Cloud Security Posture Management (CSPM)

IaaS: Infrastructure as a Service. These are the compute resources, Virtual Machines, Containers, Serverless compute.

PaaS: Platform as a Service. Software components made available as a service. Example Database as a service.

SaaS: Software as a Service. Complete application available as a service, example CRM.

Cloud seems simple but is quite complex in terms of the plethora of services available and how you weave all of them in an efficient and secure manner.

There are a few de-facto benchmarks for the cloud namely CIS (Center for Internet Security) and CCM (CSA Cloud Controls Matrix).

It is important for the organization to know the cloud security posture, improve upon it. This is not a one-time activity as the threats keep evolving. Being SaaS applications, they also undergo changes either in the form or major/minor release or bug fixes. The network and security related configuration may also change. So, the posture needs to be assessed on a continuous basis.

The cloud is accessible to the internet, so the vulnerabilities if any are known to the entire world and is highly susceptible. The Mean Time To Remediate (MTTR) is also key. Auto capability will reduce the window of opportunity for the attackers. For example, if a S3 bucket exposure is identified, it can automatically block public access.