes and tools to proactively and reactively
identify and remediate these risks.”

Resources from Gartner

An enterprise CSPM tool, like DivvyCloud, is designed to effectively manage the perpetual shift of cloud infrastructure. By combining continuous real-time monitoring and a range of automation (including automated remediation) a CSPM, along with the right cultural approach and processes, can enable an organization to solve cloud security issues around governance of multi-cloud, compliance based on a range of standards (CIS, NIST, HIPPA, etc), and security concerns tied to common misconfiguration issues.

Compare us to the rest of the market

Cloud security is evolving rapidly and evaluating solutions and their capabilities represents a significant challenge.  Vendors differ highly in terms of maturity, breadth and depth of feature sets and usability, which makes it difficult to identify the best solution.  We have built this framework to make it easier for organizations to establish common criteria to objectively evaluate and compare competing products.

Justification

As enterprises place more services in public cloud, it is becoming increasingly complex and time-consuming to answer the question “are these services configured securely?” For example, assessing the secure setup and configuration in Amazon Web Services (AWS) across more than 100 different services is extremely difficult. Even simple misconfiguration issues such as open S3 buckets represent significant risk (as evidenced by multiple publicized data disclosures from publicly exposed S3 buckets in 2017 and 2018).

Definition

If you’re interested in reading more, we wrote a blog on understanding the term CSPM here, or you can check out other information on our resources page.

Cloud security posture management offerings analyze the correct and secure configuration of the control plane infrastructure of public cloud services, typically for IaaS, but also PaaS and SaaS. CSPM offerings analyze settings such as account privileges, network and storage configuration, and security settings such as encryption. Ideally, if a setting is noncompliant, the CSPM offering can take action, including remediation.

Guide

2020 State of Enterprise Cloud and Container Adoption and Security

We surveyed nearly 2,000 IT professionals throughout the 2019… 

View all Blog Posts
Guide

2020 Cyberthreat Defense Report

DivvyCloud is proud to sponsor CyberEdge’s 2020 Cyberthreat Defense… 

View all Blog Posts
Video

The Cloud Security During Mergers and Acquisitions (M&A) Webinar

Evaluating and managing cloud security risk during the Mergers… 

View all Blog Posts