Cloud adoption is accelerating worldwide. Enterprises require adaptable policies that can rapidly scale to satisfy ever-changing business requirements and security threats.

First-generation Cloud Security Posture Management (CSPM) tools focus on providing businesses with policies for every possible vulnerability. CSPM tools scan for violations which result in hundreds and sometimes thousands of alerts that need to be investigated, sorted, prioritized and potentially remediated. The time it takes to sort through all of this with these first-generation tools results in enterprises being exposed to a potential very high level of risk. And because these tools tend to only work well in a single-cloud environment, you have an even bigger mess to sort through if you live within a multi-cloud environment.

According to Gartner, a Continuous Adaptive Risk and Trust Assessment-enabled (CARTA) CSPM employs a new form of policy creation and a new context for policy execution that can reduce the risk of cloud security incidents due to misconfigurations by up to 80%1. How? It leverages efficiency.

CARTA-enabled CSPMs go beyond cloud configuration checks. They empower cloud security architects (CSA) to customize policies to meet the evolving needs of their multi-cloud infrastructure. This allows the CSA to configure Zero Tolerance policies with near zero false positives.

Put another way, your cloud-focused enterprise needs a way to map security requirements to whatever application or configuration you need. And they need to be able to do this every time they have to change the requirement. This is possible when CARTA-enabled CSPMs leverage innovative technology as the engine for adapting and mapping policies to controls specific to an application. This technology is often called policy-as-code, and it works because it allows CSAs to tailor policies based on cloud-provider native tags across security environments.

The inherent benefits of adaptable, bespoke CARTA policies are undeniable. In this cloud-first era, we need a new approach to security. Leveraging CARTA policies and innovative technology, like policy-as-code, is the groundwork for building cloud governance within your enterprise. The other essential piece to this puzzle is building a business-first cloud security strategy. We can save that for another day.

Want to learn more? Read more about Cloud Risk Management here.

  1. Gartner, Innovation Insight for Cloud Security Posture Management, 25 January 2019