Apr 16 2021

Choosing a Cloud Security Posture Management (CPSM) Solution: What to Consider

CSPM solutions offer efficient, cost-effective protection.

Today, cloud computing plays a central role in the technology ecosystems of every college and university. The degree of cloud adoption varies, of course. Some schools might use a handful of carefully vetted Software as a Service (SaaS) providers for video conferencing, email and their learning management systems. Others have taken an all-in, cloud-first approach to managing their infrastructure.

Either way, the manner in which higher education IT provisions and manages services has been forever changed. The flexibility and agility of the cloud allows technologists to improve the level of service they provide to students, faculty and staff while also keeping costs under control. These services do, however, pose new potential cybersecurity risks that must be ­mitigated. Perhaps the most significant risk in a cloud-centric environment is the potential misconfiguration of cloud provider security controls.

Shifting to a cloud model does transfer some cybersecurity responsibilities to the cloud provider. Even so, the shared-responsibility model of cloud computing leaves some security controls in the hands of the customer. SaaS providers manage the underlying infrastructure and code base, but customers must still configure application security settings and control access to their data.

DOWNLOAD THE WHITEPAPER: Learn how to manage your cloud security posture effectively.

Meanwhile, Infrastructure as a Service (IaaS) customers find themselves responsible for managing security groups, updating operating systems and performing many of the same cybersecurity tasks that they encountered in their own data centers. When these configurations are spread across many different providers, the complexity of the situation increases the potential for an error to cause a data breach. This is where cloud security posture management (CSPM) solutions enter the picture.

What is Cloud Security Posture Management (CSPM)?

CSPM solutions seek to reduce the administrative burden on organizations by centralizing control over cloud computing environments. CSPM platforms offer direct integrations into the configuration of many different cloud services, allowing the assessment and configuration of SaaS, IaaS and other cloud offerings. These capabilities begin with features that allow the deep inspection of cloud service configurations against industry best practices. Institutions can then proactively detect misconfigurations before an attacker discovers and exploits those vulnerabilities.

CSPM platforms don’t stop at detection, however. They also offer remediation capabilities that allow administrators to automatically or manually correct misconfigurations to bring service settings back into compliance. Not only does this save hours of work for cloud service administrators, but it also reduces the window of vulnerability from each new security issue. CSPM vendors publish continual updates to ensure these capabilities remain current, even in the face of constantly changing vendor features and interfaces.

DIVE DEEPER: Learn how to manage your multicloud environment more effectively.

How to Choose the Right CSPM Solution

When choosing a CSPM platform, technologists should first consider the product’s ability to support the range of cloud services that their institutions use. The major CSPM offerings all support the most common cloud service providers. It’s hard to imagine any offering that won’t support a school’s email service provider or IaaS platform of choice.

The real value of provider integrations lies in edge cases. Perhaps an institution is using an uncommon learning management system, classroom scheduling service or enterprise resource planning system. Take time to match your institution’s cloud services with each CSPM platform’s capabilities. Given the breadth of cloud services most schools use, any deployment will probably require a few manual integrations, but institutions should strive to keep those to a minimum.

After validating a CSPM solution’s coverage, the next step is to verify that it performs effective assessment and remediation in alignment with your institution’s security standards. Many universities rely on the cloud security standards offered by their IaaS providers and the National Institute of Standards and Technology, and most CSPM platforms support these assessments.

Still, colleges and universities also find themselves subject to a wide range of regulatory requirements, including HIPAA compliance, the Payment Card Industry Data Security Standard, and state cybersecurity and privacy regulations. When selecting CSPM solutions, always verify that potential candidates can meet all of the institution’s regulatory obligations.

MORE ON EDTECH: Simplify resource management in higher education with Azure tags.

Integrating CSPM with Other Cybersecurity Controls

CSPM technology shouldn’t operate in a vacuum. Information provided by these tools should feed directly into other components of an institution’s security program to increase their efficiency and effectiveness.

CSPM alerts requiring manual remediation should automatically open trouble tickets in an institution’s IT service management solution, flowing directly into existing vulnerability management workflows. Configuration information from cloud services should flow back into the security information and event management platform, enhancing cloud security visibility. Many of these integrations may be available out of the box, but others may require custom integrations.

Supporting these nonstandard integrations requires access to a comprehensive application programming interface. With API access, developers may extend the capability of the CSPM and integrate it directly into DevSecOps workflows. This approach allows for the automated triggering of assessments and remediations during the testing process, so that code and configurations can be locked down before they ever reach a production deployment. Deep integration into development environments allows CSPM platforms to quickly thwart security risks that arise.

LEARN MORE: Here's what to consider when moving from DevOps to DevSecOps.

The cloud permeates every aspect of college and university life, from the classroom and residential life to the back office and the C-suite. Deploying CSPM technology allows cybersecurity teams to manage security assessments and remediate potential issues, protecting sensitive information from unauthorized disclosure and alteration and promoting a safe campus computing environment. Institutions that aren’t evaluating CSPM technology should begin doing so in the near future.

gremlin/Getty Images