Along with multi-cloud complexity, the cybersecurity skills gap faced by agencies and their private sector counterparts is also widening. These sectors need an additional 225,000 cybersecurity workers to fill this gap, according to data from the market analysis tool CyberSeek.
As a result, many agencies lack the staff needed to manage their increasing multi-cloud security responsibilities, paving the way for CSPM tools.
The primary threats that CSPM combats
Misconfigurations are an inherent part of working in the cloud, and attackers have become very adept at exploiting them. The reasons are many. Among them: stealing personally identifiable information, exporting confidential information, or accessing computing resources to support illicit cryptocurrency mining operations.
The feats themselves tend to fall into two categories.
“Identity-based attacks are widespread,” says Balabhadarapatruni. “Attackers exploit weak authentication policies and stolen user credentials to gain a foothold within the cloud and then escalate privileges to steal data or hold it for ransom.”
Learn more: Ransomware attacks require enhanced information sharing.
Another major threat is exploitation of unpatched vulnerabilities in application code. Nearly two-thirds of code used in production contains unpatched vulnerabilities, according to Palo Alto Networks' recent Unit42 cloud threat report.
“Cloud storage buckets that are inadvertently left publicly available are another common vulnerability,” says Wallace. “We are also seeing attackers trying to scavenge misconfigured cloud security, where some ports have been left open, allowing attackers to access an organization's cloud assets.”
CSPM helps agencies comply with FedRAMP
Federal risk management and authorizations software plays a major role in the agency's cloud operations, helping to maintain the confidentiality, integrity and availability of information and systems in the cloud. CSPM tools are uniquely suited to meet an agency's FedRAMP compliance needs.
“AWS Security Hub gives you a longitudinal overview of your assets, allows you to set up guardrails from top to bottom and provides flexibility to development teams when needed,” says Wallace. “CSPM is great for driving best practices to development teams working in the cloud, allowing them to work quickly but securely.”
Discover: Adherence to civil and defense security frameworks is difficult but not impossible.
The ability to monitor security compliance across multiple cloud resources and then collect all that data into one feed for your cloud security team to act on is part of what makes CSPM so valuable. In its 2024 State of Cloud Native Security report, Palo Alto Networks found that 91% of organizations blame the growing number of point tools for creating blind spots.
“Noisy alerts from multiple sources make it difficult to detect real threats, turning cloud security into a data analysis challenge,” says Balabhadrapatruni. “With data scattered across platforms and tools offering only narrow views, security teams struggle to identify the most critical risks protecting their applications.”
He adds that Prisma Cloud connects the critical dots of application risks, security signals and runtime threats across the entire application lifecycle to provide actionable context, with more than 1,500 pre-built cloud security policies running in the background to prevent misconfiguration and drift.
Automation and artificial intelligence support CSPM
Another aspect of growing cloud complexity is increased activity across all agency clouds. These assets and resources, all of which provide a constant stream of log data and alerts, still need to be monitored, which AI can help with.
“Shortage of talent, skills, and all these conditions create the need for AI to counter attacks, including the growing number of AI-based attacks,” says Balabhadarapatruni. “Prisma Cloud Copilot helps understaffed security teams by using simple natural language queries to quickly find, understand, and stop threats before they escalate.”
Explore: What is AI capable infrastructure? What do agencies need to know?
The beauty of a CSPM tool is that it is able to ingest and understand this stream of data, prioritize and give context to the security team, which can then triage and prioritize which threats require immediate remediation and which can wait.
“At the compliance level, AWS Security Hub provides a security score, and customers can then direct systems-level action to fix issues,” says Wallace. “They can choose direct remediation, where the security team communicates remediation steps directly to individual teams, or they can use automation rules, for example, and integrate a CSPM tool with a ticket system that automates the remediation process.”
To meet the needs of short-staffed security teams, many CSPMs are also using AI to provide simple, clear guidance on required remediation steps.
“The tedious task of reviewing documentation, navigating multiple dashboards, and writing complex queries to find and fix a security issue can be completely automated with Prisma Cloud Copilot,” says Balabhadrapatruni. “Using generative AI assistants like Copilot, security teams can save time, automate routine tasks, and in some cases, overcome challenges related to talent shortages when it comes to cloud security.”
