The new capabilities will allow organizations to create custom policies for AWS, Google Cloud, and Azure to secure their cloud infrastructure. Credit: iStock Lacework on Wednesday released new cloud security posture management (CSPM) capabilities, designed to help organizations create custom policies for AWS, Google Cloud, and Azure to secure their cloud infrastructure. The new CSPM solution offers three key enhancements. First, it allows organizations to customize policies and ensure configurations align with an organization’s specific needs. Second, it helps organizations build custom cross-account reports to measure hygiene. Finally, the new CSPM will now be compliant with the latest CIS benchmarks, industry standards, and other additional controls written by the Lacework Labs team. Addressing misconfigurations in cloudMisconfigured clouds cost organizations an average of $4.14 million annually, according to IBM Cost of a Data Breach report 2022. Between March 2021 and March 2022, cloud misconfiguration was among the largest common initial vectors, responsible for 15% of breaches. The average time to identify and contain a breach due to misconfiguration was 244 days, according to the report. Misconfiguration in the cloud occurs due to a constantly changing set of interconnected services. A lot of organizations are still in the early stages of building out their cloud environments. This lack of expertise, along with the fact that applications span across multiple cloud service providers, can lead to clouds interacting in unpredictable ways, thereby making them challenging to configure safely, Lacework said in a press note. Misconfigurations can also occur when organizations intertwine different cloud-native technologies such as containers, Kubernetes, or serverless functions. “For example, if you make a seemingly small, isolated change to one resource without knowing that it’s connected to another internet-accessible resource, you might expose your data to the public internet,” Lacework said. Custom policy creation uses LQLThe custom policy creation in the new CSPM is done using Lacework query language (LQL), which allows enterprises to validate the compliance of cloud resources against their own internal checks. “For example, you want to create a policy for when a storage bucket or database is publicly accessible. First, define the conditions and allowed behavior. Using LQL, you can query, set status alerts for specific cloud configurations, and receive an alert on a per-resource basis each time a resource fails against a particular policy. The alert will indicate which discrete cloud resource is non-compliant with a specific custom policy,” the company said. Organizations could choose to be notified when a configuration scan detects a user-defined resource configuration policy violation that could undermine or diminish the risk posture. Generating cross-account reportsAnother new capability within the new CSPM allows organizations to generate cross-account reports. These reports can reduce the hassle of manual evidence gathering by automatically compiling findings for multiple purposes and audiences, lacework said. “They can also help organizations scale by automatically generating custom reports for the checks that are most important to your organization.” Other than the custom policies, Lacework features pre-built policies that customers can use to maintain cloud security posture. Lacework said it has updated its policies and reports with the latest benchmarks such as CIS 1.4 for AWS, CIS 1.5 for Azure, and CIS 1.3 for Google Cloud. “In addition, based on our expertise helping AWS customers secure their cloud, we provide over 100 additional policy checks that lend stricter controls for S3, IAM, and VPC policies, including resources on AWS GovCloud,” the company said. Related content news Amazon’s AWS Control Tower aims to help secure your data’s borders As digital compliance tasks and data sovereignty rules get ever more complicated, Amazon wants automation to help. By Jon Gold Nov 28, 2023 3 mins Regulation Cloud Security news North Korean hackers mix code from proven malware campaigns to avoid detection Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack. By Shweta Sharma Nov 28, 2023 3 mins Malware feature How a digital design firm navigated its SOC 2 audit L+R's pursuit of SOC 2 certification was complicated by hardware inadequacies and its early adoption of AI, but a successful audit has provided security and business benefits. By Alex Levin Nov 28, 2023 11 mins Certifications Compliance news GE investigates alleged data breach into confidential projects: Report General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker. By Shweta Sharma Nov 27, 2023 3 mins Data Breach Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe