Reduce Cloud Risks With CSPM and CNAPP

By Bojan Magusic, Product Manager, Customer Experience Engineering Team, Microsoft

Cloud-native application protection platform and cloud security posture management can help minimize cloud errors through attack path analysis.

Today, multicloud adoption is widely regarded as table stakes for doing business. According to research by SANS, 86% of organizations have already adopted a multicloud approach. However, for all their benefits around scale, agility, and innovation, cloud environments are also complex, interconnected systems with unique risks — misconfigurations and lateral movement chief among them.

Misconfigurations are the third-most common type of cloud-related security incidents, accounting for 32% of events. They can exist in isolation and pose a relatively low risk to your organization. Or when found in the cloud, they can lead to larger attack paths that end in critical assets. Attack paths are a visual representation of the end-to-end routes that adversaries can use to breach your environment and move laterally.

For security teams that are already stretched thin on resources, knowing how to remediate and prioritize misconfigurations and attack paths is key. When deployed as part of a holistic cloud-native application protection platform (CNAPP), cloud security posture management (CSPM) can empower organizations to tackle these vulnerabilities head-on and reduce their overall security risk.

Identify, Prioritize, Remediate

One complication many security practitioners can attest to is the difficulty of prioritizing critical business resources in light of cloud threats. The average organization has hundreds of attack paths within its environment, some of which are more critical than others. To know which ones they should remediate first, security teams need insight into where these attack paths lead and how adversaries can use them to move laterally and access sensitive or private resources. That's where the value of CSPM comes in.

According to Gartner, CSPM implementations can reduce cloud security incidents caused by misconfigurations by up to 80%. Not only does CSPM proactively identify attack paths within your organization before threat actors can exploit them, it also prioritizes the attack paths based on their potential impact on your business. This is absolutely critical from a risk reduction perspective because it ensures that organizations are investing their resources in areas that will deliver the highest return on investment. This return often comes in reducing downtime, preventing breaches, or minimizing financial loss.

CSPM can also provide automated guidance on remediation next steps. Because technical implementations often differ between public cloud providers, this step-by-step guidance is invaluable in upskilling existing security practitioners who may not be as knowledgeable about a particular cloud environment or vulnerability. It can also lower the barrier to entry for less experienced professionals by providing them with the exact script they need to remediate a misconfiguration or close off an attack path.

Increasing Visibility to Improve Security

However, to be most effective, organizations should consider deploying CSPM as part of a holistic CNAPP solution. By definition, CNAPPs consolidate multiple cloud security solutions under a single umbrella. This allows CNAPPs to provide greater visibility and deeper security insights than individual point solutions, which often exist in siloes and struggle to integrate fully with one another.

By implementing CSPM as part of a CNAPP, organizations can correlate insights about their cloud security posture with identity and access signals, workload protections, DevSecOps, and more. This correlation and increased visibility ultimately empower organizations to reduce risks and elevate their overall security posture.

About the Author

Bojan Magusic is a Product Manager with Microsoft on the Customer Experience Engineering Team. In his current role he acts as a technology expert for Fortune 500 companies, helping them improve their overall security posture in the cloud, by realizing the full value of Microsoft’s CNAPP solution. In addition to various technical certifications, he’s a published book author with Manning, a Prosci® Certified Change Practitioner and has also received certifications from ISC(2), INSEAD, and Kellogg School of Management. He has a strong passion for cybersecurity, advancing women in tech and professional development.