CSPM (Cloud Security Posture Management)

CSPM platforms connect to cloud provider APIs (AWS, Azure, GCP, OCI) and inventory every resource — networks, storage, IAM, databases — then evaluate them against rules derived from CIS, NIST, PCI, SOC 2, or custom policies. Findings include public storage buckets, overly permissive security groups, missing encryption, disabled logging, and drift from approved baselines. Modern CSPM links risks to business context (data sensitivity, internet exposure, blast radius) and offers auto-remediation playbooks or Terraform pull requests. CSPM is foundational for multi-cloud governance but typically lacks workload-level depth, which is why it is increasingly bundled into CNAPP suites.