<aside> 📘 relates:
主要是 CSPM、DSPM,核心点如下:
除此之外还有一些其他的概念:
总的来说,一个大趋势就是跨云、下云,让用户摆脱云的控制。 而且部署方式也从 agent 到 agentless 的演变,提供安全 SaaS 云, 以 API 的形式对多云进行远程扫描。
</aside>
Cloud Security Posture Management
Cloud Security Posture Management
Where did all these acronyms come from? What do they mean? And more importantly, how can they help you figure out how to secure what you’re building in the cloud?
These “C” acronyms typically come from the hard work of analysts at firms like Gartner, Forrester, and 451 Research. Despite adding a bit of confusion, these acronyms are actually a tool for simplicity.
Each of these terms tries to encompass a set of solutions that are trying to solve a problem through similar approaches. They are a vendor-neutral way of making sense of the jam-packed cloud security. market. As a builder, you can use these acronyms to get a quick idea of what a tool is trying to do without having to parse its marketing message and positioning.
Now, the downside is that not every solution fits into a clear box. You’re going to see a number of aspects of each of these categories in various products and in open source projects, depending on the underlying principles of that tool. And that’s okay.
The acronyms still serve an important first filter to help you find the right combination of tools for your environment.
Here in this article, We’re going to focus on the acronyms that apply to tools meant to protect what you’re building in the cloud.
It stands for cloud security posture management.
Now there’s a technical definition somewhere, but what it really boils down to is monitoring
The logs and configurations of the services you’re using with your cloud service provider, like AWS, Microsoft Azure, or Google Cloud.The goal is to ensure that nothing is misconfigured and things line up with what you’re expecting.
CSPM tools have more advantages like helping you meet compliance requirements, implementing best practices. And more.
Now, while the PM stands for posture management.