“Perfection is achieved not when there is nothing more to add, but when there is nothing left to take away.”
When talking about security posture of the entire organization’s infrastructures, we must start with the all-too-human endless will to knowledge.
It represents the motivation that gives vendors the justification to create more tools, interfaces, menus, and widgets. It is just for the sake of giving security administrators enough information to understand their current security posture. But why stop there? What about deciding which action you should take and which type of security controls you should fine-tune? We are chasing that reassuring confidence that once we have all the data, we will understand our perimeter-less organization.
The most urgent problem in cloud security
Since the early days back when it was called Cloud Infrastructure Security Posture Assessment, CSPM as a solution referred to the most urgent problem in cloud security: misconfigurations. It was Gartner who predicted that by 2020, 95% of security breaches in the cloud will be caused by misconfigurations. And so, it started a race to create the most comprehensive tool to answer to the growing need to work securely in the cloud. A need that echoed much more due to the digital transformation trend that became, well, more than just a trend. The first and foremost purpose was to create visibility to the complex cloud infrastructure and identify potential misconfigurations. As CSPM tools evolved, so did the functionality they offered. This includes risk assessments and prioritization, remediation recommendations based on best practices, and automatic compliance tools. Everything to help organizations align with the most common security frameworks and standards.
Allegedly, our story ends here. But the more comprehensive and complete the standard for CSPM solution got, the more complex it became. Spice it up with different tools from different vendors, and you get a biting-off-more-than-you-can-chew experience. Visibility into the cloud became murkier from the different views that were supposed to improve visibility of the cloud infrastructure.
A perfectly simplified approach in that manner, in the sense of Saint Exupery’s famous quote: “Perfection is achieved when there’s nothing left to take away” doesn’t mean that creating stripped-down security solutions is the key to a simplified user experience. It means extensive research to understand how to obtain a simplified security management experience and what it means in the eyes of the people who should use these tools.
A simplified security management experience
Discovering what simplicity means to security administrators or cloud architects is the first step in achieving this goal. Not only from a UX perspective or functionality but rather to ignore the tendency to show everything in one dashboard. You can’t expect the administrator to winnow out the data that really matters by themselves. Security teams nowadays expect vendors to create autonomous solutions, providing dashboards that already cull the irrelevant information and highlight the relevant alerts or insights using a risk-based approach with action-oriented menus.
The second step is acknowledging the challenging truth that simplicity does not necessarily mean a small set of features. In the age of artificial intelligence, the ability to create a simplified security solution that augments security teams’ ability to respond to cyberthreats, relies on incorporating machine learning capabilities to automate repetitive, tedious security tasks. This means having the machines take care of analyzing the data coming from different sources, predict where the attacker will hit next, and provide an option to orchestrate the response while letting the human mind focus on tasks that require discretion.