The course is part of this learning path
Cloud Security Posture Management describes how well a cloud environment is secured from events, particularly malicious threats, that could compromise the integrity of its data and infrastructure. As cloud environments are virtual and depend on many settings, an enormous opportunity exists for incorrectly configured infrastructure to be exploited. This course introduces the student to Cloud Security Posture Management and how associated tools can assess and aid in securing a cloud environment against external attacks.
- Explanation of Cloud Security Posture Management
- Why Cloud Security Posture Management is important
- How Microsoft Defender for Cloud implements Cloud Security Posture Management
- Students who want to know about Cloud Security Posture Management and how it relates to Microsoft Defender for Cloud
- Students who intend to take the SC-900 exam: Microsoft Security, Compliance, and Identity Fundamentals
An understanding of general technical concepts.
First, let's get a handle on what exactly Cloud Security Posture Management is and isn't because I'm sure you're thinking it's an unusual term. Apparently, Cloud Security Posture Management was first used by Gartner to describe the security breaches arising from misconfiguration of cloud infrastructure and cloud-based software. When you put cloud security in the context of early adoption and migration from on-premises to cloud infrastructure, it's easy to see why this might happen.
Understandably, in the early days of cloud services, organizations lacked cloud experience when moving from on-prem to the cloud. In a case of not knowing what you don't know, there's a temptation to go with what you do know and implement on-premises security strategies in the new cloud environment. Cloud-based systems can potentially expose more points of ingress to bad actors than on-premises infrastructure. For example, more people will likely be accessing virtual machines via remote desktop over the internet in a cloud environment than in an on-premises scenario.
Not only are you exposing points of failure you may not have thought of in an on-premises situation, but the nature of the exposure and types of threats faced are qualitatively different. On-premises networks are physical constructs of servers, routers, and cables completely under your control. In a cloud environment, VMs and networks can be magicked up out of thin air with the aid of a credit card, potentially exposing existing cloud assets to online threats if not configured properly.
While Cloud Security Posture Management's initial stance was that of hardening and threat protection rather than mitigation and remediation after an attack, it has since expanded to include automated assessment, recommendations, and monitoring. In this respect, Cloud Security Posture Management is analogous to security hygiene, often described as the routine maintenance, security, and health of software and infrastructure assets.
CSPM tools provide security assessments for workloads and assets along with ongoing resource monitoring. A key feature of well-implemented CSPM tools is the ability to drill down into highlighted vulnerabilities and easily remediate issues. Vulnerabilities depend on the resource type, but typical issues may include network ports open to the internet and weak authentication, i.e., not implementing multi-factor authentication. While the main focus is security, other issues such as not having scheduled backups can also be flagged. Not only are potential threat vectors identified, but resources that aren't configured following best practices are highlighted. In addition to security vulnerabilities, a good cloud security posture management tool will highlight deviations from compliance and regulatory standards.
In summary, Cloud Security Posture Management has two overarching elements. Enhance and harden workload security and ongoing monitoring of your environment's security. CSPM is supported on all three major cloud platforms, Azure, AWS, and GCP, meaning as a concept, it's platform agnostic. The three major cloud vendors have their own implementations of CSPM. Still, as they all face the same security issues, externally, their versions look very similar, conforming to standardized measurements, which enables the sharing of security metrics.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.