First, let's get a handle on what exactly Cloud Security Posture Management is and isn't because I'm sure you're thinking it's an unusual term. Apparently, Cloud Security Posture Management was first used by Gartner to describe the security breaches arising from misconfiguration of cloud infrastructure and cloud-based software. When you put cloud security in the context of early adoption and migration from on-premises to cloud infrastructure, it's easy to see why this might happen. 

Understandably, in the early days of cloud services, organizations lacked cloud experience when moving from on-prem to the cloud. In a case of not knowing what you don't know, there's a temptation to go with what you do know and implement on-premises security strategies in the new cloud environment. Cloud-based systems can potentially expose more points of ingress to bad actors than on-premises infrastructure. For example, more people will likely be accessing virtual machines via remote desktop over the internet in a cloud environment than in an on-premises scenario. 

Not only are you exposing points of failure you may not have thought of in an on-premises situation, but the nature of the exposure and types of threats faced are qualitatively different. On-premises networks are physical constructs of servers, routers, and cables completely under your control. In a cloud environment, VMs and networks can be magicked up out of thin air with the aid of a credit card, potentially exposing existing cloud assets to online threats if not configured properly.

While Cloud Security Posture Management's initial stance was that of hardening and threat protection rather than mitigation and remediation after an attack, it has since expanded to include automated assessment, recommendations, and monitoring. In this respect, Cloud Security Posture Management is analogous to security hygiene, often described as the routine maintenance, security, and health of software and infrastructure assets.

CSPM tools provide security assessments for workloads and assets along with ongoing resource monitoring. A key feature of well-implemented CSPM tools is the ability to drill down into highlighted vulnerabilities and easily remediate issues. Vulnerabilities depend on the resource type, but typical issues may include network ports open to the internet and weak authentication, i.e., not implementing multi-factor authentication. While the main focus is security, other issues such as not having scheduled backups can also be flagged. Not only are potential threat vectors identified, but resources that aren't configured following best practices are highlighted. In addition to security vulnerabilities, a good cloud security posture management tool will highlight deviations from compliance and regulatory standards.

In summary, Cloud Security Posture Management has two overarching elements. Enhance and harden workload security and ongoing monitoring of your environment's security. CSPM is supported on all three major cloud platforms, Azure, AWS, and GCP, meaning as a concept, it's platform agnostic. The three major cloud vendors have their own implementations of CSPM. Still, as they all face the same security issues, externally, their versions look very similar, conforming to standardized measurements, which enables the sharing of security metrics.