Cloud security posture management
What is it?
Cloud security posture management validates your configuration in cloud environments (usually public clouds), it includes but not limited to:
- Auditing and monitoring of cloud infrastructure
- Real-time threat activity monitoring
- Flag misconfigured settings, e.g., exposed assets, unencrypted data at rest, overpermissive privileges, unexisting 2FA, untested DR policies.
- Enable remediation via automation and on demand processes
Challenges
- Variety of infrastructure assets makes it difficult to put together a comprehensive strategy
- Setups usually span multiple regions, vendors, services increasing difficulty to manage
- Mature services might have a a large number of configuration options
- Operations via multiple stakeholders with competing priorities, e.g., Devs, Sec team, infra team.
- Fluid environments with regards to infrastructure, versions, setup, operators
- Compliance, regulations, standards etc.
Recommendations
- Build into compliance requirements, visibility across multiple clouds to aggregate security in a single dashboard
- Shift left in security by evaluating infrastrucutrue using scanners, automated report features, validators, authorizations, and infrastructure as code (i.e., configuration drift, compliance)
- Monitoring events that might impact security such as configuration changes, API calls– and implement secure default rules
- Use third party reports and checks across all infrastructure: CIS Benchmarks, HIPPA, PCI, NIST, AWS Well-Architected Framework, etc.
- Combine auto remediation and manual fixes that stay consistent and are timely applied
- Leverage external tools that can be integrated and updated across providers, tools, authentication methods via API, SDK, Plugins, etc.