Cloud Security Posture Management (CSPM) (noun)
Rick Howard: The word is: CSPM
Rick Howard: Spelled: C for cloud, S for security, P for posture, and M for management.
Rick Howard: Definition: Tools that automate the identification and remediation of cloud misconfigurations.
Rick Howard: Example sentence: CSPM solutions work by continuously scanning and remediating an organization's cloud asset configurations against established security and compliance frameworks.
Rick Howard: Origin and context: CSPM is a term most likely coined by research firm Gartner, in a 2019 innovation paper. It's unclear because the research is behind the Gartner paywall, but according to the Cloud Security Alliance, Gartner recommended that security and risk management leaders invest in CSPM processes and tools to avoid misconfigurations that can lead to data leakage. In 2019 Brian Reed from the website CIO Drive said that the vast majority of successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. What was needed was a tool that could automate the discovery and remediation tasks for cloud environments. CSPM is a security first principle tactic that falls under the Zero Trust Strategy umbrella. It has evolved from the traditional vulnerability scanners that emerged in the early 2000s that would automatically check internal systems for known vulnerabilities. CSPM's systems apply that idea to cloud configurations.
Rick Howard: Nerd Reference: In my favorite sci fi movie of all time, Serenity, directed by Josh Whedon of Buffy the Vampire fame, and released in 2005. It's a better space western than Star Trek, a better space opera than Star Wars, and I will die on that particular nerd hill.
Rick Howard: In this scene, Simon, played by Sean Maher, a very rich doctor is trying to break out his sister, River, played by Summer Glau, of a super secret government and highly secure research lab and he has spent his entire family fortune to buy the insiders who will turn off the security controls that prevent outsiders from gaining entry and getting out once they've gotten in. Simon finds River in a lab, subdues the guards, and is now trying to make their escape, but the research facility's security posture management system discovers that the security controls have been turned off and starts the process of turning them all on again.
Simon: It's Simon, please, it's Simon. It's your brother.
River: Simon, they know you've come.
Simon: We can't make it to the surface from the inside. Find out.
Rick Howard: Simon and River run to an outside prearranged air vent to ride up a makeshift elevator that will take them to their escape. They make it out just as the security controls lock into place. Hopefully, your cloud security posture management system will react more efficiently when the time comes.
Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe, and edited by John Petrik and me, Rick Howard. The mix, sound design, and original of music have all been crafted by the ridiculously talented Elliott Peltzman. We're privileged that N2K and podcasts like Word Notes are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sectors, as well as the critical security teams supporting The Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K Strategic Workforce Intelligence optimizes the value of your biggest investment, people. We make you smarter about your team, while making your team smarter. Learn more at N2K.com and thanks for listening.