Function of cloud security posture management

The main objective for a cloud security team working on posture management is to continuously report on and improve the security posture of the organization by focusing on disrupting a potential attacker's return on investment (ROI).

Modernization

Posture management is a set of new functions that realize many previously imagined or attempted ideas that were difficult, impossible, or extremely manual before the advent of the cloud. Some of elements of posture management can be traced to zero trust, deperimeterization, continuous monitoring, and manual scoring of risk by expert consultancies.

Posture management introduces a structured approach to modernization, using the following:

  • Zero trust-based access control: That considers active threat level during access control decisions.
  • Real-time risk scoring: To provide visibility into top risks.
  • Threat and vulnerability management (TVM) to establish a holistic view of the organizations attack surface and risk and integrate it into operations and engineering decision making.
  • Discover sharing risks: To understand the data exposure of enterprise intellectual property on both sanctioned and unsanctioned cloud services.
  • Cloud security posture management to take advantage of cloud instrumentation to monitor and prioritize security improvements.
  • Technical policy: Apply guardrails to audit and enforce the organizations standards and policies to technical systems. For more information, see Azure Policy and Azure Blueprints.
  • Threat modeling systems and architectures, as well as specific applications.

Emerging discipline: Security posture management will disrupt many norms of the security organization in a healthy way with these new capabilities and may shift responsibilities among roles or create new roles.

Team composition and key relationships

Security posture management is an evolving function, so it might be a dedicated team, or it might be provided by other teams.

Security posture management should work closely with the following teams:

  • Threat intelligence team
  • Information technology
  • Compliance and risk management teams
  • Business leaders and SMEs
  • Security architecture and operations
  • Audit team

Next steps

Review the function of cloud security incident preparation.