<aside> 📘 relates:

• 6 Categories of Cybersecurity Posture | LinkedIn
• CSPM, CWPP, CASB, CIEM, CNAPP| Explained | by Saiteja Bellam | Fournine Cloud
• Data Security Posture Management (DSPM) – The Definitive Guide
• DSPM Deep Dive: Debunking Data Security Myths
• What Is CSPM? - Palo Alto Networks

TL;DR;

主要是 CSPM、DSPM，核心点如下：

1. vendor independent，不依赖于某个云，而是关注于跨云管理
2. DSPM 以数据为核心，关注敏感数据发现，尤其是数据在哪、谁在访问、访问方式等
3. CSPM 以配置为核心，提出云时代最大的安全风险就是配置错误

除此之外还有一些其他的概念：

1. CWPP 这是比较传统的云主机防护 agent
2. CASB 跨云 API 的跳板机
3. CIEM 跨云的权限管理（IAM）

• IAPM 感觉和 CIEM 类似

1. NSPM 跨云的网络策略管理
2. ASPM 安全左移，更关注 dev 侧的安全发现

总的来说，一个大趋势就是跨云、下云，让用户摆脱云的控制。 而且部署方式也从 agent 到 agentless 的演变，提供安全 SaaS 云， 以 API 的形式对多云进行远程扫描。

</aside>

Cloud security posture management (CSPM) is both a practice and a technology designed to detect and prevent the misconfigurations and threats that lead to sensitive data breaches and compliance violations. With strong CSPM, security teams can eliminate cloud blind spots, achieve compliance and proactively address risks.

Cloud Security Posture Management Explained

Cloud security posture management (CSPM) is a means of mitigating risk and compliance violations by identifying and remediating misconfigurations across public cloud environments. CSPM tools help security and compliance teams by providing automated visibility, continuous monitoring and remediation workflows for their infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).

Organizations generally adopt CSPM as a standard security practice when they migrate their applications to various cloud providers, such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). As part of the cloud security shared responsibility model, CSPM tools can help client organizations in many ways.

Employing a CSPM solution is a customary first step to securing cloud configurations and keeping private data secure. Cloud-native computing is here to stay, and cloud security posture management tools play a critical role in providing vital visibility and misconfiguration detection and response.

Benefits of Cloud Security Posture Management

CSPM offers numerous benefits through autodetection and remediation of configuration errors, abuses, threats and compliance issues.

CSPM Provides Visibility

Gaining visibility into all cloud services distributed across cloud providers is both essential and challenging. CSPM solutions provide centralized visibility across cloud and multicloud environments by analyzing and normalizing data sources as well as creating a detailed inventory of cloud resources and assets.

Some CSPM solutions provide continuous real-time visibility, while others collect periodic snapshots of cloud asset inventories. A CSPM solution that offers single-dashboard visibility across several clouds is more than convenient. This CSPM platform is immensely valuable to security teams, given that schematics for each cloud provider environment differ.

Misconfiguration Detection and Response with CSPM

CSPM helps security operations center (SOC) teams build a robust security posture without requiring deep expertise in individual environments. Once overall cloud security posture is defined, CSPM tools help enforce it across multicloud environments.

Examples of Misconfigured Services

• Amazon S3 bucket carrying sensitive data is exposed to the internet
• Kubernetes cluster endpoint access is publicly enabled
• Serverless function is overly permissive

Many CSPM tools come with security policies to flag misconfigurations that bring risk to the organization. These security policies can help with remediation by providing actionable feedback or resolving policy violations with autoremediation capabilities.