Function of cloud security posture management
The main objective for a cloud security team working on posture management is to continuously report on and improve the security posture of the organization by focusing on disrupting a potential attacker's return on investment (ROI).
Modernization
Posture management is a set of new functions that realize many previously imagined or attempted ideas that were difficult, impossible, or extremely manual before the advent of the cloud. Some of elements of posture management can be traced to zero trust, deperimeterization, continuous monitoring, and manual scoring of risk by expert consultancies.
Posture management introduces a structured approach to modernization, using the following:
Zero Trust-based access control that considers the active threat level during access control decisions.
Real-time risk scoring to provide visibility into top risks.
Threat and vulnerability management (TVM) to establish a holistic view of the organizations attack surface and risk and integrate it into operations and engineering decision making.
Sharing risks to understand the data exposure of enterprise intellectual property on both sanctioned and unsanctioned cloud services.
Cloud security posture management to take advantage of cloud instrumentation to monitor and prioritize security improvements.
Technical policy to apply guardrails to audit and enforce the organization's standards and policies for technical systems. For more information, see Azure Policy.
Threat modeling systems and architectures, as well as specific applications.
Security posture management disrupts many norms of the security organization in a healthy way by using these new capabilities. This process might shift responsibilities among roles or create new roles.
Team composition and key relationships
Security posture management is an evolving function, so it might be a dedicated team, or it might be provided by other teams.
Security posture management should work closely with the following teams:
- Threat intelligence team
- Information technology
- Compliance and risk management teams
- Business leaders and SMEs
- Security architecture and operations
- Audit team
Next step
Review the function of cloud security incident preparation.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for