Environment settings typically refer to configurations and parameters that are specific to the environment in which the CSPM tool is deployed. This allows you to customize the CSPM tool to fit the specific requirements and characteristics of your cloud environment. Every organization’s cloud setup is unique, and these settings enable you to adapt the tool to your infrastructure, compliance standards, and security policies. Also, every CSPM tool is different, and hence no one explanation fits for every tool.
Note
There are dozens of CSPM tools on the market; for example, Prisma Cloud by Palo Alto Networks, Wiz, Orca, Microsoft Defender for Cloud, Amazon Web Services (AWS) Security Hub, Google Cloud Security Command Center, and Dome9, to name a few. Some of them are discussed in Chapter 3 at a very high level. Every tool comes with a distinct set of integration features and different ways of communicating with cloud environments and other tools. Some of the most critical aspects associated with setting up or fine-tuning CSPM tools are discussed in a generic manner without going into many details about a particular CSPM tool, deliberately.
Let us explore the various aspects of environment settings:
- Cloud provider-specific settings: These settings are specific to the cloud provider you are using, and they configure how the CSPM tool interacts with and retrieves information from your cloud environment. For example, to connect to your AWS environment, you would need to configure the CSPM tool with AWS access keys or identity and access management (IAM) roles.
- Compliance standards: CSPM tools often allow you to specify the compliance standards or frameworks that your organization needs to adhere to, such as the Center for Internet Security (CIS) benchmarks, the National Institute of Standards and Technology (NIST), the Health Insurance Portability and Accountability Act (HIPAA), or the General Data Protection Regulation (GDPR). For example, you can set your CSPM tool to check for the CIS AWS Foundations Benchmark or Payment Card Industry Data Security Standard (PCI DSS) compliance and configure the desired compliance level.
- Notification and alerting settings: You can configure how the CSPM tool notifies you about security issues or policy violations. This includes email notifications, integrations with incident management (IM) tools, or other alerting mechanisms. For example, you can specify which email addresses or IM systems should receive notifications when a security issue is detected.
- Scanning schedule: You can define/customize how often the CSPM tool should scan your cloud environment for security issues. This involves setting up regular scans, immediate scans after specific events, or custom schedules based on your organization’s requirements; for example, daily scans during off-peak hours or real-time scans triggered by specific cloud events.
- Policy definitions: You can define and customize security policies or rules that the CSPM tool should enforce in your environment. These policies cover aspects such as proper data encryption, access control, network configurations, and more. For example, you can create custom policies to ensure that your resources are configured in alignment with your organization’s specific security requirements.
- Remediation actions: CSPM tools often include automated remediation capabilities, allowing you to specify actions to be taken automatically when a security violation is detected. For example, the tool might automatically close a security group rule that is deemed too permissive or set up automated actions, such as closing unused security groups or rotating access keys, when violations are found.
Environment settings in a CSPM tool allow you to tailor the tool’s behavior to your specific cloud environment and security needs, ensuring that it effectively monitors, reports, and helps remediate security issues in your cloud infrastructure. Let us now explore those key aspects one by one, starting with user access management (UAM).