Improve your Security Hygiene with Cloud Security Posture Management (CSPM)

By Sarah Young, Senior Cloud Advocate

16/05/2023

A header showing a lock next to an illustration of Bit the Raccoon

Hi everyone!

As I write this piece, I’m on a plane to Singapore. I’m super excited to have been selected to speak at Black Hat Asia, which – if you’re not familiar with it – is one of the biggest and well-known security conferences globally. I attend conferences and speak all the time, but if I’m honest, I’m a little bit nervous about this one!

We’ve had a couple of security events in quick succession in the past few months: Microsoft Secure and then RSA, so there have been plenty of exciting announcements to talk about in the security space. I’m not going to talk to you about Microsoft Security Copilot: not because I don’t think it’s an exciting product, but because it’s been hogging the limelight a bit (however, if you do want to find out more about it, watch our announcement here).

Have you heard about the product formerly known as Azure Security Center? It’s now called Defender for Cloud – the name changed about a year ago – and they have recently released their Defender for Cloud CSPM (Cloud Security Posture Management) module. In my humble opinion, CSPM capabilities are very underrated and everyone needs to be looking at getting this kind of capability into their environment.

Essentially, CSPM tools will automatically assess your environment and will tell you where you can better your security hygiene across your IaaS and PaaS services (e.g. turn on MFA, apply patches, close ports, etc.) and – if you want them to – remediate it automatically. Research shows that around 95% of security breaches would have been mitigated by good security hygiene practices, but as any IT Pro/sysadmin knows, it’s hard to do in real life. CSPM tools really help with this ongoing challenge of keeping on top of security hygiene.

Defender CSPM GA’d some new features that you may not have looked at before, such as a graph-based attack path which allows you to run queries to explore risk and surfaces contextual threat data to help prioritise remediation and uncover risk of sensitive data exposure and potential data breaches. We’ve expanded the posture management capabilities to be data-aware, to help prevent sensitive data exposure and to fix issues both in code and runtime.

In even better news, the Defender CSPM module free trial has been extended until August, so you have no excuse to not go and try it out! And before you ask: no, it’s not just for Azure environments. Defender CSPM can provide posture monitoring across Azure, AWS, GCP and on-premises environments so you can assess your whole environment. You can read more about Defender CSPM here.

I think I got too much into the CSPM capabilities this time, but security hygiene is so, so important and these tools make it much easier to implement and manage so I want to spread the good word of CSPM.

I wish you a fantastic May; don’t forget that security is everybody’s responsibility!