The cloud security solutions market is growing rapidly and there are many types of solutions to support your specific business needs. But figuring out the right tool, let alone the right type of tool, can be difficult. Gartner has 5 security archetypes that fall under the broader cloud security management platform umbrella.  This article gives a quick look into the CSPM archetype:

What Is It?
CSPM solutions continuously manage cloud security risk. They detect, log, report, and provide automation to address issues. These issues can range from cloud service configurations to security settings and are typically related to governance, compliance, and security for cloud resources.

CSPM tools focuses on four key areas:

  • Identity, security, and compliance
  • Monitoring and analytics
  • Inventory and classification of assets
  • Cost management and resource organization

In What Context Is It Best Used?
CSPM tools are most effective when used in multi-cloud IaaS environments. They can also protect IaaS elements of mixed deployments.

Benefits and Limitations


  • Provide unparalleled visibility into an organization’s cloud assets and their respective configurations.
  • Provide valuable context by mapping interdependencies between cloud infrastructure, services, and abstraction layers to fully understand the source and scope of risk.
  • Enforce the protection of data by assuring that native and other data security controls are in place.
  • Identify workload issues and potential attack surfaces/exposures by detecting configuration issues/deviation from best practices. They interoperate with native monitoring and alerting to provide effective incident identification and escalation.
  • By integrating with identity platforms or native cloud identity, CPSMs help provide privileged access control to IaaS cloud administration.


Most CSPM limitations are connected to their interconnections with native CSP security controls. For example, CSPMs:

  • Do not apply security at the data, operating system or application layers or provide additional data security controls. However, they will enforce native data and application controls.
  • Do not typically perform vulnerability scanning directly; rather, they rely on native tools and other third-party product outputs.

For a deeper dive into Gartner’s cloud security archetypes, read: A Practical Guide to Gartner’s Cloud Security Archetypes.

Similar resources that you may also enjoy


Feature Release 21.1

With the first few weeks of January underway, we… 

View all Blog Posts

Hundreds of Thousands Immigration and COVID Records Exposed in Jamaica

Jamaica just experienced a massive data breach that exposed… 

View all Blog Posts

2021 Cloud Security Executive Summit Preview

Coming to our Executive Summit on March 9th? Here’s… 

View all Blog Posts