CSPM (Cloud Security Posture Management)
What is CSPM (Cloud Security Posture Management)?
CSPM (Cloud Security Posture Management)A category of tools that continuously assess cloud accounts against best-practice and compliance baselines to detect and remediate misconfigurations.
CSPM platforms connect to cloud provider APIs (AWS, Azure, GCP, OCI) and inventory every resource — networks, storage, IAM, databases — then evaluate them against rules derived from CIS, NIST, PCI, SOC 2, or custom policies. Findings include public storage buckets, overly permissive security groups, missing encryption, disabled logging, and drift from approved baselines. Modern CSPM links risks to business context (data sensitivity, internet exposure, blast radius) and offers auto-remediation playbooks or Terraform pull requests. CSPM is foundational for multi-cloud governance but typically lacks workload-level depth, which is why it is increasingly bundled into CNAPP suites.
● Examples
- 01
Wiz, Prisma Cloud, or Microsoft Defender for Cloud flagging an S3 bucket with public ACLs.
- 02
AWS Security Hub aggregating CIS Foundations Benchmark findings across accounts.
● Frequently asked questions
What is CSPM (Cloud Security Posture Management)?
A category of tools that continuously assess cloud accounts against best-practice and compliance baselines to detect and remediate misconfigurations. It belongs to the Cloud Security category of cybersecurity.
What does CSPM (Cloud Security Posture Management) mean?
A category of tools that continuously assess cloud accounts against best-practice and compliance baselines to detect and remediate misconfigurations.
How do you defend against CSPM (Cloud Security Posture Management)?
Defences for CSPM (Cloud Security Posture Management) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CSPM (Cloud Security Posture Management)?
Common alternative names include: Cloud posture management.