CSPM tools look at workloads to see what’s happening and they provide context, so organizations know which of the vulnerabilities or issues is most important, says Charlie Winckless, a senior director analyst at Gartner. “These tools enable companies to prioritize which risks are real, which risks are important, and which risks they may be able to delay fixing a little bit,” he says.
Cloud technologies have been classified as infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS). The differences among these three designations are becoming blurred to the point where the labels don’t have much meaning anymore. As enterprises purchase more diverse cloud offerings, the notion of having a single tool such as CSPM that covers all these bases becomes appealing.
What to look for in cloud security posture management (CSPM) tools
Organizations evaluating various CSPM tools should ensure that they cover all the cloud platforms they’re using, says Winckless. “You want to be able to normalize the configuration risks across the major cloud platforms,” he says. “Most organizations that are purchasing these tools will probably be multicloud. They’ll be using at least two clouds, maybe more, since the cloud providers themselves do offer some of this functionality built into their platforms.”
