CSPM Engineer – Day in a Life

Understand the basics of CSPM solution

Every CISO is now keen to redefine their corporate security strategy and require guidance on securing their cloud assets. Securing cloud environment require detailed study and analysis on their adoption of services across SaaS, IaaS & PaaS components. While many cloud service providers (CSPs) declare that security in cloud in shared responsibility – it truly means a lot and business leaders to understand these terminologies to make key decisions.

CSPM (Cloud security posture management) helps business to secure the IaaS and Functional PaaS environment. Gartner defines CSPM as ‘“a continuous process of cloud security improvement and adaptation to reduce the likelihood of a successful attack”. It helps customers to continuously discover the cloud assets and compare it against security and compliance best practices (also known as security policies). The relevance of CSPM solutions has been depicted in the below diagram.

This market is ever evolving due to nature of new services inclusion by the cloud service providers. Big players has made acquisitions in recent years and been integrating it into their existing product portfolio. Some security vendors also has complementing solutions such as CASB (Cloud security access broker) and CWPP (Cloud workload protection platform) along with CSPM offerings. IT Security leaders should consider the use-cases and functional scenarios in their environment and decide to choose CSPM products.

Day in a Life of CSPM Engineer

Its important for IT security leaders to develop the roadmap of CSPM deployment and enablement strategy. If you’re familiar with cloud operations – you’ll agree that on a daily basis the business will onboard new cloud services and components. The application team make frequent code changes, developer community will perform testing, staging and release(s). Its not recommended to enable all applicable CSPM out of box controls in initial deployment stage and forget afterwards. Cloud security requires continuous security assurance and governance.

CSPM engineer ‘day in a life’ will be packed with energy and determination to discover, provide visibility, analyze the context, respond to threats and manage governance.

Organizations today has multiple cloud providers (such as AWS, Azure, GCP) and has multiple accounts. This reminds IT security stakeholders to train the CSPM engineers becoming familiar on the CSPs terminologies, concepts and integration capabilities or hire experienced professionals. Lets discuss some of the key tasks the CSPM will need to perform on daily basis

  • Onboarding Cloud accounts (such as Azure, AWS & GCP) – this includes access grant, enabling policies, configuring baselines, configuring agents (if applicable), verifying health status
  • Onboarding SaaS accounts (such as Microsoft 365) – this includes enabling security configuration agent, verifying health status
  • Administer CSPM solution – this includes managing user roles, audit logs, manage API access
  • Discover cloud assets – this includes gaining visibility and manage cloud assets
  • Manage Security policies and Benchmarks – this includes configuring CSPs specific security policies, industry specific compliance policies (such as HIPAA, PCI, etc.), benchmarks standards (such as CIS, NIST, etc.)
  • Respond to alerts – this includes monitor, investigate and triage incidents based on actionable alerts
  • Manage OS hardening – this includes administer operating system baseline and hardening
  • Integration with 3rd party systems – this includes manage changes, requests on integration with other systems (such as ITSM and CI/CD Tools)
  • Remediation guidance – this includes providing recommendations to the stakeholders to fix the potential threats, applying configurations on the systems to maintain IT security regulatory compliance and standards
  • Manage reports – this includes providing reports to the business and IT stakeholders

The objective, CSPM engineer to consider while performing his daily duties is that his role enables the organization to maintain the IaaS and PaaS cloud services security posture. This helps business to manage the security governance in cloud, enforce policies and avoid risks by protecting threats.