Gartner had in its report published in early 2019, recommended that security leaders invest in cloud security and posture management tools to identify and remediate the risks of misconfiguration, mismanagement, and mistakes.
Enterprises have since then started focusing on cloud security and are on the look-out for a dynamic cloud security solution but are still unaware of what tool to look for in a tool.
Within the cloud security space, there are Cloud Access Security Brokers (CASBs), Cloud Workload Protection Platforms (CWPPs), and Cloud Security Posture Management (CSPM) tools. While these tools offer an over-lapping set of capabilities to each other, they do not provide all the capabilities required to perform the job of the other.
CASBs are placed between the customer and the cloud service provider to enforce security, compliance, and governance policies for cloud applications. They focus on SaaS security and gives visibility and control on the use of SaaS applications such as Office 365, Salesforce, etc.
CWPPs are solutions primarily used to secure server workloads in public cloud IaaS environments. They commonly offer workloads configuration and vulnerability management, network segmentation; workload behavior monitoring; visibility; system integrity monitoring; container security risk mitigation, etc.
CSPM tools were earlier referred to as Cloud Infrastructure Security Posture Assessment (CISPA) tools when their capabilities were limited to reporting as against the current ability of a security management automation tool that addresses misconfiguration issues.
With the increasing usage of cloud services and the growing cloud security concerns, the vulnerability landscape must be reduced. Gartner has also predicted that by 2022 most of the cloud security failures will be the result of an organisation’s mistakes, i.e., misconfiguration in the cloud.
A single misconfiguration has the power to expose several thousands of systems and sensitive data to the public internet.
Most of the cloud security breaches that we read about in 2019 had one thing in common “misconfiguration”. Some of the popular misconfigurations exposed several hundred million personal data and records. According to CSA, “Misconfiguration occurs when computing assets are set up incorrectly, often leaving them vulnerable to malicious activity”.
C3M Cloud Control is a CSPM that also has some CWPP capabilities. The platform offers: