As we previously discussed in the Automating Your Cloud Security Posture Management (CSPM) Response blog post, CSPM is a vital component in any environment leveraging cloud services. Whether you are using a single cloud or are in a multi-cloud scenario, the complexity of these cloud platforms is constantly expanding. Staying on top of new changes in policies and functionality to ensure that you are maintaining a secure environment is daunting – and almost impossible to do without automation. No one has the resources to spend on maintaining a large team of cloud specialists who just audit everything that is in use.
In this article, we will discuss the key areas where automation by a CSPM solution has proven to be invaluable. We’ll explain these features in a bit more detail with some extra context, and we’ll show you some examples of how each one works to streamline security operations and application support.
Account and Permission Management
When working with multiple clouds – or if you’re just starting out with a single cloud– it’s easy to grant too much access to a user or service account. This often happens during the initial setup or when you grant a user extra access to fix a production problem, then forget to remove it afterwards. This is where a CSPM can really shine by providing helpful visibility into your identity and access management (IAM) configurations on the cloud.
Once you point the CSPM at your clouds’ various IAM services, it can be configured to discover, but not change, all of the accounts and roles that you have configured. CSPMs often make recommendations based on these discoveries, enabling you to set up rules to enforce the proper permissions across your existing accounts. Once your SecOps or SRE team has approved these rules, they can be set to enforce mode, which will stop permission drift as well as report and correct anything that’s out of line.
Another common scenario that CSPMs can identify is when service accounts are reused for multiple applications or services. According to the best practice of following the principle of least privilege, every application that interacts with a service should have unique credentials and the minimum level of access that it needs to perform its task. This also improves auditing and traceability.
When you bring a CSPM online in your environment, it will do more than just discover IAM. For example, it will catalog all of your provisioned cloud services and recommend ways to increase your security profile across all services that are in use based on best practices found in its repository. CSPMs also have the ability to recommend ways to bring your environment in line with government and industry regulations like PCI-DSS and HIPAA.
After initial discovery, a CSPM will continually watch for new services being provisioned. It can also be configured to enforce established organizational standards. This can be as simple as having network security restrict inbound traffic to port 443, or as complex as requiring storage to be encrypted and have a minimum of zone-redundant replication.
As we alluded to in the previous two sections, a CSPM does not just discover and recommend – it can also be set to automatically remediate configuration drift. This continual compliance allows SecOps teams to focus on external threats and SRE teams to focus on application delivery instead of having to constantly double-check to make sure that nothing has changed. While concepts like GitOps (DevOps + IaC) do an amazing job of ensuring that the entire application and its platform are deployed consistently using cloud services, things can still slip through the cracks. When combined with the automated remediation made possible by a CSPM, you’ll be able to catch and remediate potential issues – like neglected security best practices – upstream before they cause real problems.
Effective and Efficient Problem Resolution
The use of automated remediation to fix policies that are being applied to newly deployed services and applications is a great way to highlight how a CSPM handles event and incident management. This support can be as simple as generating a notification that something has been remediated, but it can also perform more complex actions like opening tickets in the incident management system to track incidents that require manual intervention to resolve. While automating everything is ideal, there are always times when you’d rather have manual intervention. For example, you might want an expert to examine configuration changes in a mission-critical application, or you might instantiate a new service for which there are no existing best practices for the CSPM to enforce. Even in these situations, a CSPM can still be extremely helpful; in the case of the mission-critical application, for instance, a CSPM would highlight exactly which configuration changes had been made so that the operator could spend his or her time and expertise on resolving the problem instead of finding the change.
As a leader in the field of automation, Torq is uniquely positioned to help you find and implement a CSPM solution that addresses your organization’s needs. The first steps in your journey are mapped out on Torq’s Getting Started page. There, you can also fill out a contact form to begin a conversation with the experts at Torq, who can show you the best path for getting your own CSPM up and running.