Mark Halsall is a Regional Cloud Architect at Check Point Software Technologies. With more than 20 years of IT security experience, Mark has been with Check Point for the last six years. Before that, he worked for a security-focused reseller, supporting, implementing, and training customers on various security solutions. Through it all, he has watched the development of cloud services, seen their benefits, and observed their challenges with great interest. 

In this outstanding interview, get in-depth insights into Cloud Security Posture Management. Foster innovative thinking and implement infrastructure improvements in parallel with Mark Halsall’s cutting-edge expert analysis.

As companies move more and more of their applications to the cloud, security of cloud services becomes paramount. Unlike traditional datacenters, though, visibility into traffic inside the cloud is not easily obtainable. To combat this, a Cloud Security Posture Management solution can give you the information that you need.

1) What is CSPM?

A Cloud Security Posture Management solution is a tool that is designed to identify risks due to misconfiguration as well as compliance issues inside a cloud environment. It will continuously monitor your cloud environment for gaps in policy enforcement by comparing them with best practices and regulatory requirements. You may also be able to monitor cloud identity and access solutions to determine if permission profiles are over broad, etc. Organizations in multi-cloud environments will be of particular benefit, as they will get a comprehensive view over their entire estate.

2) How can it help simplify regulatory compliance?

Most CSPM products have regulatory compliance checks built in and can apply them to your environment on demand or on a schedule. Coverage of compliance frameworks and cloud providers varies among solutions, so you want to be sure that a solution is chosen that covers all the frameworks that you are affected by in all the cloud providers that you use.

3) What issues have been seen that CSPM could have prevented?

  • Novaestrat breach 2019: A misconfigured Amazon S3 bucket revealed Ecuadorian citizens’ data, including national ID numbers associated with information such as names, addresses, phone numbers, email addresses, and marital statuses, among other things. With a little work, it was also linked to financial information on accounts held at Biess, Ecuador’s national bank, employment information, including tax and salary details, and car makes, models, and license plates.
  • Microsoft tech support breach 2020: 250 million customer service and support records were left unprotected, exposing conversation logs between Microsoft support agents and their customers. Even though personal data was redacted, much of that information was available in the plaintext logs.
  • SolarWinds backdoor: Attackers accessed the SolarWinds software build system and planted backdoors, allowing remote access to systems with the software installed. Around 18,000 government and private users were affected, including the US Treasury Department, the US Commerce Department, The Centers for Disease Control and Prevention, the US Justice Department, and some utility companies. Other US organizations included the Los Alamos National Laboratory, Boeing, and most Fortune 500 companies. Outside the US, reported SolarWinds clients included parts of the British government such as the Home Office, National Health Service, and signals intelligence agencies, the North Atlantic Treaty Organization (NATO), the European Parliament, and likely AstraZeneca.

4) Can CSPM help speed up deployment in a DevOps environment?

Yes! Container images can be automatically checked for issues such as known vulnerabilities, hardcoded credentials, and overbroad privileges. Serverless functions can be checked for those as well as vulnerable dependencies. This can be done for both code in the development pipeline as well as that which has been already deployed. These automatic checks are much faster and more thorough than having a team do them, so issues can be found and resolved more quickly.

For more information about cloud security, click here.