Earlier this year, Gartner published the 2020 Hype Cycle for Cloud Security. For those unfamiliar with Gartner’s numerous evaluation constructs, a Gartner Hype Cycle helps IT decision-makers discern technology hype from actual business viability, with a graphical map across a maturity timeline. In particular, the Gartner Hype Cycle for Cloud Security aids security leaders in evaluating emerging technologies to help their organizations use public cloud securely.
One of the key innovations highlighted by Gartner to improve the security, governance, and reliability of cloud computing is cloud security posture management (CSPM). Gartner defines CSPM as:
CSPM offerings continuously manage cloud security posture through the prevention, detection, response and proactive identification of excessive cloud infrastructure risk. The core of CSPM offerings applies common frameworks, regulatory requirements and enterprise policies to proactively and reactively discover and assess risk/trust of cloud services configuration and security settings. Ideally, if a setting is noncompliant or a configuration represents excessive risk, automated action to adapt, including remediation, is initiated.
Recently, Louis Columbus, Senior Contributor to Forbes, wrote an article highlighting the new components of the 2020 Hype Cycle for Cloud Computing and reflected that CSPM is one of the three key areas that set enterprises ahead of their peers when integrated into their broader cloud strategy.
So, what’s all the hype about?
Gartner cites that for enterprises using a multicloud strategy, cloud security posture management assures business and security leaders that their services are implemented in a secure and compliant way across multiple cloud providers.
At Concourse, we take that a step further. We believe an enterprise cloud strategy should be driven by an enterprise cloud governance strategy. Concourse Labs has introduced a set of innovations that change the security paradigm for cloud. At the heart is Automated Cloud Governance, which uses the same concepts that make cloud scalable and efficient and applies them to enterprise governance.
Concourse approaches the problem by first addressing organizational complexity, enabling companies to establish policies that are aware of their context within the enterprise, enabling adaptation and tuning to meet the needs of each part of the organization. It introduces the concept of risk “surfaces,” which are a slice through the company, organized in whatever manners are most appropriate for establishing policies and managing risk. For example, surfaces can be created for each line of business, each function, or each geography. Behaviors appropriate for a group in New York may be very different than what’s appropriate for the same group in Beijing. Or employees in the Finance organization may have a different set of controls than those in Sales. However complex the organization, Concourse makes it easy to establish a federated policy framework that is both granular and comprehensive.
Concourse then takes these policies and evaluates them across all enterprise cloud usage, current and historical. That allows enterprises to understand their risk and compliance posture today and at any point in history in a manner that is provable and auditable.
Most vendors offering cloud governance tools look at the world quite differently. They scan a particular technology stack and opine on its configuration, based on a set of opinions of what a “good” configuration is. While this is important, it is far from sufficient. Concourse provides this functionality too but sets itself apart by looking at the bigger picture — the enterprise, its structure, and its needs — first.
As cloud adoption moves towards ubiquity, the consequences of inadequate governance grow and grow. And as CSPM is adopted mainstream in the two to five-year timeframe projected by Gartner, enterprises will want a solution from a provider who has pioneered this space from the beginning.
To get customers started down the path of successful cloud adoption, the experts at Concourse Labs have created a framework that enables enterprises to observe and manage their risk. By implementing these six steps, companies can achieve effective governance in the cloud.
For more information, contact us.