Making sense of the cloud security alphabet

Note:  This is the final post in a six-part series on public cloud security.  You can read the entire series here.

What does this alphabet soup mean to you?  The first takeaway is that once you begin leveraging the cloud in an impactful way (multiple workloads, native cloud applications, etc.) you will need to look beyond perimeter security.  There are a number of solutions to consider, from those which look for threats and threat potentials (SIEM tools) to those that establish a security posture (CSPM tools).  And there is the intermediary step, workload protection (CWPP).  Which do you need?

First, your decision to deploy a SIEM solution should be focused on your threat posture.  Are your existing firewalls and intrusion detection systems performing adequately?  They may be; then again, if you’re in a highly-sensitive sector, such as retail or financial services, a SIEM solution is likely a must-have.  However, don’t expect a SIEM solution to provide complete workload protection, nor compliance.

That means you need to look at CWPP versus CSPM solutions to find a product that will secure your workloads and ensure your IT infrastructure remains compliant with whatever IT best practices are mandated in your industry or sector.  This is pretty much an either-or choice – both will protect workloads, but CSPM will go a step further and add that compliance element.

CSPM and the latest compliance requirements essentially evolved together – so they may provide that compliance element which you need to consider, again depending upon your business.  With CSPM solutions, if you’re only looking to secure AWS, you have a lot of choices; if you’re looking to secure Azure or GCP, or a combination of clouds, your choices get narrowed, at least in today’s market.

A second thing you need to consider is whether that CSPM solution provides only alerting, or automated remediation.  Not all products remediate – and to our way of thinking, an alert-only system is only a part-solution.  You don’t want to burden IT resources with maintaining the health of your infrastructure, especially if you’ve dedicated those resources toward other mission-critical activities.  So by default, you want a CSPM solution that is easy to deploy and to use – and a lot of it should be relatively automatic.

And finally, you need to look at how well do those CSPM solutions integrate with both the cloud-native security solutions and any cloud-specific third-party solutions you may be running.  A CSPM solution should be able to identify where a firewall is needed, for example, and (with your consent) automatically deploy it, and then manage it like any other cloud resource.  A CSPM solution should also be able to cross multiple clouds – again, this will give you the best picture of your security posture, and assist in ensuring you remain compliant.