Origin of the term Posture Management in context of Cyber Security
Security Posture Management solutions gained popularity in the context of Cloud Security, that is, in the form of Cloud Security Posture management (CSPM) solutions. CSPM enabled organizations to assess and monitor their security posture in the cloud, helping them identify vulnerabilities, misconfigurations, and potential threats.
If you google Cloud Security Posture Management, most descriptions of the solution talk about the following features:
- Continuously monitor and assess compliance policies
- Identify how new assets comply with security policies and regulations
- Centrally review how threats are being detected, quarantined, and remediated
- Identifying and classifying risks is critical to maintaining cloud security
- Visibility into what assets are in the cloud and how they are configured is crucial for cloud security
Now, those who have been in Cyber Security long enough can sense the familiarity of the above features to the old-school world of “Configuration Auditing”: the practice of verifying that the configurations of operating systems, web servers, application servers, etc met a minimum baseline standard for security. “Security Posture Management” is just a fancy name for “Configuration Audting”. The security industry is great for generating new jargon. Enough criticism, let’s dive deeper into understanding why the world of SaaS Security Posture Management ecosystem.
First, Understanding the SaaS Landscape
- We know from looking around us within our organizations and outside that SaaS is exploding like never before, especially after the pandemic. Lower costs, ease of use, scalability, and integration capabilities are key drivers for organizations opting for these services to address their problems. As per the market and consumer statistics company, Statista, there are currently 30,000 SaaS companies around the world and this number is expected to explode to 72,000 by 2024. The market size of SaaS is projected to reach $700 billion by 2030. Given this growth, it is clear that we are already in a SaaS economy. Some would argue and say that, no we are now in AI economy. Truly speaking, most of the AI applications today are being sold as SaaS products. So, I would still call it a SaaS economy.
Why does SaaS need Security Posture management?
When it comes to secure configuration of operating systems or other system software, you would find a plethora of documentation around the optimal configurations that you should make on your box to lock it down. You would also find numerous scripts to automate the process for you. But can you find the same for your SaaS product? Nope.
SaaS products are usually feature rich. (They have to be, otherwise they won’t receive VC funds 😉). When onboarding SaaS prodcucts, admins would first be concerned whether they are configuring the product correctly for their use case. Secure configuration is always an after thought.
Owing to the abundance of features, SaaS can open up new attack surfaces for organizations. The more functionalities a system has, the more chances there are that some of them may be misconfigured. Additionally, unlike OS and other system software, there is no singular underlying principle that governs the secure configuration of all SaaS services because every SaaS is different in terms of the features they provide.
How SSPMs help organizations reduce risk?
- Providing visibility of your SaaS platforms’ security:
You can’t mitigate the risks that you are unaware about. Since SaaS products do not sit within your network, old-school monitoring makes no sense here. Most SSPM solutions provide a dashboard for administrators to understand the inventory of SaaS products handling organization’s sensitive data and the risks that this data is exposed to. - User Access Monitoring
- Overly permissive settings: The variety of SaaS applications running in an organization makes it difficult for administrators to understand the security implications of every role and privilege granted to users. SSPM solutions ease this task by providing information about user roles or accounts that are likely too permissive.
- Stale user accounts: De-provisioning user access from SaaS applications can be a real pain as it would almost always require administrators to manually login to the application and revoke permissions or delete accounts. In such a scenario, it is highly likely that administrators would miss deleting some accounts. SSPM alerts administrators about user accounts that have not logged-in for an extended period of time indicating the possibility of a stale user account.
- Identify Misconfigurations and Vulnerabilities: By actively detecting and notifying your security team of unnecessary permissions, ensuring access control, and providing proactive remediation solutions, a reliable SSPM solution helps prevent misconfigurations. While many security solutions focus on guarding against deliberate misconfigurations, SSPM offers the ability to manage both intentional and unintentional misconfigurations, thereby reducing the risk of user configurations deviating from standard guidelines.
- Compliance Management: Companies heavily reliant on SaaS face significant challenges in maintaining compliance with internal regulations and external security policies. The sheer volume of applications used by employees and customers on a daily basis can make it easy for compliance considerations to be overlooked or disregarded. Despite the critical importance of compliance in SaaS usage, companies often struggle to keep track of and adhere to the necessary regulations and policies.
- Remediation Guidance or one-click remediation: Upon identifying security risk-related data, SSPM autonomously assesses the required actions to be taken. By continuously monitoring and reinforcing your security posture round the clock, SSPM ensures immediate remediation, which is crucial for effectively defending against threats. The proactive and constant vigilance provided by SSPM significantly contributes to strengthening your overall security defenses.