Question: There are so many cloud security acronyms nobody seems to be spelling out. What do they mean?
Answer: Acronyms are confusing jargon that can often serve as a gatekeeper — if you don't sling the lingo, the thinking goes, you don't belong. But if you're reading this, you do belong in cybersecurity, which has to become more welcoming if we ever hope to close the talent gap. So here's a quick guide to some of the acronyms you may come across when talking about cloud security.
CDR – Cloud detection and response. These tools continuously aggregate, normalize, and analyze data provided by SaaS (software-as-a-service) and cloud services about accounts, privileges, configurations, and activity to power insights, situational knowledge, and threat alerts. It provides single-pane visibility into cloud environments while maintaining user context.
CIEM – Cloud infrastructure entitlement management. Such tools address the issue of excessive permissions and entitlements to cloud resources. They detect over-permissioned accounts and roles and unused permissions and accounts. Note that this is distinct from SIEM (security information and event management), which analyzes alerts in real time, and CIAM (customer identity and access management), which aims to give users secure access to resources.
CNAPP – Cloud-native application protection platform. CNAPP addresses the inevitable increased number of moving parts and interlocking systems in cloud-native applications. Using a modular approach, existing CI/CD (continuous integration and continuous delivery) pipelines and runtime platforms can be extended and updated as better methods are discovered. Leveraging a CNAPP gives you in-depth, multilayered, agent-based, and agentless coverage across all aspects of your environment — everything from proactive validation of workloads to auditing policies on the public cloud platform you're running on. Providing more than just convergence of CIEM, CWPP, and CSPM (read on for more about the latter two), CNAPP allows CISOs (chief information security officers) to see the value that cloud security suites deliver, as opposed to a series of disjoint point solutions needing painstaking integration.
CSPM – Cloud security posture management. This refers to a set of controls that detect when your deployed accounts and resources deviate from best practices. CSPM tools embed a variety of standards that allow you to continuously evaluate all cloud accounts and workloads and quickly identify areas of drift and misconfiguration.
CWPP – Cloud workload protection platform. These protect workloads and focus on securing the entire application life cycle, providing cloud-based security solutions that protect instances on AWS, Google Cloud Platform, Microsoft Azure, and other cloud vendors' platforms. CWPP focuses on specific application use cases, such as runtime detection, system hardening, vulnerability management, network security, compliance, and incident response.
SSPM – SaaS security posture management. Such tools monitor security risks in SaaS applications. SSPM looks for and surfaces misconfigurations, compliance risks, unnecessary or defunct user accounts, excessive user permissions, and other cloud security issues so that security personnel can resolve them.