The cloud security solutions market is growing rapidly, and there are many types of solutions to support specific business needs. But figuring out the right tool-let alone the right type of tool-can be difficult.
This article gives a quick look into the different types of solution:
Cloud Access Security Broker (CASB)
A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud based software that placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
Cloud Workload Protection Platform (CWPP)
A Cloud Workload Protection Platform solution discovers workloads that exist within an organizationās cloud-based deployments and on-premises infrastructure. Once these workloads have been discovered, the solution will perform a vulnerability assessment to identify any potentially exploitable security issues with the workload based on defined security policies and known vulnerabilities.
Based on the results of the vulnerability scan, the CWPP solution should provide the option to implement security controls to fix the identified issues. This can include solutions such as implementing allow lists, integrity protection, and similar solutions.
In addition to addressing the security issues identified in vulnerability assessments, Cloud Workload Protection Platform solutions should also provide protection against common security threats to cloud and on-premises workloads. This includes runtime protection, malware detection and remediation, and network segmentation.
Cloud Security Posture Management (CSPM)
Discovery and visibility:Ā CSPM offers visibility into cloud assets and configurations. It establishes a single source of truth across all cloud environments, which ensures organizations can automatically discover activity around metadata, misconfigurations, networking, and security changes. It also enables the management of security policies across accounts, projects, regions, and virtual networks via a single console.
Misconfiguration management and remediation:Ā An important role that CSPM plays is to eliminate and remediate cloud security risks. It does this by comparing cloud application configurations against industry and organization benchmarks, which enables violations to be quickly identified and remediated. This helps organizations discover issuesāsuch as misconfigurations, open ports, and unauthorized modificationsāthat could leave cloud resources exposed and ensures developers are less likely to make costly mistakes. CSPM also monitors data storage locations, ascertains that the appropriate permission levels are in place, and ensures that database instances, which are responsible for backups, encryption, and high availability, are all enabled.
Continuous threat detection:Ā CSPM takes a targeted approach to threat identification and management, which enables organizations to proactively detect potential threats. It focuses on the areas that attackers are most likely to target, which reduces the number of alerts, prioritizes vulnerabilities based on the cloud environment, and prevents vulnerable code from reaching the production stage. CSPM also continuously monitors cloud environments for potentially malicious activity and unauthorized access events through real-time threat detection.
DevSecOps integration:Ā CSPM reduces organizationsā overheads and removes the complexity and friction from managing multi-cloud accounts and providers. It provides a cloud-native and agentless posture management process that offers centralized control and visibility across all cloud resources. This gives DevOps and security teams a single pane of glass, enabling them to prevent compromised assets from navigating across their application life-cycles. Organizations can also integrate CSPM with their security information and event management (SIEM) tool, which provides additional insight and greater visibility into policy violations and misconfigurations. Furthermore, integrating DevOps toolsets with CSPM ensures quicker remediation and response.
Cloud Infrastructure Entitlement Management (CIEM)
- Provides visibility into who and what can access cloud resources.
- Replaces time-consuming intervention to remediate overly permissive access and entitlements.
- Protects sensitive data.
- Prevents overly permissive or unintended access.
- Enables and empowers audit and compliance functions.
Cloud-Native Application Protection Platform (CNAPP)
A cloud-native application protection platform is a simplified and comprehensive security solution that enables organizations to benefit from the cloud-native ecosystem and secure their cloud-based business applications.
CNAPPs can help you keep your cloud secure by focusing on vulnerabilities early in the app development process. CNAPPs involve scanning infrastructure-as-code (IaC) templates for configuration settings before deployment or looking at pods/clusters for container image vulnerabilities on platforms like Kubernetes.
Summary
As you can imagine there are some overlap with each cloud security solutions. The most comprehensice solutions are those that can that be incorporated into a single solution. For each, an organization may need both CIEM and CSPM without CASB. Ultimately the best solution are choosen based on organization Risk appetite and their maturity level in the cloud.
How Can ITM Help You?
IT Minister covers all aspects of Cyber Security including but not limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Mobile Device Management, Cloud security best practice & architecture and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.