Cloud Security tools : CASB, CWPP & CSPM, Use Cases, For cloud security to success at scale, why do you need to use automation? -Explained & Explored.

In my previous blog, I have explain about what is cloud security?, what are critical cybersecurity challenges? & how to overcome from these challenges?. I have explained about these critical generic challenges & how to overcome from these challenges. ie; Visibility into cloud data, Data breaches, Misconfiguration of Cloud Platform, risk of Access to cloud data and applications, (DoS) attacks, Data Loss and Leakage, Cloud security Compliance's. 

Gartner came mainly with 3 different cloud security tools which will cover almost every threat in cloud security known as CASB, CWP, and CSPM. So here I will explain about, what are these tools ? what are the use cases ? & also explain “ for cloud security to success at scale, why do you need to use automation ?"

Cloud Security is a suite of services to help companies in their digital transformation / cloud adoption process to achieve their security goals in public/hybrid cloud environments(IaaS, PaaS and SaaS) . This suite includes the following services:

1-Cloud Access Security Broker (CASB)

2-Cloud Security Posture Management (CSPM)

3-Cloud Workload Protection Platform (CWPP)

So, what is CASB Platform?

As Gartner Defines, (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.

Use cases :

Visibility- (involve cloud identification, risk assessment, audit trails for forensic investigation, and e-discovery). Data protection-(DLP, governance and risk base access control, Data encryption& key management/Tokenization/DRM,MDM etc. Threat protection-protect clouds from malicious insiders, compromised accounts, advanced persistent threats (APTs), attacks on (APIs), malware, ransomware etc. Compliance- policies for ( Data protection,data sovereignty (data residency) & global regulations)

What is CWP Platform?

As per Gartner – the market for Cloud Workload Protection Platforms CWPPs is defined by workload-centric security protection solutions, which are typically agent-based. They address the unique requirements of server workload protection in modern hybrid data center architectures that span on-premises, physical, and virtual machines (VMs), and multiple public cloud infrastructure as a service (IaaS) environments. Ideally, they also support container-based application architectures.”

In other words, CWP provides a cloud-based security solution that protects instances on AWS, Microsoft Azure, and Google Cloud Platform(GCP) & others cloud vendors.

 CWPP major use cases :

System hardening,Vulnerability management, Network firewalling, Micro-segmentation, System integrity monitoring, and Application whitelisting. Anti-malware scanning, Exploit prevention/memory protection, Server workload EDR, behavioral monitoring. Etc.

What is CSPM?

According to Gartner, Cloud Security Posture Management (CSPM) tools are fundamental to cloud security. Gartner states that "CSP concentrates on security assessment and compliance monitoring, primarily across the IaaS cloud stack". CSPM typically involves leveraging API integrations with one or more cloud providers in order to automatically discover cloud assets and their associated risks.

"Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively identify and remediate these risks."

CSPM solutions commonly used for :

1-Identifies risky configuration settings and providing visibility into the current security posture of your cloud environment. 2-Recognizes and logs changes in configuration and who made them, helping to identify accidental, inappropriate or malicious changes 3-Maintains and provides a path to compliance for security frameworks such as CIS, NIST, HIPAA/HITECH, PCI DSS, and CSF. 4- Inventories all cloud assets across IaaS, PaaS or SaaS, and alerts when new items are added, who added them, and if they are secure and compliant, Etc.

Cloud visibility & cloud security tool groups 

Above image is explaining that if your organization is putting sensitive data in SaaS, deploy a CASB. If your organization is processing sensitive data in IaaS, deploy both CSPM to assess your cloud configuration and extend your Workload Protection to the cloud with CWPP.

“for cloud security to success at scale you need to use automation”. Cloud automation ensures that human error during the set-up stage doesn’t leave your application or data vulnerable to attack. Automated monitoring is the only realistic way to ensure that your application stays as secure as possible at all times and that security vulnerabilities aren’t introduced. And also continuous security and compliance is only possible with automation tools to ensure across-the-board access management and to monitor and dynamically fix security vulnerabilities in real time. In addition, it allows your IT team to use their time to work on the types of projects that can’t be automated—like developing security strategy.

It is always recommended that implementation of cloud security processes should be a joint responsibility between the business owner and solution provider.

" Some data and facts has been taken from different sources"